[goal] Deprecate the JSON formatted policy file

As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to do two things:

1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.

2. Deprecate the JSON formatted policy file on the project side
via warning in doc and releasenotes.

Also replace policy.json to policy.yaml ref from doc and tests.

[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: I790409da69df8479ad2fe152b15c32ba45067c23
This commit is contained in:
Ghanshyam Mann 2020-12-24 20:28:51 -06:00 committed by Lingxian Kong
parent 3301e2e42c
commit bcb8992f99
8 changed files with 54 additions and 16 deletions

View File

@ -26,7 +26,7 @@ TROVE_API_PASTE_INI=${TROVE_API_PASTE_INI:-${TROVE_CONF_DIR}/api-paste.ini}
TROVE_LOCAL_CONF_DIR=${TROVE_LOCAL_CONF_DIR:-${TROVE_DIR}/etc/trove} TROVE_LOCAL_CONF_DIR=${TROVE_LOCAL_CONF_DIR:-${TROVE_DIR}/etc/trove}
TROVE_LOCAL_API_PASTE_INI=${TROVE_LOCAL_API_PASTE_INI:-${TROVE_LOCAL_CONF_DIR}/api-paste.ini} TROVE_LOCAL_API_PASTE_INI=${TROVE_LOCAL_API_PASTE_INI:-${TROVE_LOCAL_CONF_DIR}/api-paste.ini}
TROVE_LOCAL_POLICY_JSON=${TROVE_LOCAL_POLICY_JSON:-${TROVE_LOCAL_CONF_DIR}/policy.json} TROVE_LOCAL_POLICY_JSON=${TROVE_LOCAL_POLICY_JSON:-${TROVE_LOCAL_CONF_DIR}/policy.yaml}
TROVE_IMAGE_OS=${TROVE_IMAGE_OS:-"ubuntu"} TROVE_IMAGE_OS=${TROVE_IMAGE_OS:-"ubuntu"}
TROVE_IMAGE_OS_RELEASE=${TROVE_IMAGE_OS_RELEASE:-"bionic"} TROVE_IMAGE_OS_RELEASE=${TROVE_IMAGE_OS_RELEASE:-"bionic"}

View File

@ -257,11 +257,19 @@ database group
``mysql+pymysql://root:password@127.0.0.1/trove?charset=utf8`` ``mysql+pymysql://root:password@127.0.0.1/trove?charset=utf8``
The cloud administrator also needs to provide a policy file The cloud administrator also needs to provide a policy file
``/etc/trove/policy.json`` if the default API access policies don't satisfy the ``/etc/trove/policy.yaml`` if the default API access policies don't satisfy the
requirement. To generate a sample policy file with all the default policies, requirement. To generate a sample policy file with all the default policies,
run ``tox -egenpolicy`` in the repo folder and the new file will be located in run ``tox -egenpolicy`` in the repo folder and the new file will be located in
``etc/trove/policy.yaml.sample``. ``etc/trove/policy.yaml.sample``.
.. warning::
JSON formatted policy file is deprecated since Trove 15.0.0 (Wallaby).
This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing
JSON-formatted policy file to YAML in a backward-compatible way.
.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
Initialize Trove Database Initialize Trove Database
~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~

View File

@ -12,7 +12,7 @@ Use customized policy file
As Trove uses policy in code now, it's not necessary to add a policy file for As Trove uses policy in code now, it's not necessary to add a policy file for
Trove components to run. But when a customized policy is needed, Trove will Trove components to run. But when a customized policy is needed, Trove will
take ``/etc/trove/policy.json`` by default. The location of the policy file take ``/etc/trove/policy.yaml`` by default. The location of the policy file
can also be overridden by adding following lines in Trove config file: can also be overridden by adding following lines in Trove config file:
[oslo_policy] [oslo_policy]

View File

@ -73,18 +73,18 @@ os-service-types==1.2.0
osc-lib==1.10.0 osc-lib==1.10.0
oslo.cache==1.29.0 oslo.cache==1.29.0
oslo.concurrency==3.26.0 oslo.concurrency==3.26.0
oslo.config==5.2.0 oslo.config==6.8.0
oslo.context==2.19.2 oslo.context==2.22.0
oslo.db==4.27.0 oslo.db==4.27.0
oslo.i18n==3.15.3 oslo.i18n==3.15.3
oslo.log==3.36.0 oslo.log==3.36.0
oslo.messaging==5.29.0 oslo.messaging==5.29.0
oslo.middleware==3.31.0 oslo.middleware==3.31.0
oslo.policy==1.30.0 oslo.policy==3.6.0
oslo.serialization==2.18.0 oslo.serialization==2.18.0
oslo.service==1.24.0 oslo.service==1.24.0
oslo.upgradecheck==0.1.0 oslo.upgradecheck==1.3.0
oslo.utils==3.33.0 oslo.utils==3.40.0
oslotest==3.2.0 oslotest==3.2.0
osprofiler==1.4.0 osprofiler==1.4.0
packaging==17.1 packaging==17.1
@ -124,14 +124,14 @@ python-subunit==1.2.0
python-swiftclient==3.2.0 python-swiftclient==3.2.0
python-troveclient==2.2.0 python-troveclient==2.2.0
pytz==2018.3 pytz==2018.3
PyYAML==3.12 PyYAML==5.1
redis==2.10.0 redis==2.10.0
reno==3.1.0 reno==3.1.0
repoze.lru==0.7 repoze.lru==0.7
requests==2.18.4 requests==2.20.0
requestsexceptions==1.4.0 requestsexceptions==1.4.0
restructuredtext-lint==1.1.3 restructuredtext-lint==1.1.3
rfc3986==1.1.0 rfc3986==1.2.0
Routes==2.3.1 Routes==2.3.1
semantic-version==2.7.0 semantic-version==2.7.0
simplejson==3.13.2 simplejson==3.13.2

View File

@ -0,0 +1,20 @@
---
upgrade:
- |
The default value of ``[oslo_policy] policy_file`` config option has
been changed from ``policy.json`` to ``policy.yaml``.
Operators who are utilizing customized or previously generated
static policy JSON files (which are not needed by default), should
generate new policy files or convert them in YAML format. Use the
`oslopolicy-convert-json-to-yaml
<https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html>`_
tool to convert a JSON to YAML formatted policy file in
backward compatible way.
deprecations:
- |
Use of JSON policy files was deprecated by the ``oslo.policy`` library
during the Victoria development cycle. As a result, this deprecation is
being noted in the Wallaby cycle with an anticipated future removal of support
by ``oslo.policy``. As such operators will need to convert to YAML policy
files. Please see the upgrade notes for details on migration of any
custom policy files.

View File

@ -27,14 +27,14 @@ iso8601>=0.1.11 # MIT
jsonschema>=3.2.0 # MIT jsonschema>=3.2.0 # MIT
Jinja2>=2.10 # BSD License (3 clause) Jinja2>=2.10 # BSD License (3 clause)
pexpect!=3.3,>=3.1 # ISC License pexpect!=3.3,>=3.1 # ISC License
oslo.config>=5.2.0 # Apache-2.0 oslo.config>=6.8.0 # Apache-2.0
oslo.context>=2.19.2 # Apache-2.0 oslo.context>=2.22.0 # Apache-2.0
oslo.i18n>=3.15.3 # Apache-2.0 oslo.i18n>=3.15.3 # Apache-2.0
oslo.middleware>=3.31.0 # Apache-2.0 oslo.middleware>=3.31.0 # Apache-2.0
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0 oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
oslo.service!=1.28.1,>=1.24.0 # Apache-2.0 oslo.service!=1.28.1,>=1.24.0 # Apache-2.0
oslo.upgradecheck>=0.1.0 # Apache-2.0 oslo.upgradecheck>=1.3.0 # Apache-2.0
oslo.utils>=3.33.0 # Apache-2.0 oslo.utils>=3.40.0 # Apache-2.0
oslo.concurrency>=3.26.0 # Apache-2.0 oslo.concurrency>=3.26.0 # Apache-2.0
PyMySQL>=0.7.6 # MIT License PyMySQL>=0.7.6 # MIT License
stevedore>=1.20.0 # Apache-2.0 stevedore>=1.20.0 # Apache-2.0
@ -44,7 +44,7 @@ oslo.log>=3.36.0 # Apache-2.0
oslo.db>=4.27.0 # Apache-2.0 oslo.db>=4.27.0 # Apache-2.0
xmltodict>=0.10.1 # MIT xmltodict>=0.10.1 # MIT
cryptography>=2.1.4 # BSD/Apache-2.0 cryptography>=2.1.4 # BSD/Apache-2.0
oslo.policy>=1.30.0 # Apache-2.0 oslo.policy>=3.6.0 # Apache-2.0
diskimage-builder!=1.6.0,!=1.7.0,!=1.7.1,>=1.1.2 # Apache-2.0 diskimage-builder!=1.6.0,!=1.7.0,!=1.7.1,>=1.1.2 # Apache-2.0
docker>=4.2.0 # Apache-2.0 docker>=4.2.0 # Apache-2.0
psycopg2-binary>=2.6.2 # LGPL/ZPL psycopg2-binary>=2.6.2 # LGPL/ZPL

View File

@ -15,6 +15,7 @@
import sys import sys
from oslo_config import cfg from oslo_config import cfg
from oslo_upgradecheck import common_checks
from oslo_upgradecheck import upgradecheck from oslo_upgradecheck import upgradecheck
from trove.common.i18n import _ from trove.common.i18n import _
@ -62,6 +63,8 @@ class Checks(upgradecheck.UpgradeCommands):
_upgrade_checks = ( _upgrade_checks = (
(_("instances_with_running_tasks"), (_("instances_with_running_tasks"),
_check_instances_with_running_tasks), _check_instances_with_running_tasks),
(_('policy File JSON to YAML Migration'),
(common_checks.check_policy_json, {'conf': cfg.CONF})),
) )

View File

@ -15,6 +15,7 @@
from oslo_config import cfg from oslo_config import cfg
from oslo_policy import opts
from oslo_policy import policy from oslo_policy import policy
from trove.common import exception as trove_exceptions from trove.common import exception as trove_exceptions
@ -23,6 +24,12 @@ from trove.common import policies
CONF = cfg.CONF CONF = cfg.CONF
_ENFORCER = None _ENFORCER = None
# TODO(gmann): Remove setting the default value of config policy_file
# once oslo_policy change the default value to 'policy.yaml'.
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
DEFAULT_POLICY_FILE = 'policy.yaml'
opts.set_defaults(CONF, DEFAULT_POLICY_FILE)
def get_enforcer(): def get_enforcer():
global _ENFORCER global _ENFORCER