From 08fbfade2a7af84899727ee81b4597a231787b99 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@citynetwork.eu>
Date: Thu, 18 Mar 2021 20:44:34 +0200
Subject: [PATCH] [goal] Deprecate the JSON formatted policy file

As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.

config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.

We make a separate task not to restart service when it's not needed.

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: I8c89b6d193f221faad4db9e1d0b0152f262b823b
---
 defaults/main.yml                             |  1 +
 handlers/main.yml                             |  9 ++++++
 ...masakari_policy_json-979fc92a3fc8ceb3.yaml |  7 +++++
 tasks/masakari_post_install.yml               | 29 +++++++++++++++----
 templates/policy.json.j2                      | 10 -------
 5 files changed, 41 insertions(+), 15 deletions(-)
 create mode 100644 releasenotes/notes/deprecate_masakari_policy_json-979fc92a3fc8ceb3.yaml
 delete mode 100644 templates/policy.json.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index 92a9c50..c461308 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -88,6 +88,7 @@ masakari_monitor_pip_packages:
 masakari_api_paste_ini_overrides: {}
 masakari_masakari_conf_overrides: {}
 masakari_policy_json_overrides: {}
+masakari_policy_overrides: "{{ masakari_policy_json_overrides }}"
 masakari_api_init_overrides: {}
 masakari_engine_init_overrides: {}
 masakari_monitors_conf_overrides: {}
diff --git a/handlers/main.yml b/handlers/main.yml
index 31f5234..9d5fddb 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -23,6 +23,15 @@
   listen:
     - "venv changed"
 
+# NOTE (noonedeadpunk): Remove this task after Xena release
+- name: Remove obsoleted policy.json
+  file:
+    path: "{{ masakari_etc_dir }}/policy.json"
+    state: absent
+  listen:
+    - "Restart masakari services"
+    - "venv changed"
+
 - meta: noop
   listen: Manage LB
   when: false
diff --git a/releasenotes/notes/deprecate_masakari_policy_json-979fc92a3fc8ceb3.yaml b/releasenotes/notes/deprecate_masakari_policy_json-979fc92a3fc8ceb3.yaml
new file mode 100644
index 0000000..d8076dc
--- /dev/null
+++ b/releasenotes/notes/deprecate_masakari_policy_json-979fc92a3fc8ceb3.yaml
@@ -0,0 +1,7 @@
+---
+deprecations:
+  - |
+    Variable ``masakari_policy_json_overrides`` has been deprecated in favor of the
+    ``masakari_policy_overrides`` and will be removed after X release.
+    As for now ``masakari_policy_overrides`` defaults to
+    ``masakari_policy_json_overrides`` for compatability.
diff --git a/tasks/masakari_post_install.yml b/tasks/masakari_post_install.yml
index 2e9b523..392a762 100644
--- a/tasks/masakari_post_install.yml
+++ b/tasks/masakari_post_install.yml
@@ -34,11 +34,6 @@
       config_overrides: "{{ masakari_masakari_conf_overrides }}"
       config_type: "ini"
       condition: "{{ masakari_services['masakari-api']['group'] in group_names or masakari_services['masakari-engine']['group'] in group_names }}"
-    - src: "policy.json.j2"
-      dest: "{{ masakari_etc_dir }}/policy.json"
-      config_overrides: "{{ masakari_policy_json_overrides }}"
-      config_type: "json"
-      condition: "{{ masakari_services['masakari-api']['group'] in group_names or masakari_services['masakari-engine']['group'] in group_names }}"
     - src: "masakarimonitors.conf.j2"
       dest: "{{ masakari_monitor_etc_dir }}/masakarimonitors.conf"
       config_overrides: "{{ masakari_monitors_conf_overrides }}"
@@ -52,6 +47,30 @@
   notify:
     - Restart masakari services
 
+- name: Implement policy.yaml
+  config_template:
+    content: "{{ masakari_policy_overrides }}"
+    dest: "{{ masakari_etc_dir }}/policy.yaml"
+    owner: "root"
+    group: "{{ masakari_system_group_name }}"
+    mode: "0640"
+    config_type: yaml
+  when:
+    - masakari_policy_overrides | length > 0
+    - masakari_services['masakari-api']['group'] in group_names or masakari_services['masakari-engine']['group'] in group_names
+  tags:
+    - masakari-policy-override
+
+- name: Remove legacy policy.yaml file
+  file:
+    path: "{{ masakari_etc_dir }}/policy.yaml"
+    state: absent
+  when:
+    - masakari_policy_overrides | length == 0
+    - masakari_services['masakari-api']['group'] in group_names or masakari_services['masakari-engine']['group'] in group_names
+  tags:
+    - masakari-policy-override
+
 - name: Deploy masakari-monitors sudoers files
   template:
     src: "masakari_sudoers.j2"
diff --git a/templates/policy.json.j2 b/templates/policy.json.j2
deleted file mode 100644
index 3ee6437..0000000
--- a/templates/policy.json.j2
+++ /dev/null
@@ -1,10 +0,0 @@
-{
-    "admin_api": "is_admin:True",
-    "context_is_admin":  "role:admin",
-    "admin_or_owner":  "is_admin:True or project_id:%(project_id)s",
-    "default": "rule:admin_api",
-    "os_masakari_api:extensions": "rule:admin_api",
-    "os_masakari_api:segments": "rule:admin_api",
-    "os_masakari_api:os-hosts": "rule:admin_api",
-    "os_masakari_api:notifications": "rule:admin_api"
-}