[goal] Deprecate the JSON formatted policy file

As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.

config_template has been choosen instead of the copy, since it can
properly handle content that has been lookuped.

We make a separate task not to restart service when it's not needed.

[1] https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: I41ee59a901e54860067edd277fdade394b0b8858

handlers/main.yml

@@ -55,6 +55,16 @@
     - "venv changed"
     - "Restart uWSGI"
 
+# NOTE (noonedeadpunk): Remove this task after Xena release
+- name: Remove obsoleted policy.json file
+  file:
+    path: "/etc/keystone/policy.json"
+    state: absent
+  listen:
+    - "venv changed"
+    - "Restart web server"
+    - "Restart uWSGI"
+
 - name: Start uWSGI
   service:
     name: "{{ item }}"

tasks/keystone_post_install.yml

@@ -49,12 +49,27 @@
     - Restart uWSGI
     - Restart web server
 
-- name: Implement policy.json if there are overrides configured
-  copy:
-    content: "{{ keystone_policy_overrides | to_nice_json }}"
-    dest: "/etc/keystone/policy.json"
+- name: Implement policy.yaml if there are overrides configured
+  config_template:
+    content: "{{ keystone_policy_overrides }}"
+    dest: "/etc/keystone/policy.yaml"
+    owner: "root"
+    group: "{{ keystone_system_group_name }}"
+    mode: "0640"
+    config_type: yaml
   when:
-    - keystone_policy_overrides != {}
+    - keystone_policy_overrides | length > 0
+  tags:
+    - keystone-policy-override
+
+- name: Remove legacy policy.yaml file
+  file:
+    path: "/etc/keystone/policy.yaml"
+    state: absent
+  when:
+    - keystone_policy_overrides | length == 0
+  tags:
+    - keystone-policy-override
 
 # NOTE(cloudnull): This is using "cp" instead of copy with a remote_source
 #                  because we only want to copy the original files once. and we