Merge "[goal] Deprecate the JSON formatted policy file"

2021-05-17 11:10:59 +00:00 · 2021-05-17 11:10:59 +00:00 · 053b147b48
parent 4b03b9cdb7 6da394a59a
commit 053b147b48
6 changed files with 56 additions and 3 deletions
--- a/doc/source/configuration/sample_policy.rst
+++ b/doc/source/configuration/sample_policy.rst
@ -2,6 +2,15 @@
 Panko Sample Policy
 ===================

+.. warning::
+
+   JSON formatted policy file is deprecated since Panko 10.0.0 (Wallaby).
+   This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing
+   JSON-formatted policy file to YAML in a backward-compatible way.
+
+.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
+
+
 The following is a sample panko policy file that has been auto-generated
 from default policy values in code. If you're using the default policies, then
 the maintenance of this file is not necessary, and it should not be copied into
--- a/panko/api/rbac.py
+++ b/panko/api/rbac.py
@ -16,6 +16,8 @@

 """Access Control Lists (ACL's) control access the API server."""

+from oslo_config import cfg
+from oslo_policy import opts
 from oslo_policy import policy
 import pecan

@ -23,6 +25,12 @@ from panko import policies

 _ENFORCER = None

+# TODO(gmann): Remove setting the default value of config policy_file
+# once oslo_policy change the default value to 'policy.yaml'.
+# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
+DEFAULT_POLICY_FILE = 'policy.yaml'
+opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE)
+

 def init():
    global _ENFORCER
--- a/panko/conf/defaults.py
+++ b/panko/conf/defaults.py
@ -12,7 +12,23 @@
 # License for the specific language governing permissions and limitations
 # under the License.

+from oslo_config import cfg
 from oslo_middleware import cors
+from oslo_policy import opts as policy_opts
+
+
+def set_lib_defaults():
+    """Update default value for configuration options from other namespace.
+
+    Example, oslo lib config options. This is needed for
+    config generator tool to pick these default value changes.
+    https://docs.openstack.org/oslo.config/latest/cli/
+    generator.html#modifying-defaults-from-other-namespaces
+    """
+    set_cors_middleware_defaults()
+
+    # Update default value of oslo.policy policy_file config option.
+    policy_opts.set_defaults(cfg.CONF, 'policy.yaml')


 def set_cors_middleware_defaults():
--- a/releasenotes/notes/deprecate-json-formatted-policy-file-fdb75327a9bdb5b4.yaml
+++ b/releasenotes/notes/deprecate-json-formatted-policy-file-fdb75327a9bdb5b4.yaml
@ -0,0 +1,20 @@
+---
+upgrade:
+  - |
+    The default value of ``[oslo_policy] policy_file`` config option has
+    been changed from ``policy.json`` to ``policy.yaml``.
+    Operators who are utilizing customized or previously generated
+    static policy JSON files (which are not needed by default), should
+    generate new policy files or convert them in YAML format. Use the
+    `oslopolicy-convert-json-to-yaml
+    <https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html>`_
+    tool to convert a JSON to YAML formatted policy file in
+    backward compatible way.
+deprecations:
+  - |
+    Use of JSON policy files was deprecated by the ``oslo.policy`` library
+    during the Victoria development cycle. As a result, this deprecation is
+    being noted in the Wallaby cycle with an anticipated future removal of support
+    by ``oslo.policy``. As such operators will need to convert to YAML policy
+    files. Please see the upgrade notes for details on migration of any
+    custom policy files.
--- a/requirements.txt
+++ b/requirements.txt
@ -7,7 +7,7 @@ tenacity>=3.1.0 # Apache-2.0
 keystonemiddleware>=5.1.0 # Apache-2.0
 lxml>=2.3 # BSD
 oslo.db>=4.1.0 # Apache-2.0
-oslo.config>=3.9.0 # Apache-2.0
+oslo.config>=6.8.0 # Apache-2.0
 oslo.context>=2.22.0 # Apache-2.0
 oslo.i18n>=2.1.0 # Apache-2.0
 oslo.log>=4.3.0 # Apache-2.0
@ -20,7 +20,7 @@ pecan>=1.0.0 # BSD
 oslo.middleware>=3.10.0 # Apache-2.0
 oslo.serialization>=2.25.0 # Apache-2.0
 oslo.utils>=3.5.0 # Apache-2.0
-PyYAML>=3.1.0 # MIT
+PyYAML>=5.1.0 # MIT
 SQLAlchemy!=1.1.5,!=1.1.6,!=1.1.7,!=1.1.8,>=1.0.10 # MIT
 stevedore>=1.9.0 # Apache-2.0
 WebOb>=1.2.3 # MIT
--- a/setup.cfg
+++ b/setup.cfg
@ -53,5 +53,5 @@ oslo.policy.policies =
    panko = panko.policies:list_policies

 oslo.config.opts.defaults =
-    panko = panko.conf.defaults:set_cors_middleware_defaults
+    panko = panko.conf.defaults:set_lib_defaults