From c5e59b5e9ef088de940deacac7d936573cb211cd Mon Sep 17 00:00:00 2001 From: Ghanshyam Mann Date: Sun, 29 Nov 2020 00:11:38 -0600 Subject: [PATCH] [goal] Deprecate the JSON formatted policy file As per the community goal of migrating the policy file the format from JSON to YAML[1], we need to do two things: 1. Change the default value of '[oslo_policy] policy_file'' config option from 'policy.json' to 'policy.yaml' with upgrade checks. 2. Deprecate the JSON formatted policy file on the project side via warning in doc and releasenotes. [1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html Change-Id: I8b78c7b640ab18ddfc809cb4603decc739d494d1 --- doc/source/configuration/policy.rst | 8 ++++++++ lower-constraints.txt | 6 +++--- octavia/cmd/status.py | 3 +++ octavia/common/config.py | 17 ++++++++++++++++ octavia/common/policy.py | 8 ++++++++ octavia/tests/unit/cmd/test_status.py | 3 ++- ...ormatted-policy-file-cc3dbf8b07c2638e.yaml | 20 +++++++++++++++++++ requirements.txt | 4 ++-- setup.cfg | 2 ++ 9 files changed, 65 insertions(+), 6 deletions(-) create mode 100644 releasenotes/notes/deprecate-json-formatted-policy-file-cc3dbf8b07c2638e.yaml diff --git a/doc/source/configuration/policy.rst b/doc/source/configuration/policy.rst index 500b97fe5e..78d886429b 100644 --- a/doc/source/configuration/policy.rst +++ b/doc/source/configuration/policy.rst @@ -2,6 +2,14 @@ Octavia Policies ================ +.. warning:: + + JSON formatted policy file is deprecated since Octavia 8.0.0 (Wallaby). + This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing + JSON-formatted policy file to YAML in a backward-compatible way. + +.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html + .. _Keystone Default Roles: https://docs.openstack.org/keystone/latest/admin/service-api-protection.html Octavia Advanced Role Based Access Control (RBAC) diff --git a/lower-constraints.txt b/lower-constraints.txt index 945d6effdc..b3d0f6a219 100644 --- a/lower-constraints.txt +++ b/lower-constraints.txt @@ -90,7 +90,7 @@ oslo.policy==3.6.2 oslo.reports==1.18.0 oslo.serialization==2.28.1 oslo.service==1.30.0 -oslo.upgradecheck==0.1.0 +oslo.upgradecheck==1.3.0 oslo.utils==4.5.0 oslotest==3.2.0 packaging==20.4 @@ -133,7 +133,7 @@ pytz==2018.3 PyYAML==5.1 redis==2.10.0 repoze.lru==0.7 -requests==2.18.4 +requests==2.23.0 requests-mock==1.2.0 requestsexceptions==1.4.0 restructuredtext-lint==1.1.3 @@ -164,7 +164,7 @@ testscenarios==0.4 testtools==2.2.0 traceback2==1.4.0 unittest2==1.1.0 -urllib3==1.22 +urllib3==1.21.1 vine==5.0.0 voluptuous==0.11.1 waitress==1.1.0 diff --git a/octavia/cmd/status.py b/octavia/cmd/status.py index 673dd7e768..f98d51dad4 100644 --- a/octavia/cmd/status.py +++ b/octavia/cmd/status.py @@ -15,6 +15,7 @@ import sys from oslo_config import cfg +from oslo_upgradecheck import common_checks from oslo_upgradecheck import upgradecheck from stevedore import driver as stevedore_driver @@ -113,6 +114,8 @@ class Checks(upgradecheck.UpgradeCommands): _upgrade_checks = ( (_('AmphoraV2 Check'), _check_amphorav2), (_('YAML Policy File'), _check_yaml_policy), + (_('Policy File JSON to YAML Migration'), + (common_checks.check_policy_json, {'conf': CONF})), ) diff --git a/octavia/common/config.py b/octavia/common/config.py index bd3eb4b2e8..df51585c0e 100644 --- a/octavia/common/config.py +++ b/octavia/common/config.py @@ -27,6 +27,7 @@ from oslo_config import cfg from oslo_db import options as db_options from oslo_log import log as logging import oslo_messaging as messaging +from oslo_policy import opts as policy_opts from octavia.certificates.common import local from octavia.common import constants @@ -979,3 +980,19 @@ def setup_remote_debugger(): {'debug-host': debugger_host, 'debug-port': debugger_port}) raise + + +def set_lib_defaults(): + """Update default value for configuration options from other namespace. + + Example, oslo lib config options. This is needed for + config generator tool to pick these default value changes. + https://docs.openstack.org/oslo.config/latest/cli/ + generator.html#modifying-defaults-from-other-namespaces + """ + + # TODO(gmann): Remove setting the default value of config policy_file + # once oslo_policy change the default value to 'policy.yaml'. + # https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49 + # Update default value of oslo.policy policy_file config option. + policy_opts.set_defaults(cfg.CONF, 'policy.yaml') diff --git a/octavia/common/policy.py b/octavia/common/policy.py index eb7d5f8858..8cf22c37c2 100644 --- a/octavia/common/policy.py +++ b/octavia/common/policy.py @@ -13,6 +13,7 @@ """Policy Engine For Octavia.""" from oslo_config import cfg from oslo_log import log as logging +from oslo_policy import opts from oslo_policy import policy as oslo_policy from oslo_utils import excutils @@ -24,6 +25,13 @@ LOG = logging.getLogger(__name__) OCTAVIA_POLICY = None +# TODO(gmann): Remove setting the default value of config policy_file +# once oslo_policy change the default value to 'policy.yaml'. +# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49 +DEFAULT_POLICY_FILE = 'policy.yaml' +opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE) + + def get_enforcer(): global OCTAVIA_POLICY if OCTAVIA_POLICY is None: diff --git a/octavia/tests/unit/cmd/test_status.py b/octavia/tests/unit/cmd/test_status.py index 60e5c96110..94b39b6502 100644 --- a/octavia/tests/unit/cmd/test_status.py +++ b/octavia/tests/unit/cmd/test_status.py @@ -127,8 +127,9 @@ class TestUpgradeChecks(base.TestCase): Code.FAILURE, check_result.code) def test__check_yaml_policy(self): - policy.Policy() self.conf = self.useFixture(oslo_fixture.Config(cfg.CONF)) + self.conf.conf(args=[], project='octavia') + policy.Policy() self.conf.config(group='oslo_policy', policy_file='test.yaml') check_result = self.cmd._check_yaml_policy() diff --git a/releasenotes/notes/deprecate-json-formatted-policy-file-cc3dbf8b07c2638e.yaml b/releasenotes/notes/deprecate-json-formatted-policy-file-cc3dbf8b07c2638e.yaml new file mode 100644 index 0000000000..c9c5300045 --- /dev/null +++ b/releasenotes/notes/deprecate-json-formatted-policy-file-cc3dbf8b07c2638e.yaml @@ -0,0 +1,20 @@ +--- +upgrade: + - | + The default value of ``[oslo_policy] policy_file`` config option has + been changed from ``policy.json`` to ``policy.yaml``. + Operators who are utilizing customized or previously generated + static policy JSON files (which are not needed by default), should + generate new policy files or convert them in YAML format. Use the + `oslopolicy-convert-json-to-yaml + `_ + tool to convert a JSON to YAML formatted policy file in + backward compatible way. +deprecations: + - | + Use of JSON policy files was deprecated by the ``oslo.policy`` library + during the Victoria development cycle. As a result, this deprecation is + being noted in the Wallaby cycle with an anticipated future removal of support + by ``oslo.policy``. As such operators will need to convert to YAML policy + files. Please see the upgrade notes for details on migration of any + custom policy files. diff --git a/requirements.txt b/requirements.txt index 61d63116a3..7e450f6960 100644 --- a/requirements.txt +++ b/requirements.txt @@ -8,7 +8,7 @@ pbr>=3.1.1 # Apache-2.0 SQLAlchemy>=1.2.19 # MIT SQLAlchemy-Utils>=0.30.11 futurist>=1.2.0 # Apache-2.0 -requests>=2.18.4 # Apache-2.0 +requests>=2.23.0 # Apache-2.0 rfc3986>=1.2.0 # Apache-2.0 keystoneauth1>=3.4.0 # Apache-2.0 keystonemiddleware>=4.17.0 # Apache-2.0 @@ -25,7 +25,7 @@ oslo.middleware>=4.0.1 # Apache-2.0 oslo.policy>=3.6.2 # Apache-2.0 oslo.reports>=1.18.0 # Apache-2.0 oslo.serialization>=2.28.1 # Apache-2.0 -oslo.upgradecheck>=0.1.0 # Apache-2.0 +oslo.upgradecheck>=1.3.0 # Apache-2.0 oslo.utils>=4.5.0 # Apache-2.0 pyasn1!=0.2.3,>=0.1.8 # BSD pyasn1-modules>=0.0.6 # BSD diff --git a/setup.cfg b/setup.cfg index b8114ba6f2..6cd7a4ebd9 100644 --- a/setup.cfg +++ b/setup.cfg @@ -101,6 +101,8 @@ octavia.worker.jobboard_driver = zookeeper_taskflow_driver = octavia.controller.worker.v2.taskflow_jobboard_driver:ZookeeperTaskFlowDriver oslo.config.opts = octavia = octavia.opts:list_opts +oslo.config.opts.defaults = + octavia = octavia.common.config:set_lib_defaults oslo.policy.policies = octavia = octavia.policies:list_rules oslo.policy.enforcer =