With policy-in-code, policy files should be minimal (changes only) and in YAML

Bug #1847490 reported by Alex Kavanagh
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Cinder Charm
Triaged
Medium
Unassigned
OpenStack Dashboard Charm
Triaged
Medium
Unassigned
OpenStack Keystone Charm
In Progress
Medium
Unassigned
OpenStack Mistral Charm
Triaged
Medium
Unassigned

Bug Description

Since the queens release, policy-in-code has been spreading through the OpenStack API services.

What this means is that the default policies that the service uses are 'encoded' in a Python file, and don't need to be declared in a YAML policy file.

The preferred format for policy files is now YAML, and not JSON (which is currently used in the charms).

So the steps for each linked service that has a policy.json file as a template is to:

1. Check that the service does 'policy-in-code'
2. Generate a default policy.yaml file (for comparison purposes - oslo.config provides a command to do this).
3. Convert the charm's template policy json into yaml
4. remove all of the options that are default.

Changed in charm-mistral:
importance: Undecided → Medium
status: New → Triaged
Changed in charm-cinder:
importance: Undecided → Medium
status: New → Triaged
Changed in charm-keystone:
importance: Undecided → Medium
status: New → Triaged
Changed in charm-openstack-dashboard:
importance: Undecided → Medium
status: New → Triaged
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-keystone (master)
Changed in charm-keystone:
status: Triaged → In Progress
Revision history for this message
Tianqi Xiao (txiao) wrote :

I would like to bring some attention to this bug report since it has been inactive for a long time and still affects the current releases. For charm-keystone at least, newer releases (starting from Stein) are still rendering policy file from the policy.json template of older releases (Rocky). This generated policy file is very out of date comparing to the upstream [1].

[1]: https://docs.openstack.org/keystone/latest/configuration/samples/policy-yaml.html

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.