Render deprecated policy names when generating files
We found out the when policy files are generated they don't have deprecated policies. This can be problematic for services that use rendered policy files because they could still be using the deprecated policy name and not the new policy name. This commit makes sure we render the deprecated policy name as an alias to the new policy name. This makes it so that operators don't have to change two policies if they override a deprecated policy. Closes-Bug: 1742569 Change-Id: Iaf0c89a035775770ceaa230c65ce8eb195b9d82b
This commit is contained in:
parent
4f68708a49
commit
2ae04ebdef
@ -136,24 +136,31 @@ def _format_rule_default_yaml(default, include_help=True):
|
|||||||
if default.deprecated_for_removal:
|
if default.deprecated_for_removal:
|
||||||
text = (
|
text = (
|
||||||
'# DEPRECATED\n# "%(name)s" has been deprecated since '
|
'# DEPRECATED\n# "%(name)s" has been deprecated since '
|
||||||
'%(since)s.\n%(reason)s\n%(text)s'
|
'%(since)s.\n%(reason)s\n%(text)s\n'
|
||||||
|
'"%(name)s": "%(check_str)s"'
|
||||||
) % {'name': default.name,
|
) % {'name': default.name,
|
||||||
|
'check_str': default.check_str,
|
||||||
'since': default.deprecated_since,
|
'since': default.deprecated_since,
|
||||||
'reason': _format_help_text(default.deprecated_reason),
|
'reason': _format_help_text(default.deprecated_reason),
|
||||||
'text': text}
|
'text': text}
|
||||||
elif default.deprecated_rule:
|
elif default.deprecated_rule:
|
||||||
text = (
|
# This issues a deprecation warning but aliases the old policy name
|
||||||
'# DEPRECATED\n# "%(old_name)s":"%(old_check_str)s" has been '
|
# with the new policy name for compatibility.
|
||||||
|
deprecated_text = (
|
||||||
|
'DEPRECATED\n"%(old_name)s":"%(old_check_str)s" has been '
|
||||||
'deprecated since %(since)s in favor of '
|
'deprecated since %(since)s in favor of '
|
||||||
'"%(name)s":"%(check_str)s".\n'
|
'"%(name)s":"%(check_str)s".'
|
||||||
'%(reason)s\n%(text)s'
|
|
||||||
) % {'old_name': default.deprecated_rule.name,
|
) % {'old_name': default.deprecated_rule.name,
|
||||||
'old_check_str': default.deprecated_rule.check_str,
|
'old_check_str': default.deprecated_rule.check_str,
|
||||||
'since': default.deprecated_since,
|
'since': default.deprecated_since,
|
||||||
'name': default.name,
|
'name': default.name,
|
||||||
'check_str': default.check_str,
|
'check_str': default.check_str}
|
||||||
'reason': _format_help_text(default.deprecated_reason),
|
|
||||||
'text': text}
|
text = (
|
||||||
|
'%(deprecated_text)s\n"%(old_name)s": "rule:%(name)s"\n'
|
||||||
|
) % {'deprecated_text': _format_help_text(deprecated_text),
|
||||||
|
'old_name': default.deprecated_rule.name,
|
||||||
|
'name': default.name}
|
||||||
|
|
||||||
return text
|
return text
|
||||||
|
|
||||||
|
@ -160,6 +160,47 @@ class GenerateSampleYAMLTestCase(base.PolicyBaseTestCase):
|
|||||||
|
|
||||||
self.assertEqual(expected, stdout.getvalue())
|
self.assertEqual(expected, stdout.getvalue())
|
||||||
|
|
||||||
|
def test_deprecated_policies_are_aliased_to_new_names(self):
|
||||||
|
deprecated_rule = policy.DeprecatedRule(
|
||||||
|
name='foo:post_bar',
|
||||||
|
check_str='role:fizz'
|
||||||
|
)
|
||||||
|
new_rule = policy.RuleDefault(
|
||||||
|
name='foo:create_bar',
|
||||||
|
check_str='role:fizz',
|
||||||
|
description='Create a bar.',
|
||||||
|
deprecated_rule=deprecated_rule,
|
||||||
|
deprecated_reason=(
|
||||||
|
'foo:post_bar is being removed in favor of foo:create_bar'
|
||||||
|
),
|
||||||
|
deprecated_since='N'
|
||||||
|
)
|
||||||
|
opts = {'rules': [new_rule]}
|
||||||
|
|
||||||
|
extensions = []
|
||||||
|
for name, opts in opts.items():
|
||||||
|
ext = stevedore.extension.Extension(name=name, entry_point=None,
|
||||||
|
plugin=None, obj=opts)
|
||||||
|
extensions.append(ext)
|
||||||
|
test_mgr = stevedore.named.NamedExtensionManager.make_test_instance(
|
||||||
|
extensions=extensions, namespace=['rules'])
|
||||||
|
|
||||||
|
expected = '''# DEPRECATED
|
||||||
|
# "foo:post_bar":"role:fizz" has been deprecated since N in favor of
|
||||||
|
# "foo:create_bar":"role:fizz".
|
||||||
|
"foo:post_bar": "rule:foo:create_bar"
|
||||||
|
'''
|
||||||
|
stdout = self._capture_stdout()
|
||||||
|
with mock.patch('stevedore.named.NamedExtensionManager',
|
||||||
|
return_value=test_mgr) as mock_ext_mgr:
|
||||||
|
generator._generate_sample(['rules'], output_file=None)
|
||||||
|
mock_ext_mgr.assert_called_once_with(
|
||||||
|
'oslo.policy.policies', names=['rules'],
|
||||||
|
on_load_failure_callback=generator.on_load_failure_callback,
|
||||||
|
invoke_on_load=True
|
||||||
|
)
|
||||||
|
self.assertEqual(expected, stdout.getvalue())
|
||||||
|
|
||||||
def test_empty_line_formatting(self):
|
def test_empty_line_formatting(self):
|
||||||
rule = [policy.RuleDefault('admin', 'is_admin:True',
|
rule = [policy.RuleDefault('admin', 'is_admin:True',
|
||||||
description='Check Summary \n'
|
description='Check Summary \n'
|
||||||
|
Loading…
x
Reference in New Issue
Block a user