diff options
author | Lance Bragstad <lbragstad@gmail.com> | 2018-01-05 20:41:31 +0000 |
---|---|---|
committer | Lance Bragstad <lbragstad@gmail.com> | 2018-01-05 21:00:16 +0000 |
commit | 4f68708a495fa2237b62491e355db99fac1f7edb (patch) | |
tree | 279e70416c3284401cb46f32beb7f5c998da728e | |
parent | 8835af6aa5b3c039b0c1b74a2b697fb654ae24dd (diff) | |
download | oslo-policy-1.33.1.tar.gz |
Only log deprecation warnings when they are overridden1.33.1
The policy deprecation logic use to log a warning for operators that
a policy was being removed regardless of the policy being overridden
in a policy file somewhere. This can be somewhat noisy especially if
there isn't anything for the operator to do since they haven't
overridden the default.
This commit changes the check to see if the deprecated policy is
in the file_rules instead of just the registered rules. This means
that operators should only see a deprecated for removal warning
iff they are providing an override.
Change-Id: Ia82516e9a13f6d04be2428b2a03883272be93329
-rw-r--r-- | oslo_policy/policy.py | 2 | ||||
-rw-r--r-- | oslo_policy/tests/test_policy.py | 23 |
2 files changed, 23 insertions, 2 deletions
diff --git a/oslo_policy/policy.py b/oslo_policy/policy.py index 6a7fc49..4034fff 100644 --- a/oslo_policy/policy.py +++ b/oslo_policy/policy.py @@ -608,7 +608,7 @@ class Enforcer(object): ) warnings.warn(deprecated_msg) if default.deprecated_for_removal and ( - default.name in self.rules): + default.name in self.file_rules): # If a policy is going to be removed altogether, then we # need to make sure we let operators know so they can clean # up their policy files, if they are overriding it. diff --git a/oslo_policy/tests/test_policy.py b/oslo_policy/tests/test_policy.py index 6ff9009..1bb97c2 100644 --- a/oslo_policy/tests/test_policy.py +++ b/oslo_policy/tests/test_policy.py @@ -956,7 +956,7 @@ class DocumentedRuleDefaultDeprecationTestCase(base.PolicyBaseTestCase): enforcer.load_rules(True) mock_warn.assert_called_once_with(expected_msg) - def test_deprecate_a_policy_for_removal(self): + def test_deprecate_a_policy_for_removal_logs_warning_when_overridden(self): rule_list = [policy.DocumentedRuleDefault( name='foo:bar', check_str='role:baz', @@ -982,6 +982,27 @@ class DocumentedRuleDefaultDeprecationTestCase(base.PolicyBaseTestCase): enforcer.load_rules() mock_warn.assert_called_once_with(expected_msg) + def test_deprecate_a_policy_for_removal_does_not_log_warning(self): + # We should only log a warning for operators if they are supplying an + # override for a policy that is deprecated for removal. + rule_list = [policy.DocumentedRuleDefault( + name='foo:bar', + check_str='role:baz', + description='Create a foo.', + operations=[{'path': '/v1/foos/', 'method': 'POST'}], + deprecated_for_removal=True, + deprecated_reason=( + '"foo:bar" is no longer a policy used by the service' + ), + deprecated_since='N' + )] + enforcer = policy.Enforcer(self.conf) + enforcer.register_defaults(rule_list) + + with mock.patch('warnings.warn') as mock_warn: + enforcer.load_rules() + mock_warn.assert_not_called() + def test_deprecated_policy_for_removal_must_include_deprecated_since(self): self.assertRaises( ValueError, |