Add oslopolicy-convert-json-to-yaml tool

Add ``oslopolicy-convert-json-to-yaml`` tool which can be
used to convert the json formatted policy file to yaml format.
It takes json formatted policy file as input and convert it to
a yaml formatted policy file similar to 'oslopolicy-sample-generator'
tool except keeping the overridden rule as uncommented.

This tool does the following:

* Comment out any rules that match the default from policy-in-code.
* Keep rules uncommented if rule is overridden.
* Does not auto add the deprecated rules in the file unless it not already
  present in the file.
* Keep any extra rules or already exist deprecated rules uncommented
  but at the end of the file with a warning text.

I did not add the new functionality in existing 'oslopolicy-policy-upgrade'
tool because the above listed features of new tool end up creating a
complete different code path instead of reusing it from existing tool so it
better to have separate tool which can be removed in future once all deployments
are migrated to YAML formatted file.

This commits add doc and reno also for this tool

Partial implement blueprint policy-json-to-yaml

Change-Id: Icc245951b2992cc09a891516ffd14f3d4c009920

1 files changed, 143 insertions, 0 deletions

diff --git a/oslo_policy/tests/test_generator.py b/oslo_policy/tests/test_generator.py
index 1f74aa3..ab726dc 100644
--- a/oslo_policy/tests/test_generator.py
+++ b/oslo_policy/tests/test_generator.py
@@ -799,3 +799,146 @@ class ValidatorTestCase(base.PolicyBaseTestCase):
 
     def test_missing_policy_file(self):
         self._test_policy('', missing_file=True)
+
+
+class ConvertJsonToYamlTestCase(base.PolicyBaseTestCase):
+    def setUp(self):
+        super(ConvertJsonToYamlTestCase, self).setUp()
+        policy_json_contents = jsonutils.dumps({
+            "rule1_name": "rule:admin",
+            "rule2_name": "rule:overridden",
+            "deprecated_rule1_name": "rule:admin"
+        })
+        self.create_config_file('policy.json', policy_json_contents)
+        self.output_file_path = self.get_config_file_fullname(
+            'converted_policy.yaml')
+        deprecated_policy = policy.DeprecatedRule(
+            name='deprecated_rule1_name',
+            check_str='rule:admin'
+        )
+        self.registered_policy = [
+            policy.DocumentedRuleDefault(
+                name='rule1_name',
+                check_str='rule:admin',
+                description='test_rule1',
+                operations=[{'path': '/test', 'method': 'GET'}],
+                deprecated_rule=deprecated_policy,
+                deprecated_reason='testing',
+                deprecated_since='ussuri',
+                scope_types=['system']
+            ),
+            policy.DocumentedRuleDefault(
+                name='rule2_name',
+                check_str='rule:admin',
+                description='test_rule2',
+                operations=[{'path': '/test', 'method': 'PUT'}],
+                deprecated_rule=deprecated_policy,
+                deprecated_reason='testing2',
+                deprecated_since='ussuri',
+                scope_types=['system', 'project']
+            )
+        ]
+        self.extensions = []
+        ext = stevedore.extension.Extension(name='test',
+                                            entry_point=None,
+                                            plugin=None,
+                                            obj=self.registered_policy)
+        self.extensions.append(ext)
+        # Just used for cli opt parsing
+        self.local_conf = cfg.ConfigOpts()
+
+        self.expected = '''# test_rule1
+# GET  /test
+# Intended scope(s): system
+#"rule1_name": "rule:admin"
+
+# test_rule2
+# PUT  /test
+# Intended scope(s): system, project
+"rule2_name": "rule:overridden"
+
+# WARNING: Below rules are either deprecated rules
+# or extra rules in policy file, it is strongly
+# recommended to switch to new rules.
+"deprecated_rule1_name": "rule:admin"
+'''
+
+    def _is_yaml(self, data):
+        is_yaml = False
+        try:
+            jsonutils.loads(data)
+        except ValueError:
+            try:
+                yaml.safe_load(data)
+                is_yaml = True
+            except yaml.scanner.ScannerError:
+                pass
+        return is_yaml
+
+    def _test_convert_json_to_yaml_file(self, output_to_file=True):
+        test_mgr = stevedore.named.NamedExtensionManager.make_test_instance(
+            extensions=self.extensions, namespace='test')
+        converted_policy_data = None
+        with mock.patch('stevedore.named.NamedExtensionManager',
+                        return_value=test_mgr):
+            testargs = ['oslopolicy-convert-json-to-yaml',
+                        '--namespace', 'test',
+                        '--policy-file',
+                        self.get_config_file_fullname('policy.json')]
+            if output_to_file:
+                testargs.extend(['--output-file',
+                                 self.output_file_path])
+            with mock.patch('sys.argv', testargs):
+                generator.convert_policy_json_to_yaml(conf=self.local_conf)
+                if output_to_file:
+                    with open(self.output_file_path, 'r') as fh:
+                        converted_policy_data = fh.read()
+        return converted_policy_data
+
+    def test_convert_json_to_yaml_file(self):
+        converted_policy_data = self._test_convert_json_to_yaml_file()
+        self.assertTrue(self._is_yaml(converted_policy_data))
+        self.assertEqual(self.expected, converted_policy_data)
+
+    def test_convert_policy_to_stdout(self):
+        stdout = self._capture_stdout()
+        self._test_convert_json_to_yaml_file(output_to_file=False)
+        self.assertEqual(self.expected, stdout.getvalue())
+
+    def test_converted_yaml_is_loadable(self):
+        self._test_convert_json_to_yaml_file()
+        enforcer = policy.Enforcer(self.conf,
+                                   policy_file=self.output_file_path)
+        enforcer.load_rules()
+        for rule in ['rule2_name', 'deprecated_rule1_name']:
+            self.assertIn(rule, enforcer.rules)
+
+    def test_default_rules_comment_out_in_yaml_file(self):
+        converted_policy_data = self._test_convert_json_to_yaml_file()
+        commented_default_rule = '''# test_rule1
+# GET  /test
+# Intended scope(s): system
+#"rule1_name": "rule:admin"
+
+'''
+        self.assertIn(commented_default_rule, converted_policy_data)
+
+    def test_overridden_rules_uncommented_in_yaml_file(self):
+        converted_policy_data = self._test_convert_json_to_yaml_file()
+        uncommented_overridden_rule = '''# test_rule2
+# PUT  /test
+# Intended scope(s): system, project
+"rule2_name": "rule:overridden"
+
+'''
+        self.assertIn(uncommented_overridden_rule, converted_policy_data)
+
+    def test_existing_deprecated_rules_kept_uncommented_in_yaml_file(self):
+        converted_policy_data = self._test_convert_json_to_yaml_file()
+        existing_deprecated_rule_with_warning = '''# WARNING: Below rules are either deprecated rules
+# or extra rules in policy file, it is strongly
+# recommended to switch to new rules.
+"deprecated_rule1_name": "rule:admin"
+'''
+        self.assertIn(existing_deprecated_rule_with_warning,
+                      converted_policy_data)