[goal] Deprecate the JSON formatted policy file

As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to do two things:

1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.

2. Deprecate the JSON formatted policy file on the project side
via warning in doc and releasenotes.

Also replace policy.json to policy.yaml ref from doc and tests.

[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: I790409da69df8479ad2fe152b15c32ba45067c23

8 files changed, 54 insertions, 16 deletions

diff --git a/devstack/settings b/devstack/settings
index 541d0f7d..b7be68d0 100644
--- a/devstack/settings
+++ b/devstack/settings
@@ -26,7 +26,7 @@ TROVE_API_PASTE_INI=${TROVE_API_PASTE_INI:-${TROVE_CONF_DIR}/api-paste.ini}
 
 TROVE_LOCAL_CONF_DIR=${TROVE_LOCAL_CONF_DIR:-${TROVE_DIR}/etc/trove}
 TROVE_LOCAL_API_PASTE_INI=${TROVE_LOCAL_API_PASTE_INI:-${TROVE_LOCAL_CONF_DIR}/api-paste.ini}
-TROVE_LOCAL_POLICY_JSON=${TROVE_LOCAL_POLICY_JSON:-${TROVE_LOCAL_CONF_DIR}/policy.json}
+TROVE_LOCAL_POLICY_JSON=${TROVE_LOCAL_POLICY_JSON:-${TROVE_LOCAL_CONF_DIR}/policy.yaml}
 
 TROVE_IMAGE_OS=${TROVE_IMAGE_OS:-"ubuntu"}
 TROVE_IMAGE_OS_RELEASE=${TROVE_IMAGE_OS_RELEASE:-"bionic"}
diff --git a/doc/source/admin/run_trove_in_production.rst b/doc/source/admin/run_trove_in_production.rst
index 5cfde6b3..94bbce24 100644
--- a/doc/source/admin/run_trove_in_production.rst
+++ b/doc/source/admin/run_trove_in_production.rst
@@ -257,11 +257,19 @@ database group
     ``mysql+pymysql://root:password@127.0.0.1/trove?charset=utf8``
 
 The cloud administrator also needs to provide a policy file
-``/etc/trove/policy.json`` if the default API access policies don't satisfy the
+``/etc/trove/policy.yaml`` if the default API access policies don't satisfy the
 requirement. To generate a sample policy file with all the default policies,
 run ``tox -egenpolicy`` in the repo folder and the new file will be located in
 ``etc/trove/policy.yaml.sample``.
 
+.. warning::
+
+   JSON formatted policy file is deprecated since Trove 15.0.0 (Wallaby).
+   This `oslopolicy-convert-json-to-yaml`__ tool will migrate your existing
+   JSON-formatted policy file to YAML in a backward-compatible way.
+
+.. __: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html
+
 
 Initialize Trove Database
 ~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/etc/trove/README-policy.generated.md b/etc/trove/README-policy.generated.md
index 1c8f0cfd..7baf433d 100644
--- a/etc/trove/README-policy.generated.md
+++ b/etc/trove/README-policy.generated.md
@@ -12,7 +12,7 @@ Use customized policy file
 
 As Trove uses policy in code now, it's not necessary to add a policy file for
 Trove components to run. But when a customized policy is needed, Trove will
-take ``/etc/trove/policy.json`` by default. The location of the policy file
+take ``/etc/trove/policy.yaml`` by default. The location of the policy file
 can also be overridden by adding following lines in Trove config file:
 
     [oslo_policy]
diff --git a/lower-constraints.txt b/lower-constraints.txt
index 178c606f..fcc70cb9 100644
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@@ -73,18 +73,18 @@ os-service-types==1.2.0
 osc-lib==1.10.0
 oslo.cache==1.29.0
 oslo.concurrency==3.26.0
-oslo.config==5.2.0
-oslo.context==2.19.2
+oslo.config==6.8.0
+oslo.context==2.22.0
 oslo.db==4.27.0
 oslo.i18n==3.15.3
 oslo.log==3.36.0
 oslo.messaging==5.29.0
 oslo.middleware==3.31.0
-oslo.policy==1.30.0
+oslo.policy==3.6.0
 oslo.serialization==2.18.0
 oslo.service==1.24.0
-oslo.upgradecheck==0.1.0
-oslo.utils==3.33.0
+oslo.upgradecheck==1.3.0
+oslo.utils==3.40.0
 oslotest==3.2.0
 osprofiler==1.4.0
 packaging==17.1
@@ -124,14 +124,14 @@ python-subunit==1.2.0
 python-swiftclient==3.2.0
 python-troveclient==2.2.0
 pytz==2018.3
-PyYAML==3.12
+PyYAML==5.1
 redis==2.10.0
 reno==3.1.0
 repoze.lru==0.7
-requests==2.18.4
+requests==2.20.0
 requestsexceptions==1.4.0
 restructuredtext-lint==1.1.3
-rfc3986==1.1.0
+rfc3986==1.2.0
 Routes==2.3.1
 semantic-version==2.7.0
 simplejson==3.13.2
diff --git a/releasenotes/notes/wallaby-deprecate-json-formatted-policy-file-21c88ff2ad490a2e.yaml b/releasenotes/notes/wallaby-deprecate-json-formatted-policy-file-21c88ff2ad490a2e.yaml
new file mode 100644
index 00000000..c9c53000
--- /dev/null
+++ b/releasenotes/notes/wallaby-deprecate-json-formatted-policy-file-21c88ff2ad490a2e.yaml
@@ -0,0 +1,20 @@
+---
+upgrade:
+  - |
+    The default value of ``[oslo_policy] policy_file`` config option has
+    been changed from ``policy.json`` to ``policy.yaml``.
+    Operators who are utilizing customized or previously generated
+    static policy JSON files (which are not needed by default), should
+    generate new policy files or convert them in YAML format. Use the
+    `oslopolicy-convert-json-to-yaml
+    <https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html>`_
+    tool to convert a JSON to YAML formatted policy file in
+    backward compatible way.
+deprecations:
+  - |
+    Use of JSON policy files was deprecated by the ``oslo.policy`` library
+    during the Victoria development cycle. As a result, this deprecation is
+    being noted in the Wallaby cycle with an anticipated future removal of support
+    by ``oslo.policy``. As such operators will need to convert to YAML policy
+    files. Please see the upgrade notes for details on migration of any
+    custom policy files.
diff --git a/requirements.txt b/requirements.txt
index 7738bcfc..33bd3e83 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -27,14 +27,14 @@ iso8601>=0.1.11 # MIT
 jsonschema>=3.2.0 # MIT
 Jinja2>=2.10 # BSD License (3 clause)
 pexpect!=3.3,>=3.1 # ISC License
-oslo.config>=5.2.0 # Apache-2.0
-oslo.context>=2.19.2 # Apache-2.0
+oslo.config>=6.8.0 # Apache-2.0
+oslo.context>=2.22.0 # Apache-2.0
 oslo.i18n>=3.15.3 # Apache-2.0
 oslo.middleware>=3.31.0 # Apache-2.0
 oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
 oslo.service!=1.28.1,>=1.24.0 # Apache-2.0
-oslo.upgradecheck>=0.1.0 # Apache-2.0
-oslo.utils>=3.33.0 # Apache-2.0
+oslo.upgradecheck>=1.3.0 # Apache-2.0
+oslo.utils>=3.40.0 # Apache-2.0
 oslo.concurrency>=3.26.0 # Apache-2.0
 PyMySQL>=0.7.6 # MIT License
 stevedore>=1.20.0 # Apache-2.0
@@ -44,7 +44,7 @@ oslo.log>=3.36.0 # Apache-2.0
 oslo.db>=4.27.0 # Apache-2.0
 xmltodict>=0.10.1 # MIT
 cryptography>=2.1.4  # BSD/Apache-2.0
-oslo.policy>=1.30.0 # Apache-2.0
+oslo.policy>=3.6.0 # Apache-2.0
 diskimage-builder!=1.6.0,!=1.7.0,!=1.7.1,>=1.1.2 # Apache-2.0
 docker>=4.2.0 # Apache-2.0
 psycopg2-binary>=2.6.2 # LGPL/ZPL
diff --git a/trove/cmd/status.py b/trove/cmd/status.py
index c17bcff8..275f0e62 100644
--- a/trove/cmd/status.py
+++ b/trove/cmd/status.py
@@ -15,6 +15,7 @@
 import sys
 
 from oslo_config import cfg
+from oslo_upgradecheck import common_checks
 from oslo_upgradecheck import upgradecheck
 
 from trove.common.i18n import _
@@ -62,6 +63,8 @@ class Checks(upgradecheck.UpgradeCommands):
     _upgrade_checks = (
         (_("instances_with_running_tasks"),
          _check_instances_with_running_tasks),
+        (_('policy File JSON to YAML Migration'),
+         (common_checks.check_policy_json, {'conf': cfg.CONF})),
     )
 
 
diff --git a/trove/common/policy.py b/trove/common/policy.py
index e9a8ca96..12d8e9a5 100644
--- a/trove/common/policy.py
+++ b/trove/common/policy.py
@@ -15,6 +15,7 @@
 
 
 from oslo_config import cfg
+from oslo_policy import opts
 from oslo_policy import policy
 
 from trove.common import exception as trove_exceptions
@@ -23,6 +24,12 @@ from trove.common import policies
 CONF = cfg.CONF
 _ENFORCER = None
 
+# TODO(gmann): Remove setting the default value of config policy_file
+# once oslo_policy change the default value to 'policy.yaml'.
+# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
+DEFAULT_POLICY_FILE = 'policy.yaml'
+opts.set_defaults(CONF, DEFAULT_POLICY_FILE)
+
 
 def get_enforcer():
     global _ENFORCER