[openstack-dev] [nova][oslo] API extension policy deprecation warnings
Lance Bragstad
lbragstad at gmail.com
Fri Jan 5 19:08:48 UTC 2018
I thought we planned for that case, but it looks like we log a warning
regardless (obviously from your trace) so that operators don't miss
opportunities to clean up code. In addition to that, the removal of a
policy might make a role obsolete, which is harder to check for than
just seeing if they have overridden the policy from a file. I can dig
into oslo.policy and see if there is a way to determine if a policy is
coming from a file or in-code.
[0]
https://github.com/openstack/oslo.policy/blob/master/oslo_policy/policy.py#L610-L625
On 01/05/2018 12:45 PM, Matt Riedemann wrote:
> I've noticed that our CI logs have API extension policy deprecation
> warnings in them on startup, even though we don't use any non-default
> policy rules in our CI runs, so everything is just loaded from policy
> in code.
>
> Jan 05 16:58:48.794318 ubuntu-xenial-rax-dfw-0001705089
> nova-compute[11289]: DEBUG oslo_policy.policy [None
> req-2f69f372-721c-4550-9c28-5fa610a84201 None None] The policy file
> policy.json could not be found. {{(pid=11289) load_rules
> /usr/local/lib/python2.7/dist-packages/oslo_policy/policy.py:548}}
> Jan 05 16:58:48.797597 ubuntu-xenial-rax-dfw-0001705089
> nova-compute[11289]:
> /usr/local/lib/python2.7/dist-packages/oslo_policy/policy.py:623:
> UserWarning: Policy
> "os_compute_api:os-extended-volumes":"rule:admin_or_owner" was
> deprecated for removal in 17.0.0. Reason: Nova API extension concept
> has been removed in Pike. Those extensions have their own policies
> enforcement. As there is no extensions now,
> "os_compute_api:os-extended-volumes" policy which was added for
> extensions is not needed any more. Its value may be silently ignored
> in the future.
>
> Isn't there a way to not log a warning if the rule isn't actually set
> in the policy file? Similar to deprecated config options, you only get
> the warning on those if you've set a deprecated config option in the
> file, but you don't get the warnings just because they are in code and
> not removed yet.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180105/1b75d002/attachment.sig>
More information about the OpenStack-dev
mailing list