From 6ed40be1464dc781f2ffd22f4f3968ca482b2abb Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@citynetwork.eu>
Date: Tue, 16 Mar 2021 11:08:38 +0200
Subject: [PATCH] [goal] Deprecate the JSON formatted policy file

As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to replace policy.json to
policy.yaml and remove deprecated policy.json.

[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: I03a29bab6663d1d0ee6130707ea5865ebbd916d5
---
 defaults/main.yml             |  2 +-
 handlers/main.yml             |  9 +++++++++
 tasks/glance_post_install.yml | 29 ++++++++++++++++++++++++-----
 3 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 40161f98..fa65f14a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -193,7 +193,7 @@ glance_digest_algorithm: sha256
 glance_http_keepalive: True
 
 ## Glance policy
-glance_policy_file: policy.json
+glance_policy_file: policy.yaml
 glance_policy_default_rule: default
 glance_policy_dirs: policy.d
 
diff --git a/handlers/main.yml b/handlers/main.yml
index 300e96f8..35c4348c 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -28,6 +28,15 @@
     - "Restart glance services"
     - "venv changed"
 
+# NOTE (noonedeadpunk): Remove this task after Xena release
+- name: Remove obsoleted policy.json
+  file:
+    path: "{{ glance_etc_dir }}/policy.json"
+    state: absent
+  listen:
+    - "Restart glance services"
+    - "venv changed"
+
 - name: Start services
   service:
     name: "{{ item.service_name }}"
diff --git a/tasks/glance_post_install.yml b/tasks/glance_post_install.yml
index 0166ddfa..852ce4a8 100644
--- a/tasks/glance_post_install.yml
+++ b/tasks/glance_post_install.yml
@@ -75,16 +75,35 @@
       dest: "{{ glance_etc_dir }}/schema-image.json"
       config_overrides: "{{ glance_glance_scheme_json_overrides }}"
       config_type: "json"
-    - dest: "{{ glance_etc_dir }}/policy.json"
-      config_overrides: "{{ glance_policy_overrides }}"
-      config_type: "json"
-      condition: "{{ (glance_policy_overrides) or (glance_policy_content) }}"
-      content: "{{ glance_policy_content }}"
   notify:
     - Manage LB
     - Restart glance services
     - Restart uwsgi services
 
+- name: Implement policy.yaml if there are overrides configured
+  config_template:
+    dest: "{{ glance_etc_dir }}/{{ glance_policy_file }}"
+    config_overrides: "{{ glance_policy_overrides }}"
+    config_type: "yaml"
+    owner: "root"
+    group: "{{ glance_system_group_name }}"
+    mode: "0640"
+    content: "{{ glance_policy_content }}"
+  when:
+    - (glance_policy_overrides | length > 0) or (glance_policy_content | length > 0)
+  tags:
+    - glance-policy-override
+
+- name: Remove legacy policy.yaml file
+  file:
+    path: "{{ glance_etc_dir }}/{{ glance_policy_file }}"
+    state: absent
+  when:
+    - glance_policy_overrides | length == 0
+    - glance_policy_content | length == 0
+  tags:
+    - glance-policy-override
+
 - name: Deploy Glance image import configuration file
   template:
     src: "{{ glance_glance_image_import_conf_location }}"