neutron

oslopolicy-policy-generator does not work for neutron in Rocky

Bug #1817953 reported by Nate Johnston on 2019-02-27

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Medium	Nate Johnston
	oslo.policy	Fix Released	Low	Ben Nemec

Bug Description

The oslopolicy-policy-generator tool does not work for neutron. This appears to be the same as an old bug [1] that was already fixed for other services.

[centos@persist devstack]$ oslopolicy-policy-generator --namespace neutron
WARNING:stevedore.named:Could not load neutron
Traceback (most recent call last):
  File "/usr/bin/oslopolicy-policy-generator", line 11, in <module>
    sys.exit(generate_policy())
  File "/usr/lib/python2.7/site-packages/oslo_policy/generator.py", line 338, in generate_policy
    _generate_policy(conf.namespace, conf.output_file)
  File "/usr/lib/python2.7/site-packages/oslo_policy/generator.py", line 283, in _generate_policy
    enforcer = _get_enforcer(namespace)
  File "/usr/lib/python2.7/site-packages/oslo_policy/generator.py", line 87, in _get_enforcer
    enforcer = mgr[namespace].obj
  File "/usr/lib/python2.7/site-packages/stevedore/extension.py", line 326, in __getitem__
    return self._extensions_by_name[name]
KeyError: 'neutron'

[1] https://bugs.launchpad.net/keystone/+bug/1740951

Tags:

Revision history for this message

Nate Johnston (nate-johnston) wrote on 2019-02-27:

The problem is that Neutron already includes the items that constituted the fix for the previous bug [1] - the get_enforcer() method is already defined in neutron/policy.py, and setup.cfg has get_enforcer defined.

[1] https://review.openstack.org/530828

Ben Nemec (bnemec) on 2019-02-27

Changed in oslo.policy:
status:	New → Confirmed
importance:	Undecided → Low

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-02-27: Fix proposed to oslo.policy (master)

Fix proposed to branch: master
Review: https://review.openstack.org/639822

Changed in oslo.policy:
assignee:	nobody → Ben Nemec (bnemec)
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-02-27: Fix proposed to neutron (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.openstack.org/639842

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-02-28: Fix merged to oslo.policy (master)

Reviewed: https://review.openstack.org/639822
Committed: https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=61732757c0e934a7c61cef2b2d2651f5abbb6fc6
Submitter: Zuul
Branch: master

commit 61732757c0e934a7c61cef2b2d2651f5abbb6fc6
Author: Ben Nemec <email address hidden>
Date: Wed Feb 27 20:53:11 2019 +0000

Provide more specific error when namespace is missing

    Previously if a non-existent namespace was specified, we just got
    a generic KeyError from stevedore that didn't say a whole lot about
    what went wrong. You pretty much had to go read the code to figure
    out what happened.

    This change adds an explicit check for a missing namespace and raises
    a KeyError with a more specific error message that explains what is
    wrong.

Change-Id: Ia56d4655d70cee78661567188a977f67b7c3ee78
Closes-Bug: 1817953

Changed in oslo.policy:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-25: Change abandoned on neutron (stable/rocky)

Change abandoned by Nate Johnston (<email address hidden>) on branch: stable/rocky
Review: https://review.openstack.org/639842
Reason: Abandoning so that I can create a new patch, per amotoki's advice.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-03-25: Fix proposed to neutron (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.openstack.org/647595

Revision history for this message

Akihiro Motoki (amotoki) wrote on 2019-03-26: Re: oslopolicy-policy-generator does not work for neutron

As neutron, neutron rocky does not support policy-in-code (as a feature), so this bug sounds a request to support policy-in-code for the released version (rocky). Is there any problem if we don't fix it?

summary:

- oslopolicy-policy-generator does not work for neutron
+ oslopolicy-policy-generator does not work for neutron in Rocky

Revision history for this message

Akihiro Motoki (amotoki) wrote on 2019-03-26:

Note that this issue does not happen in the master branch (train) and stable/stein branch.
http://paste.openstack.org/show/748363/

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-07: Fix merged to neutron (stable/rocky)

Reviewed: https://review.openstack.org/647595
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=96b0b90b89ceb8efe51f9b2270401cca2956079a
Submitter: Zuul
Branch: stable/rocky

commit 96b0b90b89ceb8efe51f9b2270401cca2956079a
Author: Nate Johnston <email address hidden>
Date: Mon Mar 25 16:04:22 2019 -0400

Add enforcer logic for neutron policy

    The oslopolicy-policy-generator command line tool does not run
    currently, throwing a KeyError. This is because a policy enforcer needs
    to be added to Neutron for the command to run.

    This change is a limited backport of "Convert policy.json into
    policy-in-code" [1]. The feature of policy-in-code is not backported;
    all that is backported is the changes needed for the
    oslopolicy-policy-generator command line tool to function properly,
    which were bundled in with the rest of the policy-in-code feature.

For reference, an analogous change was merged in keystone to solve the
same problem [2].

[1] https://review.openstack.org/585037
[2] https://review.openstack.org/530828

Change-Id: I912f23e9c6800b71672507c548cfab3f094de9c7
Closes-Bug: #1817953

tags:

added: in-stable-rocky

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-08: Fix proposed to neutron (stable/queens)

#10

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/650955

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-04-09: Fix merged to neutron (stable/queens)

#11

Reviewed: https://review.openstack.org/650955
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=44d34170ccc439f433697b2117d0251530e5d508
Submitter: Zuul
Branch: stable/queens

commit 44d34170ccc439f433697b2117d0251530e5d508
Author: Nate Johnston <email address hidden>
Date: Mon Mar 25 16:04:22 2019 -0400

Add enforcer logic for neutron policy

    The oslopolicy-policy-generator command line tool does not run
    currently, throwing a KeyError. This is because a policy enforcer needs
    to be added to Neutron for the command to run.

For reference, an analogous change was merged in keystone to solve the
same problem [2].

[1] https://review.openstack.org/585037
[2] https://review.openstack.org/530828

    Change-Id: I912f23e9c6800b71672507c548cfab3f094de9c7
    Closes-Bug: #1817953
    (cherry picked from commit 96b0b90b89ceb8efe51f9b2270401cca2956079a)