oslopolicy-policy-generator does not work for neutron in Rocky

Bug #1817953 reported by Nate Johnston
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Medium
Nate Johnston
oslo.policy
Low
Ben Nemec

Bug Description

The oslopolicy-policy-generator tool does not work for neutron. This appears to be the same as an old bug [1] that was already fixed for other services.

[centos@persist devstack]$ oslopolicy-policy-generator --namespace neutron
WARNING:stevedore.named:Could not load neutron
Traceback (most recent call last):
  File "/usr/bin/oslopolicy-policy-generator", line 11, in <module>
    sys.exit(generate_policy())
  File "/usr/lib/python2.7/site-packages/oslo_policy/generator.py", line 338, in generate_policy
    _generate_policy(conf.namespace, conf.output_file)
  File "/usr/lib/python2.7/site-packages/oslo_policy/generator.py", line 283, in _generate_policy
    enforcer = _get_enforcer(namespace)
  File "/usr/lib/python2.7/site-packages/oslo_policy/generator.py", line 87, in _get_enforcer
    enforcer = mgr[namespace].obj
  File "/usr/lib/python2.7/site-packages/stevedore/extension.py", line 326, in __getitem__
    return self._extensions_by_name[name]
KeyError: 'neutron'

[1] https://bugs.launchpad.net/keystone/+bug/1740951

Revision history for this message
Nate Johnston (nate-johnston) wrote :

The problem is that Neutron already includes the items that constituted the fix for the previous bug [1] - the get_enforcer() method is already defined in neutron/policy.py, and setup.cfg has get_enforcer defined.

[1] https://review.openstack.org/530828

Ben Nemec (bnemec)
Changed in oslo.policy:
status: New → Confirmed
importance: Undecided → Low
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to oslo.policy (master)

Fix proposed to branch: master
Review: https://review.openstack.org/639822

Changed in oslo.policy:
assignee: nobody → Ben Nemec (bnemec)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.openstack.org/639842

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to oslo.policy (master)

Reviewed: https://review.openstack.org/639822
Committed: https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=61732757c0e934a7c61cef2b2d2651f5abbb6fc6
Submitter: Zuul
Branch: master

commit 61732757c0e934a7c61cef2b2d2651f5abbb6fc6
Author: Ben Nemec <email address hidden>
Date: Wed Feb 27 20:53:11 2019 +0000

    Provide more specific error when namespace is missing

    Previously if a non-existent namespace was specified, we just got
    a generic KeyError from stevedore that didn't say a whole lot about
    what went wrong. You pretty much had to go read the code to figure
    out what happened.

    This change adds an explicit check for a missing namespace and raises
    a KeyError with a more specific error message that explains what is
    wrong.

    Change-Id: Ia56d4655d70cee78661567188a977f67b7c3ee78
    Closes-Bug: 1817953

Changed in oslo.policy:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (stable/rocky)

Change abandoned by Nate Johnston (<email address hidden>) on branch: stable/rocky
Review: https://review.openstack.org/639842
Reason: Abandoning so that I can create a new patch, per amotoki's advice.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.openstack.org/647595

Revision history for this message
Akihiro Motoki (amotoki) wrote : Re: oslopolicy-policy-generator does not work for neutron

As neutron, neutron rocky does not support policy-in-code (as a feature), so this bug sounds a request to support policy-in-code for the released version (rocky). Is there any problem if we don't fix it?

summary: - oslopolicy-policy-generator does not work for neutron
+ oslopolicy-policy-generator does not work for neutron in Rocky
Revision history for this message
Akihiro Motoki (amotoki) wrote :

Note that this issue does not happen in the master branch (train) and stable/stein branch.
http://paste.openstack.org/show/748363/

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/rocky)

Reviewed: https://review.openstack.org/647595
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=96b0b90b89ceb8efe51f9b2270401cca2956079a
Submitter: Zuul
Branch: stable/rocky

commit 96b0b90b89ceb8efe51f9b2270401cca2956079a
Author: Nate Johnston <email address hidden>
Date: Mon Mar 25 16:04:22 2019 -0400

    Add enforcer logic for neutron policy

    The oslopolicy-policy-generator command line tool does not run
    currently, throwing a KeyError. This is because a policy enforcer needs
    to be added to Neutron for the command to run.

    This change is a limited backport of "Convert policy.json into
    policy-in-code" [1]. The feature of policy-in-code is not backported;
    all that is backported is the changes needed for the
    oslopolicy-policy-generator command line tool to function properly,
    which were bundled in with the rest of the policy-in-code feature.

    For reference, an analogous change was merged in keystone to solve the
    same problem [2].

    [1] https://review.openstack.org/585037
    [2] https://review.openstack.org/530828

    Change-Id: I912f23e9c6800b71672507c548cfab3f094de9c7
    Closes-Bug: #1817953

tags: added: in-stable-rocky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/650955

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/queens)

Reviewed: https://review.openstack.org/650955
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=44d34170ccc439f433697b2117d0251530e5d508
Submitter: Zuul
Branch: stable/queens

commit 44d34170ccc439f433697b2117d0251530e5d508
Author: Nate Johnston <email address hidden>
Date: Mon Mar 25 16:04:22 2019 -0400

    Add enforcer logic for neutron policy

    The oslopolicy-policy-generator command line tool does not run
    currently, throwing a KeyError. This is because a policy enforcer needs
    to be added to Neutron for the command to run.

    This change is a limited backport of "Convert policy.json into
    policy-in-code" [1]. The feature of policy-in-code is not backported;
    all that is backported is the changes needed for the
    oslopolicy-policy-generator command line tool to function properly,
    which were bundled in with the rest of the policy-in-code feature.

    For reference, an analogous change was merged in keystone to solve the
    same problem [2].

    [1] https://review.openstack.org/585037
    [2] https://review.openstack.org/530828

    Change-Id: I912f23e9c6800b71672507c548cfab3f094de9c7
    Closes-Bug: #1817953
    (cherry picked from commit 96b0b90b89ceb8efe51f9b2270401cca2956079a)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 12.0.6

This issue was fixed in the openstack/neutron 12.0.6 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 13.0.3

This issue was fixed in the openstack/neutron 13.0.3 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/oslo.policy 2.2.0

This issue was fixed in the openstack/oslo.policy 2.2.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers