Need policy validator tool

Bug #1853038 reported by Ben Nemec on 2019-11-18
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
oslo.policy
Wishlist
Ben Nemec

Bug Description

Someone asked about this when I was demo'ing the Oslo CLI tools. We have a config validator for oslo.config[0], but no equivalent tool exists for oslo.policy as far as I'm aware. What I envision the tool doing is similar to the config tool: Look at each entry in a policy file, check with the service to see if a rule of that name actually exists, and if not log an error. This would allow operators to easily catch typos or references to old rules in their policy files. It should _not_ do any testing of the rule (other than maybe a basic syntax sanity check, but I would consider that a future enhancement not part of the initial implementation). That's what oslopolicy-checker is for.

It's possible that this could be combined with the oslopolicy-list-redundant tool as they're both doing similar things. At the very least we should try to share code between them whenever possible.

0: https://docs.openstack.org/oslo.config/latest/cli/validator.html

Fix proposed to branch: master
Review: https://review.opendev.org/702757

Changed in oslo.policy:
assignee: nobody → Ben Nemec (bnemec)
status: Triaged → In Progress

Reviewed: https://review.opendev.org/702757
Committed: https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=283768e910257f81b599d2c409bf4a021bc50eae
Submitter: Zuul
Branch: master

commit 283768e910257f81b599d2c409bf4a021bc50eae
Author: Ben Nemec <email address hidden>
Date: Wed Jan 15 22:10:16 2020 +0000

    Add oslopolicy-validator tool

    As requested in the referenced RFE bug, this is a validator tool
    similar to the oslo.config validator tool that operators can use to
    look for basic errors in their policy files.

    It's very similar to the redundant rule tool, but I decided not to
    combine them because I feel like the target use cases are enough
    different to warrant separate tools. Specifically, the redundant
    rule tool is looking for perfectly valid rules that just happen to
    be unnecessary. The validator is looking for errors in the policy
    file. While it's unlikely someone looking for redundant rules wouldn't
    also want to know if there is something broken in their policy file,
    it's likely that someone just looking to sanity check their policy
    before deployment wouldn't want to see a bunch of messages about
    redundant rules that won't cause any problems.

    Change-Id: I799a754aceac080c11baffd7ff635b2a9cb825f7
    Closes-Bug: 1853038

Changed in oslo.policy:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers