On 7 July 2015 at 11:56, Doug Hellmann <[email protected]> wrote:
> Excerpts from Ben Nemec's message of 2015-07-07 11:41:35 -0500: > > On 07/04/2015 12:12 AM, Akihiro Motoki wrote: > > > Hi Oslo and Neutron folks, > > > > > > Why is policy_dirs option deprecated in oslo.policy? > > > In Neutron we have multiple repositories which consist of Neutron > services > > > and we would like to maintain policy.json separately. > > > policy_dirs option looks useful for this purpose. > > > > > > == Detail == > > > > > > Neutron project now consists of several repositories and > > > they are imported when neutron-server runs. > > > There are cases where it makes sense that each repository manages its > > > policy.json > > > and the neutron-server wants to load all related policy.json files. > > > - advanced services have separate repositories and they evolve their > API > > > independently > > > - vendor plugins/drivers in separate repositories (can) have > > > vendor-specific extension API. > > > (It is not a good thing from the point of the current API discussion, > > > but we have now.) > > > > > > An easy way is to put all related policy.json into a single directory > > > lile /etc/neutron/policy.d and specify this to policy_dirs option. > > > > This will still work fine. The reason policy_dirs was deprecated is > > that we didn't see a need to allow arbitrary policy.d locations and > > doing so caused issues in some edge cases, so after the opt is removed > > we will simply look for policy.d in the configuration directory. > > > > Essentially, today the default would be to look in > > /etc/neutron/policy.d, but you can change that if you want. Once the > > opt is removed, you will _only_ be able to use /etc/neutron/policy.d. > > > > -Ben > > > > It's more subtle than that. We have 2 variables interacting right > now, config_dirs (managed by oslo.config) and policy_dirs (managed > by oslo.policy). Both represent multiple places to look for > configuration files, but the policy_dirs value must be a subdirectory > of config_dirs. > > So if config_dirs is ['/etc/one', '/etc/two'] and policy_dirs is > ['policy.d', 'another.d'] then the valid locations for policy files are > ['/etc/one/policy.d', '/etc/two/policy.d', '/etc/one/another.d', > '/etc/two/another.d']. That set of paths is obvious, but the *order* is > also important, and it's not obvious. > > If we really need to have multiple policy files, we should add that > support explicitly somehow instead of backing into it by having > multiple directories. > So long as we keep multiple policy files in a single flat directory (default to /etc/neutron/policy.d), this is enough to load them all of them at once after the config option policy_dirs is removed. Did I understand this correctly? Many thanks, Armando > Doug > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
