yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #80091
[Bug 1836568] Re: Logs filled with unnecessary policy deprecation warnings
Reviewed: https://review.opendev.org/682798
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=15b416c34c49d038c059179feba38d9b398104ac
Submitter: Zuul
Branch: master
commit 15b416c34c49d038c059179feba38d9b398104ac
Author: Colleen Murphy <colleen.murphy@xxxxxxx>
Date: Tue Sep 17 23:03:11 2019 -0700
Consolidate policy deprecation warnings
Suppress noisy deprecation warnings in favor of a single blanket
warning. Oslopolicy-policy-generator will still emit the same
deprecation warnings, and oslopolicy-policy-upgrade can be used to
migrate existing custom policies to the upgraded version.
This change requires no modification to oslo.policy and so no new
release or requirements bump will be needed.
Change-Id: I3c27c61cee3527b39f6a167b11198ab066614a1d
Closes-bug: #1836568
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1836568
Title:
Logs filled with unnecessary policy deprecation warnings
Status in OpenStack Identity (keystone):
Fix Released
Status in oslo.policy:
In Progress
Bug description:
My today master version of keystone log is full with:
2019-07-15 10:47:25.316828 As of the Stein release, the domain API now understands how to handle
2019-07-15 10:47:25.316831 system-scoped tokens in addition to project-scoped tokens, making the API more
2019-07-15 10:47:25.316834 accessible to users without compromising security or manageability for
2019-07-15 10:47:25.316837 administrators. The new default policies for this API account for these changes
2019-07-15 10:47:25.316840 automatically
2019-07-15 10:47:25.316843 . Either ensure your deployment is ready for the new default or copy/paste the deprecated policy into your policy file and maintain it manually.
2019-07-15 10:47:25.316846 warnings.warn(deprecated_msg)
2019-07-15 10:47:25.316849 \x1b[00m
2019-07-15 10:47:25.132244 2019-07-15 10:47:25.131 22582 WARNING py.warnings [req-0162c9d3-9953-4b2d-9587-6046651033c3 7b0f3387e0f942f3bae75cea0a5766a3 98500c83d03e4ba38aa27a78675d2b1b - default default] /usr/lo
cal/lib/python3.7/site-packages/oslo_policy/policy.py:695: UserWarning: Policy "identity:delete_credential":"rule:admin_required" was deprecated in S in favor of "identity:delete_credential":"(role:admin and sys
tem_scope:all) or user_id:%(target.credential.user_id)s". Reason: As of the Stein release, the credential API now understands how to handle system-scoped tokens in addition to project-scoped tokens, making the A
PI more accessible to users without compromising security or manageability for administrators. The new default policies for this API account for these changes automatically.. Either ensure your deployment is rea
dy for the new default or copy/paste the deprecated policy into your policy file and maintain it manually.
2019-07-15 10:47:25.132262 warnings.warn(deprecated_msg)
2019-07-15 10:47:25.132266 \x1b[00m
2019-07-15 10:47:25.132979 2019-07-15 10:47:25.132 22582 WARNING
This is fresh setup from `master` without any policy configuration, therefore keystone defaults itself triggers the warning.
grep -R 'As of the Stein release' keystone-error.log |wc -l
820
Current master is for `T` , there is no point to have 820 warning (first ~ 10 minute) for using the keystone default.
Please make these warnings less noise .
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1836568/+subscriptions
References
