diff --git a/handlers/main.yml b/handlers/main.yml
index 55ed38b..7e769a5 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -26,22 +26,11 @@
 - "Restart cloudkitty services"
 - "venv changed"
 
-# Note (odyssey4me):
-# The policy.json file is currently read continually by the services
-# and is not only read on service start. We therefore cannot template
-# directly to the file read by the service because the new policies
-# may not be valid until the service restarts. This is particularly
-# important during a major upgrade. We therefore only put the policy
-# file in place after the service has been stopped.
-#
-- name: Copy new policy file into place
- copy:
- src: "/etc/cloudkitty/policy.json-{{ cloudkitty_venv_tag }}"
- dest: "/etc/cloudkitty/policy.json"
- owner: "root"
- group: "{{ cloudkitty_system_group_name }}"
- mode: "0640"
- remote_src: yes
+# NOTE (noonedeadpunk): Remove this task after Xena release
+- name: Remove obsoleted policy.json
+ file:
+ path: "/etc/cloudkitty/policy.json"
+ state: absent
 listen:
 - "Restart cloudkitty services"
 - "venv changed"
diff --git a/tasks/cloudkitty_post_install.yml b/tasks/cloudkitty_post_install.yml
index 86b0988..0db80bd 100644
--- a/tasks/cloudkitty_post_install.yml
+++ b/tasks/cloudkitty_post_install.yml
@@ -33,10 +33,6 @@
 dest: "/etc/cloudkitty/api_paste.ini"
 config_overrides: "{{ cloudkitty_api_paste_ini_overrides }}"
 config_type: "ini"
- - src: "policy.json.j2"
- dest: "/etc/cloudkitty/policy.json-{{ cloudkitty_venv_tag }}"
- config_overrides: "{{ cloudkitty_policy_overrides }}"
- config_type: "json"
 - src: "cloudkitty-metrics.yml.j2"
 dest: "/etc/cloudkitty/metrics.yml"
 config_overrides: "{{ cloudkitty_metrics_overrides }}"
@@ -46,3 +42,27 @@
 - Restart uwsgi services
 tags:
 - cloudkitty-config
+
+- name: Implement policy.yaml if there are overrides configured
+ config_template:
+ dest: "/etc/cloudkitty/policy.yaml"
+ content: "{{ cloudkitty_policy_overrides }}"
+ owner: "{{ cloudkitty_system_user_name }}"
+ group: "{{ cloudkitty_system_group_name }}"
+ mode: "0644"
+ config_type: "yaml"
+ when:
+ - cloudkitty_policy_overrides | length> 0
+ tags:
+ - cloudkitty-policy-override
+ - cloudkitty-config
+
+- name: Remove legacy policy.yaml file
+ file:
+ path: "/etc/cloudkitty/policy.yaml"
+ state: absent
+ when:
+ - cloudkitty_policy_overrides | length == 0
+ tags:
+ - cloudkitty-policy-override
+ - cloudkitty-config
diff --git a/templates/policy.json.j2 b/templates/policy.json.j2
deleted file mode 100644
index 833f989..0000000
--- a/templates/policy.json.j2
+++ /dev/null
@@ -1,22 +0,0 @@
-{
- "context_is_admin": "role:admin",
- "default": "",
-
- "rating:list_modules": "role:admin",
- "rating:get_module": "role:admin",
- "rating:update_module": "role:admin",
- "rating:quote": "",
-
- "report:list_tenants": "role:admin",
- "report:get_total": "",
-
- "collector:list_mappings": "role:admin",
- "collector:get_mapping": "role:admin",
- "collector:manage_mappings": "role:admin",
- "collector:get_state": "role:admin",
- "collector:update_state": "role:admin",
-
- "storage:list_data_frames": "",
-
- "rating:module_config": "role:admin"
-}
</div><div class="naked_ctrl">
<form action="/index.cgi/contrast" method="get" name="gate">
<p><a href="http://altstyle.alfasado.net">AltStyle</a> によって変換されたページ <a href="https://opendev.org/openstack/openstack-ansible-os_cloudkitty/commit/a1f9c741c66a72a151b7c0726646f711ddef7035.diff">(-&gt;オリジナル)</a>
/ <label>アドレス: <input type="text" name="naked_post_url" value="https://opendev.org/openstack/openstack-ansible-os_cloudkitty/commit/a1f9c741c66a72a151b7c0726646f711ddef7035.diff" size="22" /></label> <label>モード: <select name="naked_post_mode">
<option value="default">デフォルト</option>
<option value="speech">音声ブラウザ</option>
<option value="ruby">ルビ付き</option>
<option value="contrast" selected="selected">配色反転</option>
<option value="larger-text">文字拡大</option>
<option value="mobile">モバイル</option>
</select>
<input type="submit" value="表示" />
</p>
</form>
</div>