Remove FEATURE_POLICY_AS_CODE_ENABLED flag (#16006)

* remove FEATURE_POLICY_AS_CODE_ENABLED flag

* rename to OpaQueryPathMixin

* add OpaQueryPath docs to awx collection

* bypass test for awx collection

awx/api/serializers.py

@@ -46,9 +46,6 @@ from ansible_base.lib.utils.models import get_type_for_model
 from ansible_base.rbac.models import RoleEvaluation, ObjectRole
 from ansible_base.rbac import permission_registry
 
-# django-flags
-from flags.state import flag_enabled
-
 # AWX
 from awx.main.access import get_user_capabilities
 from awx.main.constants import ACTIVE_STATES, org_role_to_permission
@@ -737,13 +734,10 @@ class EmptySerializer(serializers.Serializer):
     pass
 
 
-class OpaQueryPathEnabledMixin(serializers.Serializer):
+class OpaQueryPathMixin(serializers.Serializer):
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
 
-        if not flag_enabled("FEATURE_POLICY_AS_CODE_ENABLED") and 'opa_query_path' in self.fields:
-            self.fields.pop('opa_query_path')
-
     def validate_opa_query_path(self, value):
         # Decode the URL and re-encode it
         decoded_value = urllib.parse.unquote(value)
@@ -755,7 +749,7 @@ class OpaQueryPathEnabledMixin(serializers.Serializer):
         return value
 
 
-class UnifiedJobTemplateSerializer(BaseSerializer, OpaQueryPathEnabledMixin):
+class UnifiedJobTemplateSerializer(BaseSerializer, OpaQueryPathMixin):
     # As a base serializer, the capabilities prefetch is not used directly,
     # instead they are derived from the Workflow Job Template Serializer and the Job Template Serializer, respectively.
     capabilities_prefetch = []
@@ -1188,7 +1182,7 @@ class UserActivityStreamSerializer(UserSerializer):
         fields = ('*', '-is_system_auditor')
 
 
-class OrganizationSerializer(BaseSerializer, OpaQueryPathEnabledMixin):
+class OrganizationSerializer(BaseSerializer, OpaQueryPathMixin):
     show_capabilities = ['edit', 'delete']
 
     class Meta:
@@ -1547,7 +1541,7 @@ class LabelsListMixin(object):
         return res
 
 
-class InventorySerializer(LabelsListMixin, BaseSerializerWithVariables, OpaQueryPathEnabledMixin):
+class InventorySerializer(LabelsListMixin, BaseSerializerWithVariables, OpaQueryPathMixin):
     show_capabilities = ['edit', 'delete', 'adhoc', 'copy']
     capabilities_prefetch = ['admin', 'adhoc', {'copy': 'organization.inventory_admin'}]
 

awx/main/conf.py

@@ -4,7 +4,6 @@ import logging
 # Django
 from django.core.checks import Error
 from django.utils.translation import gettext_lazy as _
-from django.conf import settings
 
 # Django REST Framework
 from rest_framework import serializers
@@ -975,7 +974,6 @@ def csrf_trusted_origins_validate(serializer, attrs):
 register_validate('system', csrf_trusted_origins_validate)
 
 
-if settings.FEATURE_POLICY_AS_CODE_ENABLED:  # Unable to use flag_enabled due to AppRegistryNotReady error
 register(
     'OPA_HOST',
     field_class=fields.CharField,

awx/main/tasks/policy.py

@@ -8,7 +8,6 @@ from typing import Optional, Union
 
 from django.conf import settings
 from django.utils.translation import gettext_lazy as _
-from flags.state import flag_enabled
 from opa_client import OpaClient
 from opa_client.base import BaseClient
 from requests import HTTPError
@@ -364,9 +363,6 @@ def opa_client(headers=None):
 
 def evaluate_policy(instance):
     # Policy evaluation for Policy as Code feature
-    if not flag_enabled("FEATURE_POLICY_AS_CODE_ENABLED"):
-        return
-
     if not settings.OPA_HOST:
         return
 

awx/main/tests/functional/test_policy.py

@@ -36,11 +36,9 @@ def _parse_exception_message(exception: PolicyEvaluationError):
 
 
 @pytest.fixture(autouse=True)
-def enable_flag():
+def setup_opa_settings():
     with override_settings(
         OPA_HOST='opa.example.com',
-        FLAGS={"FEATURE_POLICY_AS_CODE_ENABLED": [("boolean", True)]},
-        FLAG_SOURCES=('flags.sources.SettingsFlagsSource',),
     ):
         yield
 

awx/settings/defaults.py

@@ -1092,10 +1092,6 @@ INDIRECT_HOST_QUERY_FALLBACK_GIVEUP_DAYS = 3
 # Older records will be cleaned up
 INDIRECT_HOST_AUDIT_RECORD_MAX_AGE_DAYS = 7
 
-
-# setting for Policy as Code feature
-FEATURE_POLICY_AS_CODE_ENABLED = False
-
 OPA_HOST = ''  # The hostname used to connect to the OPA server. If empty, policy enforcement will be disabled.
 OPA_PORT = 8181  # The port used to connect to the OPA server. Defaults to 8181.
 OPA_SSL = False  # Enable or disable the use of SSL to connect to the OPA server. Defaults to false.
@@ -1113,7 +1109,6 @@ OPA_REQUEST_RETRIES = 2  # The number of retry attempts for connecting to the OP
 FLAG_SOURCES = ('flags.sources.SettingsFlagsSource',)
 FLAGS = {
     'FEATURE_INDIRECT_NODE_COUNTING_ENABLED': [{'condition': 'boolean', 'value': False}],
-    'FEATURE_POLICY_AS_CODE_ENABLED': [{'condition': 'boolean', 'value': False}],
     'FEATURE_DISPATCHERD_ENABLED': [{'condition': 'boolean', 'value': False}],
 }
 

awx_collection/test/awx/test_completeness.py

@@ -93,6 +93,9 @@ needs_development = ['inventory_script', 'instance']
 needs_param_development = {
     'host': ['instance_id'],
     'workflow_approval': ['description', 'execution_environment'],
+    'inventory': ['opa_query_path'],
+    'job_template': ['opa_query_path'],
+    'organization': ['opa_query_path'],
 }
 # -----------------------------------------------------------------------------------------------------------