Keep new RBAC disable by default

oslo.policy has enabled the new RBAC config options
enforce_scope and enforce_new_defaults by default[1][2].

Until Aodh is ready with the new RBAC, we need to continue
disable them by overriding their default values.

NOTE: there is no change in behaviour, aodh continue with the
old RBAC as default.

Needed-By: https://review.opendev.org/c/openstack/requirements/+/925464

[1] https://review.opendev.org/c/openstack/oslo.policy/+/924283
[2] https://review.opendev.org/c/openstack/releases/+/925032

Change-Id: Ifac31d1fc11b44fd6d3d18041f8bacee8287bccf
This commit is contained in:
Ghanshyam Mann 2024-08-01 12:25:45 -07:00
parent f43e903117
commit ab00dac26f
3 changed files with 16 additions and 7 deletions

View File

@ -19,11 +19,17 @@ from pecan import hooks
from aodh.api import policies from aodh.api import policies
# TODO(gmann): Remove setting the default value of config policy_file # TODO(gmann): Remove overriding the default value of config options:
# once oslo_policy change the default value to 'policy.yaml'. # - 'policy_file' once oslo_policy change their default value to what is
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49 # overridden here.
# - 'enforce_scope', and 'enforce_new_defaults' once aodh is ready with the
# new RBAC (oslo_policy enable them by default)
DEFAULT_POLICY_FILE = 'policy.yaml' DEFAULT_POLICY_FILE = 'policy.yaml'
opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE) opts.set_defaults(
cfg.CONF,
DEFAULT_POLICY_FILE,
enforce_scope=False,
enforce_new_defaults=False)
class ConfigHook(hooks.PecanHook): class ConfigHook(hooks.PecanHook):

View File

@ -27,8 +27,11 @@ def set_lib_defaults():
""" """
set_cors_middleware_defaults() set_cors_middleware_defaults()
# Update default value of oslo.policy policy_file config option. # Update default value of oslo.policy policy_file, ,
policy_opts.set_defaults(cfg.CONF, 'policy.yaml') # enforce_scope, and enforce_new_defaults config options.
policy_opts.set_defaults(cfg.CONF, 'policy.yaml',
enforce_scope=False,
enforce_new_defaults=False)
def set_cors_middleware_defaults(): def set_cors_middleware_defaults():

View File

@ -10,7 +10,7 @@ oslo.config>=6.8.0 # Apache-2.0
oslo.i18n>=1.5.0 # Apache-2.0 oslo.i18n>=1.5.0 # Apache-2.0
oslo.log>=4.3.0 # Apache-2.0 oslo.log>=4.3.0 # Apache-2.0
oslo.reports>=1.18.0 # Apache-2.0 oslo.reports>=1.18.0 # Apache-2.0
oslo.policy>=3.7.0 # Apache-2.0 oslo.policy>=3.11.0 # Apache-2.0
oslo.upgradecheck>=1.3.0 # Apache-2.0 oslo.upgradecheck>=1.3.0 # Apache-2.0
PasteDeploy>=1.5.0 PasteDeploy>=1.5.0
pbr>=2.0.0 # Apache-2.0 pbr>=2.0.0 # Apache-2.0