openstack/kolla-ansible
Code Issues Proposed changes

Disable new defaults and scope for Nova API policies (RBAC)

Browse Source 
Nova changes to RBAC [1] are breaking Kolla Ansible and causing most CI
jobs to fail. Disable these changes until we can adapt.

[1] https://review.opendev.org/c/openstack/nova/+/866218

Change-Id: I506697d2b374e74a6b066c788bd2d61edc8d4876
This commit is contained in:
Pierre Riteau 2023-01-17 16:14:49 +01:00
parent 1aa1cae159
commit 941abf9ec2
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ansible/roles/nova/templates/nova.conf.j2
View File

@ -148,8 +148,11 @@ ssl_ca_file = {{ om_rabbitmq_cacert }}
amqp_durable_queues = true amqp_durable_queues = true
{% endif %} {% endif %}
{% if service_name in nova_services_require_policy_json and nova_policy_file is defined %}
[oslo_policy] [oslo_policy]
# TODO(priteau): Remove enforce_* once secure RBAC is supported
enforce_new_defaults = False
enforce_scope = False
{% if service_name in nova_services_require_policy_json and nova_policy_file is defined %}
policy_file = {{ nova_policy_file }} policy_file = {{ nova_policy_file }}
{% endif %} {% endif %}