Keep new RBAC disable by default
oslo.policy has enabled the new RBAC config options enforce_scope and enforce_new_defaults by default[1][2]. Barbican new RBAC was disable by default. To give more time to operator, let's continue the same setting in this release also. Also, there are many test modification is needed for the new RBAC (using the new RBAC default role in tests) - https://ce83b06baa590a9f8123-eae5def07f653ed6fc0c0045180a6a87.ssl.cf2.rackcdn.com/925464/3/check/cross-barbican-py311/86af837/testr_results.html As oslo.policy enable them by default, we override the setting for the Barbican. NOTE: there is no change in behaviour, Barbican continue with the old RBAC as default. ref: https://review.opendev.org/c/openstack/requirements/+/925464 [1] https://review.opendev.org/c/openstack/oslo.policy/+/924283 [2] https://review.opendev.org/c/openstack/releases/+/925032 Change-Id: I8514969e12851d03f3dbee93b040d6c8763ebc5c
This commit is contained in:
parent
f3f104079a
commit
9d641cef18
@ -23,11 +23,17 @@ CONF = config.CONF
|
||||
ENFORCER = None
|
||||
|
||||
|
||||
# TODO(gmann): Remove setting the default value of config policy_file
|
||||
# once oslo_policy change the default value to 'policy.yaml'.
|
||||
# TODO(gmann): Remove setting the default value of config:
|
||||
# - policy_file once oslo_policy change the default value to 'policy.yaml'.
|
||||
# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
|
||||
# - 'enforce_scope', and 'enforce_new_defaults' once barbican is ready with the
|
||||
# new RBAC (oslo_policy enable them by default)
|
||||
DEFAULT_POLICY_FILE = 'policy.yaml'
|
||||
opts.set_defaults(CONF, DEFAULT_POLICY_FILE)
|
||||
opts.set_defaults(
|
||||
CONF,
|
||||
DEFAULT_POLICY_FILE,
|
||||
enforce_scope=False,
|
||||
enforce_new_defaults=False)
|
||||
|
||||
|
||||
def reset():
|
||||
|
@ -10,7 +10,7 @@ oslo.i18n>=3.15.3 # Apache-2.0
|
||||
oslo.messaging>=14.1.0 # Apache-2.0
|
||||
oslo.middleware>=3.31.0 # Apache-2.0
|
||||
oslo.log>=4.3.0 # Apache-2.0
|
||||
oslo.policy>=3.6.0 # Apache-2.0
|
||||
oslo.policy>=3.11.0 # Apache-2.0
|
||||
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
|
||||
oslo.service!=1.28.1,>=1.24.0 # Apache-2.0
|
||||
oslo.upgradecheck>=1.3.0 # Apache-2.0
|
||||
|
Loading…
x
Reference in New Issue
Block a user