Revert upsteam oslo enforce-scope changes

Upsteam has changed the default scope oslo_policy enforcement values
to True which has impacted deployments on Epoxy. This change reverts
that change. Note that this fix is valid for Epoxy only and will
not apply from 2025.2 onwards when the option is deprecated.

Change-Id: Ib65639503e2fe2caaafe7812e000c3d2aa82667c

templates/epoxy/keystone.conf

@@ -0,0 +1,140 @@
+# epoxy
+###############################################################################
+# [ WARNING ]
+# Configuration file maintained by Juju. Local changes may be overwritten.
+###############################################################################
+[DEFAULT]
+use_syslog = {{ use_syslog }}
+log_config_append = {{ log_config }}
+debug = {{ debug }}
+public_endpoint = {{ public_endpoint }}
+admin_endpoint = {{ admin_endpoint }}
+
+[database]
+{% if database_host -%}
+connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
+{% else -%}
+connection = sqlite:////var/lib/keystone/keystone.db
+{% endif -%}
+connection_recycle_time = 200
+
+[identity]
+driver = {{ identity_backend }}
+{% if identity_cache_expiration -%}
+cache_time = {{ identity_cache_expiration }}
+{% endif -%}
+{% if default_domain_id -%}
+default_domain_id = {{ default_domain_id }}
+{% endif -%}
+
+{% if api_version == 3 -%}
+domain_specific_drivers_enabled = True
+domain_config_dir = {{ domain_config_dir }}
+{% endif -%}
+
+[credential]
+driver = sql
+auth_ttl = {{ ec2_auth_ttl }}
+
+[trust]
+driver = sql
+
+[catalog]
+cache_time = {{ catalog_cache_expiration }}
+driver = sql
+
+{% if role_cache_expiration -%}
+[role]
+cache_time = {{ role_cache_expiration }}
+{% endif -%}
+
+[endpoint_filter]
+
+[token]
+expiration = {{ token_expiration }}
+
+[fernet_tokens]
+max_active_keys = {{ fernet_max_active_keys }}
+
+{% include "parts/section-signing" %}
+
+[cache]
+enabled = {{ enable_cache }}
+{% if memcache_url %}
+backend = oslo_cache.memcache_pool
+memcache_servers = {{ memcache_url }}
+expiration_time = {{ dogpile_cache_expiration }}
+{% endif %}
+
+[policy]
+driver = sql
+
+[assignment]
+driver = {{ assignment_backend }}
+
+[auth]
+methods = {{ auth_methods }}
+
+[paste_deploy]
+config_file = {{ paste_config_file }}
+
+[extra_headers]
+Distribution = Ubuntu
+
+[ldap]
+{% if identity_backend == 'ldap' -%}
+url = {{ ldap_server }}
+user = {{ ldap_user }}
+password = {{ ldap_password }}
+suffix = {{ ldap_suffix }}
+
+{% if ldap_config_flags -%}
+{% for key, value in ldap_config_flags.iteritems() -%}
+{{ key }} = {{ value }}
+{% endfor -%}
+{% endif -%}
+
+{% if ldap_readonly -%}
+user_allow_create = False
+user_allow_update = False
+user_allow_delete = False
+
+tenant_allow_create = False
+tenant_allow_update = False
+tenant_allow_delete = False
+
+role_allow_create = False
+role_allow_update = False
+role_allow_delete = False
+
+group_allow_create = False
+group_allow_update = False
+group_allow_delete = False
+{% endif -%}
+{% endif -%}
+
+{% if api_version == 3 %}
+[resource]
+admin_project_domain_name = {{ admin_domain_name }}
+admin_project_name = admin
+{% endif -%}
+
+{% if password_security_compliance %}
+[security_compliance]
+{% for k, v in password_security_compliance.items() -%}
+{{ k }} = {{ v }}
+{% endfor -%}
+{% endif -%}
+
+[oslo_policy]
+# Note: Needed for Epoxy but due to be deprecated in the future.
+enforce_scope = False
+enforce_new_defaults = False
+
+{% include "parts/section-federation" %}
+
+{% include "section-oslo-middleware" %}
+# This goes in the section above, selectively
+# Bug #1819134
+max_request_body_size = 114688
+