Enable NEUTRON_ENFORCE_SCOPE to True by default

Neutron bobcat release has enabled the RBAC new defaults by default. With the latest release of Neutron have new defaults enable, we should configure the same by default in devstack. This change make NEUTRON_ENFORCE_SCOPE flag to True by default so that every job will run with Neutron new defaults. As old defaults are still supported (in deprecated way), we will keep this flag so that we can have one job disable it and test the old defaults. Change-Id: I3361d33885b2e3af7cad0141f9b799b2723ee8a1
2023-10-25 12:52:28 -07:00 · 2023-10-25 12:52:28 -07:00 · bacb840094
parent 29e73a2155
commit bacb840094
1 changed files with 3 additions and 2 deletions
--- a/lib/neutron
+++ b/lib/neutron
@ -92,8 +92,9 @@ NEUTRON_UWSGI_CONF=$NEUTRON_CONF_DIR/neutron-api-uwsgi.ini

 # If NEUTRON_ENFORCE_SCOPE == True, it will set "enforce_scope"
 # and "enforce_new_defaults" to True in the Neutron's config to enforce usage
-# of the new RBAC policies and scopes.
-NEUTRON_ENFORCE_SCOPE=$(trueorfalse False NEUTRON_ENFORCE_SCOPE)
+# of the new RBAC policies and scopes. Set it to False if you do not
+# want to run Neutron with new RBAC.
+NEUTRON_ENFORCE_SCOPE=$(trueorfalse True NEUTRON_ENFORCE_SCOPE)

 # Agent binaries.  Note, binary paths for other agents are set in per-service
 # scripts in lib/neutron_plugins/services/