From bacb8400942b2ed6b724bdd3d28797896e1054c6 Mon Sep 17 00:00:00 2001
From: Ghanshyam Mann <gmann@ghanshyammann.com>
Date: Wed, 25 Oct 2023 12:52:28 -0700
Subject: [PATCH] Enable NEUTRON_ENFORCE_SCOPE to True by default

Neutron bobcat release has enabled the RBAC new defaults
by default. With the latest release of Neutron have new
defaults enable, we should configure the same by default in
devstack. This change make NEUTRON_ENFORCE_SCOPE flag to
True by default so that every job will run with Neutron
new defaults.

As old defaults are still supported (in deprecated way),
we will keep this flag so that we can have one job disable
it and test the old defaults.

Change-Id: I3361d33885b2e3af7cad0141f9b799b2723ee8a1
---
 lib/neutron | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/neutron b/lib/neutron
index 808043cebe..3628bfc25e 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -92,8 +92,9 @@ NEUTRON_UWSGI_CONF=$NEUTRON_CONF_DIR/neutron-api-uwsgi.ini
 
 # If NEUTRON_ENFORCE_SCOPE == True, it will set "enforce_scope"
 # and "enforce_new_defaults" to True in the Neutron's config to enforce usage
-# of the new RBAC policies and scopes.
-NEUTRON_ENFORCE_SCOPE=$(trueorfalse False NEUTRON_ENFORCE_SCOPE)
+# of the new RBAC policies and scopes. Set it to False if you do not
+# want to run Neutron with new RBAC.
+NEUTRON_ENFORCE_SCOPE=$(trueorfalse True NEUTRON_ENFORCE_SCOPE)
 
 # Agent binaries.  Note, binary paths for other agents are set in per-service
 # scripts in lib/neutron_plugins/services/