a48df816cb
This setting policies (RBAC) new defaults and scope to ``True`` by default. Note: This should only merged, after at least a cycle gap to allow operators to adopt new changes. Depends-On: https://review.opendev.org/c/openstack/magnum-tempest-plugin/+/877086 Change-Id: I6db4eaa64e2efd455dc3d37ccc74ebd8e7a5dbb2
22 lines
859 B
YAML
22 lines
859 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
The Magnum service enable the API policies (RBAC) new defaults and scope by
|
|
default. The Default value of config options ``[oslo_policy] enforce_scope``
|
|
and ``[oslo_policy] enforce_new_defaults`` have been changed
|
|
to ``True``.
|
|
|
|
This means if you are using system scope token to access Magnum API then
|
|
the request will be failed with 403 error code. Also, new defaults will be
|
|
enforced by default. To know about the new defaults of each policy
|
|
rule, refer to the `Policy New Defaults Sample File`_.
|
|
|
|
If you want to disable them then modify the below config options value in
|
|
``magnum.conf`` file::
|
|
|
|
[oslo_policy]
|
|
enforce_new_defaults=False
|
|
enforce_scope=False
|
|
|
|
.. _`Policy New Defaults Sample File`: https://docs.openstack.org/magnum/latest/configuration/samples/policy-yaml.html
|