From 0058f76514e1a0ae4c1938d099c015f307ed1aad Mon Sep 17 00:00:00 2001
From: Ghanshyam Mann <gmann@ghanshyammann.com>
Date: Fri, 9 Aug 2024 11:27:35 -0700
Subject: [PATCH] Remove default override for RBAC config options

RBAC config options enforce_scope and enforce_new_defaults
were disabled by default in oslo.policy and Neutron had to
override the default value to enable those by default. Now
oslo.policy (4.4.0 onwards[1]) changed the default values[2]
and enabled by default for all the services. OpenStack service
does not need to override the default anymore.

NOTE: There is no change in behaviour here, oslo.policy provides the
same configuration that Neutron has overridden till now.

[1] https://review.opendev.org/c/openstack/releases/+/925032
[2] https://review.opendev.org/c/openstack/oslo.policy/+/924283

Depends-On: https://review.opendev.org/c/openstack/requirements/+/925464
Depends-On: https://review.opendev.org/c/openstack/designate/+/925623
Depends-On: https://review.opendev.org/c/openstack/designate/+/927792
Change-Id: Ia46e9a0a4e787a3ba1fe84d69f2018ed4504413d
---
 neutron/policy.py | 8 +++-----
 requirements.txt  | 2 +-
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/neutron/policy.py b/neutron/policy.py
index 1e972147250..79c4307c51a 100644
--- a/neutron/policy.py
+++ b/neutron/policy.py
@@ -52,14 +52,12 @@ _RESOURCE_FOREIGN_KEYS = {
 }
 
 # TODO(slaweq): Remove overriding the default value of config options
-# 'policy_file', 'enforce_scope', and 'enforce_new_defaults' once
-# oslo_policy change their default value to what is overridden here.
+# 'policy_file' once oslo_policy change its default value to what
+# is overridden here.
 DEFAULT_POLICY_FILE = 'policy.yaml'
 opts.set_defaults(
     cfg.CONF,
-    DEFAULT_POLICY_FILE,
-    enforce_scope=True,
-    enforce_new_defaults=True)
+    DEFAULT_POLICY_FILE)
 
 
 def reset():
diff --git a/requirements.txt b/requirements.txt
index 2046e84f43b..90a23e1da00 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -32,7 +32,7 @@ oslo.i18n>=3.20.0 # Apache-2.0
 oslo.log>=5.3.0 # Apache-2.0
 oslo.messaging>=7.0.0 # Apache-2.0
 oslo.middleware>=3.31.0 # Apache-2.0
-oslo.policy>=3.12.0 # Apache-2.0
+oslo.policy>=4.4.0 # Apache-2.0
 oslo.privsep>=2.3.0 # Apache-2.0
 oslo.reports>=1.18.0 # Apache-2.0
 oslo.rootwrap>=5.15.0 # Apache-2.0