← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1875418] Re: Generated policy.json in Ussuri is broken by default

 

That is correct what you wrote above. But tricky part here is generated
policy.json from 'oslopolicy-sample-generator' tool without deprecated
rules is right thing or wrong. Because it can be seen as one of the
valid usgae for deployer who want to switch to new defaults. The only
way for them till ussuri(till we introduced new flag in oslo) is to
overwrite the policy file with new default (which is what 'oslopolicy-
sample-generator 'generate).

If we add arg option in 'oslopolicy-sample-generator ' to add a
deprecated rule (say --add-deprecated-rules) that also should not be
default and deployer need to change the usage of that tool to pass the
new arg. Opinion ?  also other challenge is we need to check with Oslo
team if that can be done now for ussuri. adding oslo also as an affected
project.

Also, what we are missing here is this bug actually -
https://bugs.launchpad.net/oslo.policy/+bug/1853170

** Also affects: oslo.policy
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1875418

Title:
  Generated policy.json in Ussuri is broken by default

Status in OpenStack Compute (nova):
  In Progress
Status in oslo.policy:
  New

Bug description:
  Looks like the generated policy.json is broken by default and can't be
  used by operators as-is, as it doesn't include the deprecated options
  which are unfortunately needed for it to work.

  With the default policy.json as generated by the nova namespace, the
  admin user can't even do simple things like:

  - openstack flavor create
  - openstack hypervisor list

  and probably many more...

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1875418/+subscriptions


References