Hi Ghanshyam,

I am involved in some projects (Blazar and CloudKitty) which to my knowledge have not received any patches related to these changes. Is this oslo.policy requirement change likely to break our projects?

Thanks,

Pierre Riteau (priteau)

On Fri, 30 Aug 2024 at 23:48, Ghanshyam Mann <gmann@ghanshyammann.com> wrote:

Hi All,

You might have seen some fixes and testing changes on your project to test the oslo.policy 4.4.0. oslo.policy
4.4.0 enables the RBAC new defaults by default, which means those will be enabled for all the OpenStack services
unless they have disabled them by overriding the default value. It enables both enforce_scope as well enforce_new_defaults.

The requirement change[1] adds the oslo.policy 4.4.0 in upper-constraints which will enable the latest oslo.policy
in upstream CI. Along with jobs failing on requirement change, I tested more integration jobs and fixing the failures[2].

Most of the fixes have been merged, and a few of them are up for review. Below is the list of fixes up for review,
please merge them before the requirement change is merged. If there is something else I missed to test and failed,
let me know on IRC or here.

In-progress fixes:

- Horizon:
- https://review.opendev.org/c/openstack/horizon/+/927571
- Tacker:
- https://review.opendev.org/c/openstack/tacker/+/926089/5
- Neutron + Designates job (making it non-voting until we figure out the root cause):
- https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/927648
- Octavia (Michael is working on more modifications on this ):
- https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/926867

[1] https://review.opendev.org/c/openstack/requirements/+/925464
[2] https://review.opendev.org/q/topic:%22secure-rbac%22+owner:gmann@ghanshyammann.com+-age:6week

-gmann