Hi, As I said the fix works in Yoga and Antelope in the sense that it allows to run successfully "oslopolicy-policy-generator --namespace magnum" but I am not completely convinced the output is really the policy used... It looks as an old style policy: I said this because it makes no use of any role:reader or role:member and I found it surprising when all the other services do. Looking at what was done in get_enforcer for other services like Neutron, I saw it was passing the command line options received (after some massaging) to cfg.CONF(). Neutron mentions the trick as coming from Nova. Not sure if it is has any impact but it also works, I let you decide! BTW, if you want to apply the fix on an existing installation without rebuilding Magnum, the setup.cfg change must be applied (translation is easy) to the entry_points.txt in magnum-xxx-egg-info/ folder under python site-packages. Best regards, Michel Le 06/06/2024 à 18:23, Ghanshyam Mann a écrit :
---- On Wed, 05 Jun 2024 14:37:50 -0700 Michel Jouvin wrote ---
I confirm it works well on Antelope. Thanks!
perfect, once it merged on master, I will backport it to stable branches including Antelope.
-gmann
Michel
Le 05/06/2024 à 21:46, Michel Jouvin a écrit : Hi, Thanks for quick follow-up and for the fix I'll test it tomorrow! Michel Sent from my mobile Le 5 juin 2024 20:53:40 Ghanshyam Mann a écrit : ---- On Wed, 05 Jun 2024 10:06:34 -0700 Michel Jouvin wrote --- Hi, I'd like to see the default Magnum (Oslo) policy used with Magnum. With other services, I use oslopolicy-policy-generator and use the service name as the namespace but for Magnum, "--namespace magnum" returns an error saying that there is no "magnum" namespace. Does anybody know what is the namespace to use with Magnum? Or how to display the currently active policy, preferably in YAML format? Thanks for reporting it. This is a bug in Magnum, I have reported it in LP[1] and proposed the fix (tested that and it worked). Basically, Magnum is missing the entry point for solo policy enforcer and oslo.policy generator tool is not able to recognize the magnum namespace. Below is the fix which can be backported to old branches also: - https://review.opendev.org/c/openstack/magnum/+/921408
[1] https://bugs.launchpad.net/magnum/+bug/2068519 -gmann
Thanks in advance. Cheers, Michel