Hi, Dnia wtorek, 9 maja 2023 05:44:48 CEST Ghanshyam Mann pisze:
---- On Mon, 08 May 2023 07:46:44 -0700 Slawek Kaplonski wrote ---
Hi,
It's just a heads up that [1] was merged recently and Neutron is using new, secure RBAC policies by default now. If You would see any issues with that, please report bug(s) and let me know.
Thanks Slawek for doing this.
I have one comment for testing of old and new defaults. As 'new defaults are enabled by default' is not yet released, let's continue testing the old defaults as default and continue with single job testing the new defaults. Once 879827 is released (after 2023.2 release), we can switch the testing. That is why devstack does not enable the new defaults as default configuration and after 882518 change, new defaults are not tested anywhere.
I added more details about it in the revert of neutron-tempest-plugin change, please check.
https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/882518
-gmann
-- Slawek Kaplonski Principal Software Engineer Red Hat
Sorry but I don't think I understand reasons of this revert. IIRC switch policies to new ones by default was part of the phase 1 of the community goal and should be finished even in 2023.1 cycle. We didn't made it then and we catch up now (what was discussed during PTG and there wasn't any objections). As part of the switch I proposed patch https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/879828 which proposed new job "neutron-tempest-plugin-openvswitch-enforce-scope-old-defaults" and this new job is testing old policies still. Why do You want us to wait with this switch and revert it now? -- Slawek Kaplonski Principal Software Engineer Red Hat