On Mon, 2022-03-07 at 10:26 +0000, Alex Kavanagh wrote:
> This sounds like the policy change issue that came in in wallaby:
> https://docs.openstack.org/releasenotes/octavia/wallaby.html,
> particularly the bit:
>
> "Legacy Octavia Advanced RBAC policies will continue to function as
> before as long as the [oslo_policy] enforce_scope = False and
> enforce_new_defaults = False settings are present (this is the
> current
> oslo.policy default). However, we highly recommend you update your
> user
> roles to follow the new keystone default roles and start using scoped
> tokens as appropriate. See the Octavia Policies administration guide
> for
> more information."
I came through this, but I moved on from due to the bit "this is the
current oslo.policy default", I'm deploying a focal-victoria cloud to
check if the test passes, if it does, I will definitively circle back
to this and explicitly set these keys to false in octavia.conf.
On Mon, 2022-03-07 at 10:26 +0000, Alex Kavanagh wrote: /docs.openstack .org/releasenot es/octavia/ wallaby. html, new_defaults = False settings are present (this is the
> This sounds like the policy change issue that came in in wallaby:
> https:/
> particularly the bit:
>
> "Legacy Octavia Advanced RBAC policies will continue to function as
> before as long as the [oslo_policy] enforce_scope = False and
> enforce_
> current
> oslo.policy default). However, we highly recommend you update your
> user
> roles to follow the new keystone default roles and start using scoped
> tokens as appropriate. See the Octavia Policies administration guide
> for
> more information."
I came through this, but I moved on from due to the bit "this is the
current oslo.policy default", I'm deploying a focal-victoria cloud to
check if the test passes, if it does, I will definitively circle back
to this and explicitly set these keys to false in octavia.conf.