== ENVIRONMENT ==
OS: Ubuntu Focal and Jammy
Openstack: Ussuri and Yoga
Charm revision: 585 and 597
== ISSUE ==
The first time adding a policy override file and enabling policy overrides, they get applied as expected. But if you upload another policy override zip file, you need to make a charm configuration change, like disabling and re-enabling policy overrides, in order for the new policies to be loaded.
== EXPECTED OUTCOME ==
New policy overrides are applied at the time when the override file is attached to the charm.
== OTHER NOTES ==
After step 7, there is no directory for /etc/openstack-dashboard/policy.d/keystone_policy.d/. It does not get generated until the workaround is applied with steps 8 and 9.
== ENVIRONMENT ==
OS: Ubuntu Focal and Jammy
Openstack: Ussuri and Yoga
Charm revision: 585 and 597
== ISSUE ==
The first time adding a policy override file and enabling policy overrides, they get applied as expected. But if you upload another policy override zip file, you need to make a charm configuration change, like disabling and re-enabling policy overrides, in order for the new policies to be loaded.
== EXPECTED OUTCOME ==
New policy overrides are applied at the time when the override file is attached to the charm.
== STEPS TO REPRODUCE ==
On a fresh deployment:
1. mkdir compute && echo '"os_compute_ api:os- extended- server- attributes" : "rule:admin_ or_owner" ' > compute/ attribute- override. yaml override= nova-override. zip override= true
2. zip -r nova-override.zip compute
3. juju attach-resource keystone policyd-
4. juju config openstack-dashboard use-policyd-
# Policies applied as expected, then adding another policy:
5. mkdir identity && echo '"admin_required": "role:Admin or role:cloudadmin"' > identity/ admin-override. yaml override. zip identity override= keystone- override. zip
6. zip -r keystone-
7. juju attach-resource keystone policyd-
# Charm goes into maintenance mode and regenerates endpoint configs, but the change does not take effect.
8. juju config openstack-dashboard use-policyd- override= false override= true
9. juju config openstack-dashboard use-policyd-
# Now the newly added policy gets applied.
== OTHER NOTES == dashboard/ policy. d/keystone_ policy. d/. It does not get generated until the workaround is applied with steps 8 and 9.
After step 7, there is no directory for /etc/openstack-