Comment 0 for bug 2037467

== ENVIRONMENT ==
OS: Ubuntu Focal and Jammy
Openstack: Ussuri and Yoga
Charm revision: 585 and 597

== ISSUE ==
The first time adding a policy override file and enabling policy overrides, they get applied as expected. But if you upload another policy override zip file, you need to make a charm configuration change, like disabling and re-enabling policy overrides, in order for the new policies to be loaded.

== EXPECTED OUTCOME ==
New policy overrides are applied at the time when the override file is attached to the charm.

== STEPS TO REPRODUCE ==
On a fresh deployment:

1. mkdir compute && echo '"os_compute_api:os-extended-server-attributes": "rule:admin_or_owner"' > compute/attribute-override.yaml
2. zip -r nova-override.zip compute
3. juju attach-resource keystone policyd-override=nova-override.zip
4. juju config openstack-dashboard use-policyd-override=true

# Policies applied as expected, then adding another policy:

5. mkdir identity && echo '"admin_required": "role:Admin or role:cloudadmin"' > identity/admin-override.yaml
6. zip -r keystone-override.zip identity
7. juju attach-resource keystone policyd-override=keystone-override.zip

# Charm goes into maintenance mode and regenerates endpoint configs, but the change does not take effect.

8. juju config openstack-dashboard use-policyd-override=false
9. juju config openstack-dashboard use-policyd-override=true

# Now the newly added policy gets applied.

== OTHER NOTES ==
After step 7, there is no directory for /etc/openstack-dashboard/policy.d/keystone_policy.d/. It does not get generated until the workaround is applied with steps 8 and 9.