Add nova-status upgrade check and reno for policy new defaults
There are cases where policy file is re-generated freshly
and end up having the new defaults only but expectation is that
old deprecated rule keep working.
If a rule is present in policy file then, that has priority over
its defaults so either rules should not be present in policy file
or users need to update their token to match the overridden rule
permission.
This issue was always present when any policy defaults were changed
with old defaults being supported as deprecated. This is we have
changed all the policy for new defaults so it came up as broken case.
Adding nova-status upgrade check also to detect such policy file.
Related-Bug: #1875418
Change-Id: Id9cd65877e53577bff22e408ca07bbeec4407f6e
(cherry picked from commit d4af91f349b9d3fe4f840878906032a62b589324)
Reviewed: https:/ /review. opendev. org/725146 /git.openstack. org/cgit/ openstack/ nova/commit/ ?id=dd3cc59ccf8 c963e078359d4b2 7dacf7d54a14ee
Committed: https:/
Submitter: Zuul
Branch: stable/ussuri
commit dd3cc59ccf8c963 e078359d4b27dac f7d54a14ee
Author: Ghanshyam Mann <email address hidden>
Date: Mon Apr 27 13:46:07 2020 -0500
Add nova-status upgrade check and reno for policy new defaults
There are cases where policy file is re-generated freshly
and end up having the new defaults only but expectation is that
old deprecated rule keep working.
If a rule is present in policy file then, that has priority over
its defaults so either rules should not be present in policy file
or users need to update their token to match the overridden rule
permission.
This issue was always present when any policy defaults were changed
with old defaults being supported as deprecated. This is we have
changed all the policy for new defaults so it came up as broken case.
Adding nova-status upgrade check also to detect such policy file.
Related-Bug: #1875418
Change-Id: Id9cd65877e5357 7bff22e408ca07b beec4407f6e e4f840878906032 a62b589324)
(cherry picked from commit d4af91f349b9d3f