Add nova-status upgrade check and reno for policy new defaults
There are cases where policy file is re-generated freshly
and end up having the new defaults only but expectation is that
old deprecated rule keep working.
If a rule is present in policy file then, that has priority over
its defaults so either rules should not be present in policy file
or users need to update their token to match the overridden rule
permission.
This issue was always present when any policy defaults were changed
with old defaults being supported as deprecated. This is we have
changed all the policy for new defaults so it came up as broken case.
Adding nova-status upgrade check also to detect such policy file.
Reviewed: https:/ /review. opendev. org/723645 /git.openstack. org/cgit/ openstack/ nova/commit/ ?id=d4af91f349b 9d3fe4f84087890 6032a62b589324
Committed: https:/
Submitter: Zuul
Branch: master
commit d4af91f349b9d3f e4f840878906032 a62b589324
Author: Ghanshyam Mann <email address hidden>
Date: Mon Apr 27 13:46:07 2020 -0500
Add nova-status upgrade check and reno for policy new defaults
There are cases where policy file is re-generated freshly
and end up having the new defaults only but expectation is that
old deprecated rule keep working.
If a rule is present in policy file then, that has priority over
its defaults so either rules should not be present in policy file
or users need to update their token to match the overridden rule
permission.
This issue was always present when any policy defaults were changed
with old defaults being supported as deprecated. This is we have
changed all the policy for new defaults so it came up as broken case.
Adding nova-status upgrade check also to detect such policy file.
Related-Bug: #1875418
Change-Id: Id9cd65877e5357 7bff22e408ca07b beec4407f6e