Comment 0 for bug 1930276

I was modifying the nova policy option in order to allow custom role to execute certain action but it didn't work as planned. After having added my new configuration in the variable "nova_policy_overrides", I've launched the playbook os-nova-install.yml. The execution was successful and I could see my changes in the file /etc/nova/policy.json. Howerver, the access was still forbidden. It was only after having restarted the service nova-api that my changes became active.

To reproduce (on an existing OpenStack installation) :
1) Modify the content of the variable nova_policy_overrides
2) Execute playbook os-nova-install.yml
3) Test the API for which you have updated the rule in step 1) --> Should not work and report that the policy doesn't now allow
4) Restart the service nova-api manually
5) Execute the same test as in step 3) --> Should work this time

Possible fix:
- Restart the nova-api service if a change in the nova policy.json is detected