Pasting the diff here as well (formatting may not be great):
--- /tmp/policy.yaml 2022-08-29 16:54:11.582341611 +0000
+++ /etc/placement/policy.yaml 2021-10-07 15:21:07.000000000 +0000
@@ -16,16 +16,7 @@
# Placement API policies are introducing new default roles with
# scope_type capabilities. Old policies are deprecated and silently
# going to be ignored in the placement 6.0.0 (Xena) release.
-# WARNING: A rule name change has been identified.
-# This may be an artifact of new rules being
-# included which require legacy fallback
-# rules to ensure proper policy behavior.
-# Alternatively, this may just be an alias.
-# Please evaluate on a case by case basis
-# keeping in mind the format for aliased
-# rules is:
-# "old_rule_name": "new_rule_name".
-# "rule:admin_api": "rule:system_admin_api"
+"rule:admin_api": "rule:system_admin_api"
# Default rule for System level read only APIs.
#"system_reader_api": "role:reader and system_scope:all"
@@ -36,16 +27,7 @@
# Placement API policies are introducing new default roles with
# scope_type capabilities. Old policies are deprecated and silently
# going to be ignored in the placement 6.0.0 (Xena) release.
-# WARNING: A rule name change has been identified.
-# This may be an artifact of new rules being
-# included which require legacy fallback
-# rules to ensure proper policy behavior.
-# Alternatively, this may just be an alias.
-# Please evaluate on a case by case basis
-# keeping in mind the format for aliased
-# rules is:
-# "old_rule_name": "new_rule_name".
-# "rule:admin_api": "rule:system_reader_api"
+"rule:admin_api": "rule:system_reader_api"
# Default rule for Project level read only APIs.
#"project_reader_api": "role:reader and project_id:%(project_id)s"
@@ -56,16 +38,7 @@
# Placement API policies are introducing new default roles with
# scope_type capabilities. Old policies are deprecated and silently
# going to be ignored in the placement 6.0.0 (Xena) release.
-# WARNING: A rule name change has been identified.
-# This may be an artifact of new rules being
-# included which require legacy fallback
-# rules to ensure proper policy behavior.
-# Alternatively, this may just be an alias.
-# Please evaluate on a case by case basis
-# keeping in mind the format for aliased
-# rules is:
-# "old_rule_name": "new_rule_name".
-# "rule:admin_api": "rule:project_reader_api"
+"rule:admin_api": "rule:project_reader_api"
# Default rule for System+Project read only APIs.
#"system_or_project_reader": "rule:system_reader_api or rule:project_reader_api"
@@ -77,16 +50,7 @@
# Placement API policies are introducing new default roles with
# scope_type capabilities. Old policies are deprecated and silently
# going to be ignored in the placement 6.0.0 (Xena) release.
-# WARNING: A rule name change has been identified.
-# This may be an artifact of new rules being
-# included which require legacy fallback
-# rules to ensure proper policy behavior.
-# Alternatively, this may just be an alias.
-# Please evaluate on a case by case basis
-# keeping in mind the format for aliased
-# rules is:
-# "old_rule_name": "new_rule_name".
-# "rule:admin_api": "rule:system_or_project_reader"
+"rule:admin_api": "rule:system_or_project_reader"
# List resource providers.
# GET /resource_providers
@@ -254,3 +218,4 @@
# POST /reshaper
# Intended scope(s): system
#"placement:reshaper:reshape": "rule:system_admin_api"
+
The policy.yaml documented here differs from what is generated with 'tox -e genpolicy': /docs.openstack .org/placement/ latest/ configuration/ sample- policy. html
https:/
The version on the web has all policy commented out. This feels like it is not a package issue at this point.
Here is the diff: https:/ /paste. ubuntu. com/p/BVPMzMNwk J/
Pasting the diff here as well (formatting may not be great):
--- /tmp/policy.yaml 2022-08-29 16:54:11.582341611 +0000 policy. yaml 2021-10-07 15:21:07.000000000 +0000 admin_api" admin_api"
+++ /etc/placement/
@@ -16,16 +16,7 @@
# Placement API policies are introducing new default roles with
# scope_type capabilities. Old policies are deprecated and silently
# going to be ignored in the placement 6.0.0 (Xena) release.
-# WARNING: A rule name change has been identified.
-# This may be an artifact of new rules being
-# included which require legacy fallback
-# rules to ensure proper policy behavior.
-# Alternatively, this may just be an alias.
-# Please evaluate on a case by case basis
-# keeping in mind the format for aliased
-# rules is:
-# "old_rule_name": "new_rule_name".
-# "rule:admin_api": "rule:system_
+"rule:admin_api": "rule:system_
# Default rule for System level read only APIs. reader_ api": "role:reader and system_scope:all" reader_ api" reader_ api"
#"system_
@@ -36,16 +27,7 @@
# Placement API policies are introducing new default roles with
# scope_type capabilities. Old policies are deprecated and silently
# going to be ignored in the placement 6.0.0 (Xena) release.
-# WARNING: A rule name change has been identified.
-# This may be an artifact of new rules being
-# included which require legacy fallback
-# rules to ensure proper policy behavior.
-# Alternatively, this may just be an alias.
-# Please evaluate on a case by case basis
-# keeping in mind the format for aliased
-# rules is:
-# "old_rule_name": "new_rule_name".
-# "rule:admin_api": "rule:system_
+"rule:admin_api": "rule:system_
# Default rule for Project level read only APIs. reader_ api": "role:reader and project_ id:%(project_ id)s" reader_ api" reader_ api"
#"project_
@@ -56,16 +38,7 @@
# Placement API policies are introducing new default roles with
# scope_type capabilities. Old policies are deprecated and silently
# going to be ignored in the placement 6.0.0 (Xena) release.
-# WARNING: A rule name change has been identified.
-# This may be an artifact of new rules being
-# included which require legacy fallback
-# rules to ensure proper policy behavior.
-# Alternatively, this may just be an alias.
-# Please evaluate on a case by case basis
-# keeping in mind the format for aliased
-# rules is:
-# "old_rule_name": "new_rule_name".
-# "rule:admin_api": "rule:project_
+"rule:admin_api": "rule:project_
# Default rule for System+Project read only APIs. or_project_ reader" : "rule:system_ reader_ api or rule:project_ reader_ api" or_project_ reader" or_project_ reader"
#"system_
@@ -77,16 +50,7 @@
# Placement API policies are introducing new default roles with
# scope_type capabilities. Old policies are deprecated and silently
# going to be ignored in the placement 6.0.0 (Xena) release.
-# WARNING: A rule name change has been identified.
-# This may be an artifact of new rules being
-# included which require legacy fallback
-# rules to ensure proper policy behavior.
-# Alternatively, this may just be an alias.
-# Please evaluate on a case by case basis
-# keeping in mind the format for aliased
-# rules is:
-# "old_rule_name": "new_rule_name".
-# "rule:admin_api": "rule:system_
+"rule:admin_api": "rule:system_
# List resource providers. reshaper: reshape" : "rule:system_ admin_api"
# GET /resource_providers
@@ -254,3 +218,4 @@
# POST /reshaper
# Intended scope(s): system
#"placement:
+