Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / 864f4d1ef05e3e539d3537fa4c8d731df9571c9d^2..864f4d1ef05e3e539d3537fa4c8d731df9571c9d / .
commit864f4d1ef05e3e539d3537fa4c8d731df9571c9d[log] [tgz]
authorZuul <zuul@review.opendev.org>Mon Jan 16 22:24:28 2023 +0000
committerGerrit Code Review <review@openstack.org>Mon Jan 16 22:24:28 2023 +0000
tree0eea76c7d00d638eab4829d053b0e7ab873b35f0
parent69d71cfdf9c24d48fbea366714f4595cbd120723 [diff]
parent7fecba2f135f16204050b627bb850a87aa597bad [diff]
Merge "[OVN] Ensure socket files are absent in init_ovn"
diff --git a/lib/cinder b/lib/cinder
index bf2fe50..2424f92 100644
--- a/lib/cinder
+++ b/lib/cinder

@@ -411,6 +411,9 @@
     if [[ "$CINDER_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
         iniset $CINDER_CONF oslo_policy enforce_scope true
         iniset $CINDER_CONF oslo_policy enforce_new_defaults true
+    else
+        iniset $CINDER_CONF oslo_policy enforce_scope false
+        iniset $CINDER_CONF oslo_policy enforce_new_defaults false
     fi
 }
 

diff --git a/lib/glance b/lib/glance
index ba98f41..041acaf 100644
--- a/lib/glance
+++ b/lib/glance

@@ -436,6 +436,10 @@
         iniset $GLANCE_API_CONF oslo_policy enforce_scope true
         iniset $GLANCE_API_CONF oslo_policy enforce_new_defaults true
         iniset $GLANCE_API_CONF DEFAULT enforce_secure_rbac true
+    else
+        iniset $GLANCE_API_CONF oslo_policy enforce_scope false
+        iniset $GLANCE_API_CONF oslo_policy enforce_new_defaults false
+        iniset $GLANCE_API_CONF DEFAULT enforce_secure_rbac false
     fi
 }
 

diff --git a/lib/keystone b/lib/keystone
index 80a136f..6cb4aac 100644
--- a/lib/keystone
+++ b/lib/keystone

@@ -265,10 +265,15 @@
         iniset $KEYSTONE_CONF security_compliance lockout_duration $KEYSTONE_LOCKOUT_DURATION
         iniset $KEYSTONE_CONF security_compliance unique_last_password_count $KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT
     fi
+
+    iniset $KEYSTONE_CONF oslo_policy policy_file policy.yaml
+
     if [[ "$KEYSTONE_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
         iniset $KEYSTONE_CONF oslo_policy enforce_scope true
         iniset $KEYSTONE_CONF oslo_policy enforce_new_defaults true
-        iniset $KEYSTONE_CONF oslo_policy policy_file policy.yaml
+    else
+        iniset $KEYSTONE_CONF oslo_policy enforce_scope false
+        iniset $KEYSTONE_CONF oslo_policy enforce_new_defaults false
     fi
 }
 

diff --git a/lib/nova b/lib/nova
index 14eb8fc..3aa6b9e 100644
--- a/lib/nova
+++ b/lib/nova

@@ -490,6 +490,9 @@
         if [[ "$NOVA_ENFORCE_SCOPE" == "True" || "$ENFORCE_SCOPE" == "True" ]]; then
             iniset $NOVA_CONF oslo_policy enforce_new_defaults True
             iniset $NOVA_CONF oslo_policy enforce_scope True
+        else
+            iniset $NOVA_CONF oslo_policy enforce_new_defaults False
+            iniset $NOVA_CONF oslo_policy enforce_scope False
         fi
         if is_service_enabled tls-proxy && [ "$NOVA_USE_MOD_WSGI" == "False" ]; then
             # Set the service port for a proxy to take the original

diff --git a/lib/placement b/lib/placement
index bc22c56..c6bf99f 100644
--- a/lib/placement
+++ b/lib/placement

@@ -120,6 +120,9 @@
     if [[ "$PLACEMENT_ENFORCE_SCOPE" == "True" || "$ENFORCE_SCOPE" == "True" ]]; then
         iniset $PLACEMENT_CONF oslo_policy enforce_new_defaults True
         iniset $PLACEMENT_CONF oslo_policy enforce_scope True
+    else
+        iniset $PLACEMENT_CONF oslo_policy enforce_new_defaults False
+        iniset $PLACEMENT_CONF oslo_policy enforce_scope False
     fi
 }