diff options
Diffstat (limited to 'releasenotes/notes/enable-enforce-scope-and-new-defaults-1f82a9eb71125f5d.yaml')
-rw-r--r-- | releasenotes/notes/enable-enforce-scope-and-new-defaults-1f82a9eb71125f5d.yaml | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/releasenotes/notes/enable-enforce-scope-and-new-defaults-1f82a9eb71125f5d.yaml b/releasenotes/notes/enable-enforce-scope-and-new-defaults-1f82a9eb71125f5d.yaml new file mode 100644 index 0000000000..5ca899343e --- /dev/null +++ b/releasenotes/notes/enable-enforce-scope-and-new-defaults-1f82a9eb71125f5d.yaml @@ -0,0 +1,25 @@ +--- +upgrade: + - | + The Neutron service enable the API policies (RBAC) new defaults and scope + by default. The Default value of config options + ``[oslo_policy] enforce_scope`` and + ``[oslo_policy] oslo_policy.enforce_new_defaults`` have been changed + to ``True``. + + This means if you are using system scope token to access Neutron API then + the request will be failed with 403 error code. Also, new defaults will be + enforced by default. To know about the new defaults of each policy + rule, refer to the `Policy New Defaults`_. For more detail about + the Neutron API policies changes, refer to `Policy Concepts`_. + + If you want to disable them then modify the below config options value in + ``neutron.conf`` file:: + + [oslo_policy] + enforce_new_defaults=False + enforce_scope=False + + .. _`Policy New Defaults`: https://docs.openstack.org/neutron/latest/configuration/policy.html + .. _`Policy Concepts`: https://docs.openstack.org/neutron/latest/contributor/internals/policy.html + |