diff options
author | Zuul <zuul@review.opendev.org> | 2023-01-16 23:49:43 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2023-01-16 23:49:43 +0000 |
commit | 07d1da2fa9008720af5db8930f71515a60780317 (patch) | |
tree | 1743e9628afda2c2aa8c197409dab48a5bdba426 /releasenotes | |
parent | 06c878ee4ed96e0332af2d26b648dfeeb1e45227 (diff) | |
parent | d97af33c0639b548f8a66ab14019259e9b4210be (diff) | |
download | nova-07d1da2fa9008720af5db8930f71515a60780317.tar.gz |
Merge "Enable new defaults and scope checks by default"
Diffstat (limited to 'releasenotes')
-rw-r--r-- | releasenotes/notes/enable-enforce-scope-and-new-defaults-14db8c75b263b599.yaml | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/releasenotes/notes/enable-enforce-scope-and-new-defaults-14db8c75b263b599.yaml b/releasenotes/notes/enable-enforce-scope-and-new-defaults-14db8c75b263b599.yaml new file mode 100644 index 0000000000..72a6f861b6 --- /dev/null +++ b/releasenotes/notes/enable-enforce-scope-and-new-defaults-14db8c75b263b599.yaml @@ -0,0 +1,23 @@ +--- +upgrade: + - | + The Nova service enable the API policies (RBAC) new defaults and scope by + default. The Default value of config options ``[oslo_policy] enforce_scope`` + and ``[oslo_policy] oslo_policy.enforce_new_defaults`` have been changed + to ``True``. + + This means if you are using system scope token to access Nova API then + the request will be failed with 403 error code. Also, new defaults will be + enforced by default. To know about the new defaults of each policy + rule, refer to the `Policy New Defaults`_. For more detail about the Nova + API policies changes, refer to `Policy Concepts`_. + + If you want to disable them then modify the below config options value in + ``nova.conf`` file:: + + [oslo_policy] + enforce_new_defaults=False + enforce_scope=False + + .. _`Policy New Defaults`: https://docs.openstack.org/nova/latest/configuration/policy.html + .. _`Policy Concepts`: https://docs.openstack.org/nova/latest/configuration/policy-concepts.html |