diff options
Diffstat (limited to 'releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml')
| -rw-r--r-- | releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml b/releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml new file mode 100644 index 0000000..8ff851f --- /dev/null +++ b/releasenotes/notes/enforce_new_defaults-6ae17d8b8d166a2c.yaml @@ -0,0 +1,11 @@ +features: + - | + A new configuration option ``enforce_new_defaults`` has been + added to the ``[oslo_policy]`` group to control whether or not to + use the old deprecated defaults. If ``True``, the old deprecated + defaults are not going to be evaluated which mean if any existing + token allowed for old defaults but disallowed for new defaults + will be disallowed. It is encouraged to enable this flag along + with ``enforce_scope`` flag so that you can get benefits of new + defaults and ``scope_type`` together. This way operators can switch + to new defaults without overwriting the rule in policy file. |