Merge "Remove default override for RBAC config options"
This commit is contained in:
commit
e1208abe38
31
.zuul.yaml
31
.zuul.yaml
@ -29,16 +29,6 @@
|
||||
- name: openstack/stevedore
|
||||
- name: openstack/taskflow
|
||||
|
||||
- job:
|
||||
name: glance-tox-functional-py39-rbac-defaults
|
||||
parent: openstack-tox-functional-py39
|
||||
voting: false
|
||||
description: |
|
||||
Glance py39 functional tests with enforce_secure_rbac=True
|
||||
vars:
|
||||
python_version: 3.9
|
||||
tox_envlist: functional-py39-rbac
|
||||
|
||||
- job:
|
||||
name: glance-tox-functional-py312-oslo-tips
|
||||
parent: glance-tox-oslo-tips-base
|
||||
@ -357,8 +347,9 @@
|
||||
glance_store:
|
||||
rbd_thin_provisioning: True
|
||||
|
||||
# TODO(pdeore): Remove this jobs once all the glance jobs will be tested
|
||||
# with new RBAC in integrated way and we do not need this separate job.
|
||||
# TODO(pdeore): Remove this jobs once Cinder enable the RBAC new defaults
|
||||
# by default. All other services including glance enable new defaults by
|
||||
# default.
|
||||
- job:
|
||||
name: tempest-integrated-storage-enforce-scope-new-defaults
|
||||
parent: tempest-integrated-storage
|
||||
@ -373,6 +364,18 @@
|
||||
# Devstack so we do not need to explicitly set that to True.
|
||||
CINDER_ENFORCE_SCOPE: true
|
||||
|
||||
# NOTE(gmann): Remove this job once Glance remove the RBAC old defaults.
|
||||
- job:
|
||||
name: tempest-integrated-storage-rbac-old-defaults
|
||||
parent: tempest-integrated-storage
|
||||
description: |
|
||||
This job runs the Tempest tests with glance RBAC old defaults.
|
||||
timeout: 10800
|
||||
vars:
|
||||
tempest_concurrency: 3
|
||||
devstack_localrc:
|
||||
GLANCE_ENFORCE_SCOPE: false
|
||||
|
||||
- project:
|
||||
templates:
|
||||
- check-requirements
|
||||
@ -387,7 +390,6 @@
|
||||
- openstack-tox-functional-py39
|
||||
- openstack-tox-functional-py310
|
||||
- openstack-tox-functional-py312
|
||||
- glance-tox-functional-py39-rbac-defaults
|
||||
- glance-ceph-thin-provisioning:
|
||||
voting: false
|
||||
irrelevant-files: &tempest-irrelevant-files
|
||||
@ -459,6 +461,7 @@
|
||||
irrelevant-files: *tempest-irrelevant-files
|
||||
- glance-multistore-cinder-import-fips:
|
||||
irrelevant-files: *tempest-irrelevant-files
|
||||
- tempest-integrated-storage-rbac-old-defaults
|
||||
periodic:
|
||||
jobs:
|
||||
# NOTE(rosmaita): we only want the "tips" jobs to be run against
|
||||
@ -503,3 +506,5 @@
|
||||
branches: master
|
||||
- glance-multistore-cinder-import-fips:
|
||||
branches: master
|
||||
- tempest-integrated-storage-rbac-old-defaults:
|
||||
branches: master
|
||||
|
@ -34,14 +34,12 @@ _ENFORCER = None
|
||||
|
||||
|
||||
# TODO(gmann): Remove overriding the default value of config options
|
||||
# 'policy_file', 'enforce_scope', and 'enforce_new_defaults' once
|
||||
# oslo_policy change their default value to what is overridden here.
|
||||
# 'policy_file' once oslo_policy changes its default value to what
|
||||
# is overridden here.
|
||||
DEFAULT_POLICY_FILE = 'policy.yaml'
|
||||
opts.set_defaults(
|
||||
cfg.CONF,
|
||||
DEFAULT_POLICY_FILE,
|
||||
enforce_scope=True,
|
||||
enforce_new_defaults=True)
|
||||
DEFAULT_POLICY_FILE)
|
||||
|
||||
|
||||
class Enforcer(policy.Enforcer):
|
||||
|
@ -35,7 +35,7 @@ oslo.log>=4.5.0 # Apache-2.0
|
||||
oslo.messaging>=5.29.0,!=9.0.0 # Apache-2.0
|
||||
oslo.middleware>=3.31.0 # Apache-2.0
|
||||
oslo.reports>=1.18.0 # Apache-2.0
|
||||
oslo.policy>=3.11.0 # Apache-2.0
|
||||
oslo.policy>=4.4.0 # Apache-2.0
|
||||
|
||||
retrying!=1.3.0,>=1.2.3 # Apache-2.0
|
||||
osprofiler>=1.4.0 # Apache-2.0
|
||||
|
Loading…
x
Reference in New Issue
Block a user