From 3f6507d851d25cf570f332091d1cb8b5bc71550a Mon Sep 17 00:00:00 2001
From: Ghanshyam Mann <gmann@ghanshyammann.com>
Date: Thu, 5 Sep 2024 12:44:34 -0700
Subject: [PATCH] Remove default override for RBAC config options

RBAC config options enforce_scope and enforce_new_defaults
were disabled by default in oslo.policy and Ironic had to override
the default value to enable those by default. Now oslo.policy
(4.4.0 onwards[1]) changed the default values[2][3] and enabled
by default for all the services. OpenStack service does not need
to override the default anymore.

NOTE: There is no change in behaviour here, oslo.policy provides the
same configuration that Ironic has overridden till now.

[1] https://review.opendev.org/c/openstack/releases/+/925032
[2] https://review.opendev.org/c/openstack/oslo.policy/+/924283
[3] https://review.opendev.org/c/openstack/requirements/+/925464

Change-Id: I280ae374048b16f1d27a55b09a4d7729de43f469
---
 ironic/common/policy.py | 12 ++++++------
 requirements.txt        |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/ironic/common/policy.py b/ironic/common/policy.py
index f45b23ab8b..ea890c73ba 100644
--- a/ironic/common/policy.py
+++ b/ironic/common/policy.py
@@ -32,13 +32,13 @@ CONF = cfg.CONF
 LOG = log.getLogger(__name__)
 
 
-# TODO(gmann): Remove setting the default value of config policy_file
-# once oslo_policy change the default value to 'policy.yaml'.
-# https://github.com/openstack/oslo.policy/blob/a626ad12fe5a3abd49d70e3e5b95589d279ab578/oslo_policy/opts.py#L49
+# TODO(gmann): Remove overriding the default value of config options
+# 'policy_file' once oslo_policy change its default value to what
+# is overridden here.
 DEFAULT_POLICY_FILE = 'policy.yaml'
-opts.set_defaults(cfg.CONF, DEFAULT_POLICY_FILE,
-                  enforce_scope=True,
-                  enforce_new_defaults=True)
+opts.set_defaults(
+    cfg.CONF,
+    DEFAULT_POLICY_FILE)
 
 # Generic policy check string for system administrators. These are the people
 # who need the highest level of authorization to operate the deployment.
diff --git a/requirements.txt b/requirements.txt
index 7773d6e40e..25f9d4c49c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -19,7 +19,7 @@ oslo.db>=9.1.0 # Apache-2.0
 oslo.rootwrap>=5.8.0 # Apache-2.0
 oslo.log>=4.3.0 # Apache-2.0
 oslo.middleware>=3.31.0 # Apache-2.0
-oslo.policy>=3.7.0 # Apache-2.0
+oslo.policy>=4.4.0 # Apache-2.0
 oslo.serialization>=2.25.0 # Apache-2.0
 oslo.service>=1.24.0 # Apache-2.0
 oslo.upgradecheck>=1.3.0 # Apache-2.0