Unreleased Release Notes¶
4.4.0-5¶
New Features¶
The new
[oslo_policy] remote_timeout
option has been added. This option determines timeout in HTTP(S) requests in REST based policy check. Its default value is 60 seconds.
Upgrade Notes¶
The following options are no longer loaded from the
[DEFAULT]
section. Use the[oslo_policy]
section instead.policy_file
policy_default_rule
policy_dirs
4.4.0¶
Upgrade Notes¶
The default value of config options
enforce_scope
andenforce_new_defaults
have been changed toTrue
.Most of the OpenStack services have enabled these options by default, and now it’s time to change the default in the oslo policy itself.
If you want to disable them, modify the values of these config options in the service configuration file (for example, “nova.conf”):
[oslo_policy] enforce_new_defaults=False enforce_scope=False
Deprecation Notes¶
The
enforce_scope
configuration option was added temporarily to facilitate a smooth transition to the new RBAC. OpenStack will always enforce the scope checks, and they will not be configurable. This configuration option is marked as deprecated and will be removed in the 2025.2 cycle.