Merge "Revert "[S-RBAC] Switch to new policies by default""

commit: af7b561fa96baccb413ab9db40422e7af9b4f6a3 [log] [tgz]
author: Zuul <zuul@review.opendev.org> Tue May 09 08:33:55 2023 +0000
committer: Gerrit Code Review <review@openstack.org> Tue May 09 08:33:55 2023 +0000
tree: 290236754b164c7a47f77fc126d07d98fe69ce9f
parent: 99bef6227f8ca7f7e9f4896ce2b60d74a0ddf9f3 [diff]
parent: 2f1856baf89618c799d0956c95335f3b47460b52 [diff]
diff --git a/zuul.d/master_jobs.yaml b/zuul.d/master_jobs.yaml
index 66b61da..6ff76be 100644
--- a/zuul.d/master_jobs.yaml
+++ b/zuul.d/master_jobs.yaml

@@ -409,15 +409,20 @@
       - ^zuul.d/(?!(project)).*\.yaml
 
 - job:
-    name: neutron-tempest-plugin-openvswitch-enforce-scope-old-defaults
+    name: neutron-tempest-plugin-openvswitch-enforce-scope-new-defaults
     parent: neutron-tempest-plugin-openvswitch
     vars:
       devstack_localrc:
-        # Disabling the scope and new defaults for services to use old,
-        # deprecated policies
-        NOVA_ENFORCE_SCOPE: false
-        GLANCE_ENFORCE_SCOPE: false
-        NEUTRON_ENFORCE_SCOPE: false
+        # Enabeling the scope and new defaults for services.
+        # NOTE: (gmann) We need to keep keystone scope check disable as
+        # services (except ironic) does not support the system scope and
+        # they need keystone to continue working with project scope. Until
+        # Keystone policies are changed to work for both system as well as
+        # for project scoped, we need to keep scope check disable for
+        # keystone.
+        NOVA_ENFORCE_SCOPE: true
+        GLANCE_ENFORCE_SCOPE: true
+        NEUTRON_ENFORCE_SCOPE: true
 
 
 # TODO(slaweq): remove that job's definition as soon as new job

diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index d1d9717..2347c1b 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml

@@ -5,7 +5,7 @@
         - neutron-tempest-plugin-linuxbridge
         - neutron-tempest-plugin-openvswitch
         - neutron-tempest-plugin-openvswitch-iptables_hybrid
-        - neutron-tempest-plugin-openvswitch-enforce-scope-old-defaults
+        - neutron-tempest-plugin-openvswitch-enforce-scope-new-defaults
         - neutron-tempest-plugin-ovn
         - neutron-tempest-plugin-designate-scenario
     gate:
@@ -14,7 +14,7 @@
         - neutron-tempest-plugin-openvswitch
         - neutron-tempest-plugin-ovn
         - neutron-tempest-plugin-openvswitch-iptables_hybrid
-        - neutron-tempest-plugin-openvswitch-enforce-scope-old-defaults
+        - neutron-tempest-plugin-openvswitch-enforce-scope-new-defaults
     #TODO(slaweq): Move neutron-tempest-plugin-dvr-multinode-scenario out of
     #              the experimental queue when it will be more stable
     experimental:
commit	af7b561fa96baccb413ab9db40422e7af9b4f6a3	[log] [tgz]
author	Zuul <zuul@review.opendev.org>	Tue May 09 08:33:55 2023 +0000
committer	Gerrit Code Review <review@openstack.org>	Tue May 09 08:33:55 2023 +0000
tree	290236754b164c7a47f77fc126d07d98fe69ce9f
parent	99bef6227f8ca7f7e9f4896ce2b60d74a0ddf9f3 [diff]
parent	2f1856baf89618c799d0956c95335f3b47460b52 [diff]