From 18b61a1089d87fb5c35e9a1719cd0530517cc067 Mon Sep 17 00:00:00 2001
From: yangsngshaoxue <yang.shaoxue@99cloud.net>
Date: Fri, 16 Sep 2022 17:41:08 +0800
Subject: [PATCH] fix: Add enforce_new_defaults configuration

Fix barbican policy error

Change-Id: I57ebd29906378a67b5d6fe46ae2c584e0abc2a75
---
 doc/source/configuration/settings.rst |  1 +
 etc/skyline.yaml.sample               |  1 +
 skyline_apiserver/api/v1/policy.py    |  3 +++
 skyline_apiserver/config/openstack.py | 13 +++++++++++++
 4 files changed, 18 insertions(+)

diff --git a/doc/source/configuration/settings.rst b/doc/source/configuration/settings.rst
index a4a100b..49268ef 100644
--- a/doc/source/configuration/settings.rst
+++ b/doc/source/configuration/settings.rst
@@ -27,6 +27,7 @@ file ``skyline.yaml.sample`` in ``etc`` directory.
       base_domains:
       - heat_user_domain
       default_region: RegionOne
+      enforce_new_defaults: true
       extension_mapping:
         floating-ip-port-forwarding: neutron_port_forwarding
         fwaas_v2: neutron_firewall
diff --git a/etc/skyline.yaml.sample b/etc/skyline.yaml.sample
index adf7d85..a4bac97 100644
--- a/etc/skyline.yaml.sample
+++ b/etc/skyline.yaml.sample
@@ -16,6 +16,7 @@ openstack:
   base_domains:
   - heat_user_domain
   default_region: RegionOne
+  enforce_new_defaults: true
   extension_mapping:
     floating-ip-port-forwarding: neutron_port_forwarding
     fwaas_v2: neutron_firewall
diff --git a/skyline_apiserver/api/v1/policy.py b/skyline_apiserver/api/v1/policy.py
index 5591d94..33f9390 100644
--- a/skyline_apiserver/api/v1/policy.py
+++ b/skyline_apiserver/api/v1/policy.py
@@ -25,6 +25,7 @@ from keystoneauth1.exceptions.http import (
 from skyline_apiserver import schemas
 from skyline_apiserver.api import deps
 from skyline_apiserver.client.utils import generate_session, get_access, get_system_scope_access
+from skyline_apiserver.config import CONF
 from skyline_apiserver.log import LOG
 from skyline_apiserver.policy import ENFORCER, UserContext
 
@@ -35,6 +36,8 @@ def _generate_target(profile: schemas.Profile) -> Dict[str, str]:
     return {
         "user_id": profile.user.id,
         "project_id": profile.project.id,
+        # oslo policy
+        "enforce_new_defaults": CONF.openstack.enforce_new_defaults,
         # trove
         "tenant": profile.project.id,
         # keystone
diff --git a/skyline_apiserver/config/openstack.py b/skyline_apiserver/config/openstack.py
index 0439b50..23cdaba 100644
--- a/skyline_apiserver/config/openstack.py
+++ b/skyline_apiserver/config/openstack.py
@@ -152,6 +152,18 @@ reclaim_instance_interval = Opt(
     default=60 * 60 * 24 * 7,
 )
 
+enforce_new_defaults = Opt(
+    name="enforce_new_defaults",
+    description=(
+        "This configuration is associated with `enforce_new_defaults`"
+        "in oslo policy, which you can refer to the oslo policy parameters."
+        "Skyline does not currently support deprecated policy setting, specify"
+        "default:True."
+    ),
+    schema=StrictBool,
+    default=True,
+)
+
 sso_enabled = Opt(
     name="sso_enabled",
     description="enable sso",
@@ -177,6 +189,7 @@ sso_region = Opt(
 
 GROUP_NAME = __name__.split(".")[-1]
 ALL_OPTS = (
+    enforce_new_defaults,
     sso_enabled,
     sso_protocols,
     sso_region,