Bug 1678771

Summary: Unable to dump policy using oslopolicy-policy-generator for neutron
Product: Red Hat OpenStack Reporter: Jeremy <jmelvin>
Component: openstack-neutronAssignee: Nate Johnston <njohnston>
Status: CLOSED ERRATA QA Contact: Roee Agiman <ragiman>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 13.0 (Queens)CC: amuller, bhaley, chrisw, fsoppels, jschluet, knoha, mgeary, njohnston, ragiman, scohen, skaplons, ykulkarn
Target Milestone: z7Keywords: Triaged, ZStream
Target Release: 13.0 (Queens)   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: openstack-neutron-12.0.5-12.el7ost Doc Type: Bug Fix
Doc Text:
Previously, the oslopolicy-policy-generator tool changed how it executed policy generation and did not run for neutron. With this update, an enforcer function is added and the oslopolicy-policy-generator tool runs for neutron.
 Story Points: ---
Clone Of: 1678326 Environment:
Last Closed: 2019-07-10 13:01:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jeremy 2019-02-19 14:55:23 UTC 
Description of problem: Seems to be like Bug 1572317 , however this is effecting heat,neutron,glance. Looks like nova, cinder etc were fixed by that bug ; however still a few services don't work.



Version-Release number of selected component (if applicable):

docker exec keystone rpm -qa | grep keystone
openstack-keystone-13.0.1-1.el7ost.noarch

How reproducible:
100%

Actual results:

[root@ops2-rpc-cntl1 tmp]# oslopolicy-policy-generator --namespace neutron
WARNING:stevedore.named:Could not load neutron
Traceback (most recent call last):
  File "/usr/bin/oslopolicy-policy-generator", line 10, in <module>
    sys.exit(generate_policy())
  File "/usr/lib/python2.7/site-packages/oslo_policy/generator.py", line 295, in generate_policy
    _generate_policy(conf.namespace, conf.output_file)
  File "/usr/lib/python2.7/site-packages/oslo_policy/generator.py", line 240, in _generate_policy
    enforcer = _get_enforcer(namespace)
  File "/usr/lib/python2.7/site-packages/oslo_policy/generator.py", line 78, in _get_enforcer
    enforcer = mgr[namespace].obj
  File "/usr/lib/python2.7/site-packages/stevedore/extension.py", line 326, in __getitem__
    return self._extensions_by_name[name]
KeyError: 'neutron'
Comment 1 Nate Johnston 2019-02-27 19:45:32 UTC 
Filed upstream bug 1817953 for this issue.
Comment 2 Nate Johnston 2019-02-27 21:31:50 UTC 
Filed upstream fix for stable/rocky (OSP 14); will backport to 13 once that was fixed.

The reason for the nonstandard process here is that the fix to master was originally a part of a code change to implement the policy-in-code feature.  Policy forbids backporting a feature upstream, so I had to cut it down to just the changes needed for this fix.
Comment 3 Nate Johnston 2019-02-27 21:33:21 UTC 
Oops, shouldn't set this to POST until I have the OSP 13 change
Comment 4 Nate Johnston 2019-04-01 20:44:42 UTC 
Upstream change still waiting for upvotes: https://review.openstack.org/#/c/647595/
Comment 5 Nate Johnston 2019-04-01 20:44:59 UTC 
Upstream change still waiting for upvotes: https://review.openstack.org/#/c/647595/
Comment 6 Brian Haley 2019-04-05 16:34:06 UTC 
Just moving back to ON_DEV since there isn't a stable/queens or OSP 13 change proposed yet, just stable/rocky.
Comment 7 Nate Johnston 2019-04-30 11:24:34 UTC 
In neutron this issue was addressed in upstream queens [1] and rocky [2], and downstream in [3].  OSP 13 fixed-in version has been provided: openstack-neutron-12.0.5-12.el7ost.  This is not an issue in upstream master because the policy code was totally revamped in the Stein cycle as part of the shift to policy-in-code and it does not suffer from this problem.  Waiting on QA.

[1] https://review.openstack.org/#/c/650955
[2] https://review.openstack.org/#/c/647595
[3] https://code.engineering.redhat.com/gerrit/167463
Comment 22 Brent Eagles 2019-06-19 17:02:28 UTC 
*** Bug 1699217 has been marked as a duplicate of this bug. ***
Comment 25 errata-xmlrpc 2019-07-10 13:01:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1744