Thanks @Dmitriy for sharing the policy.yaml. I can see couple of issues. So based on shared policy yaml i see horizon shipping outdated service policies, so marking that also as impacted project. Like it missing changes like https://github.com/openstack/neutron/commit/67a9f46d808f2d9c455358d447030c01dc0a7308 i.e to move deprecated_since/reason to deprecated_rule object and due to this it's resulting into no deprecated/since and reason set. Can see same warnings in CI job logs https://fcf352194bafe0ac2be3-5801c3a60c72a21e2ebc15b30ef597e5.ssl.cf1.rackcdn.com/935854/2/check/horizon- dsvm-tempest-plugin-ubuntu- jammy/2499156/controller/logs/apache/horizon_error_log.txt.
Also if you using some deployment tool, then likely some fixes need in that as well to copy/generate policies correctly. For neutron we marking the rule as default and also marking as deprecated in master branch, like for create_subnetpool:shared https://github.com/openstack/neutron/blob/0c29e730db2629c084de0c114a0d1e8e6939ac25/neutron/conf/policies/subnetpool.py#L70-L86. policy.DocumentedRuleDefault( name='create_subnetpool:shared', check_str=base.ADMIN, scope_types=['project'], description='Create a shared subnetpool', operations=[ { 'method': 'POST', 'path': COLLECTION_PATH, }, ], deprecated_rule=policy.DeprecatedRule( name='create_subnetpool:shared', check_str=neutron_policy.RULE_ADMIN_ONLY, deprecated_reason=DEPRECATED_REASON, deprecated_since=versionutils.deprecated.WALLABY) ), as both neutron_policy.RULE_ADMIN_ONLY and base.ADMIN equivalent to 'rule:admin_only'[1][2] Will ask Slawek to take a look as he have more ideas on the secure rbac move. [1] https://github.com/openstack/neutron-lib/blob/master/neutron_lib/policy/__init__.py#L23C1-L23C36 [2] https://github.com/openstack/neutron/blob/0c29e730db2629c084de0c114a0d1e8e6939ac25/neutron/conf/policies/base.py#L23 ** Also affects: horizon Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/2092657 Title: DeprecationWarning: create_subnetpool Status in OpenStack Dashboard (Horizon): New Status in neutron: New Bug description: OpenStack 2024.2 Dalmatian AlmaLinux 9.5 64 bit [Sat Dec 28 12:22:23.615623 2024] [wsgi:error] [pid 1635414:tid 1635550] [remote 10.101.14.143:65398] /usr/lib/python3.9/site- packages/oslo_policy/policy.py:1592: DeprecationWarning: create_subnetpool:shared deprecated without deprecated_reason or deprecated_since. This will be an error in a future release To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/2092657/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
