Correct the old deprecated policies removal timeline for SLURP release

In vPTG (bobcat), we discussed about removal of old deprecated rules and we should have at least one SLURP release between we enable the new defaults by default and remove the old rules. For example, if new rules are enabled in B(non SLURP) then removal should not be done in C (SLURP) so that SLURP upgrade can notice the new rules enable for at least one SLURP release. - https://etherpad.opendev.org/p/rbac-2023.2-ptg#L36 Change-Id: I2cc408c4c7b8b147217b2f11697d36e58017db91
2023-04-12 14:42:59 -05:00 · 2023-04-12 14:42:59 -05:00 · f0a23fb1bf
parent 0e4eaca37c
commit f0a23fb1bf
1 changed files with 5 additions and 2 deletions
--- a/goals/selected/consistent-and-secure-rbac.rst
+++ b/goals/selected/consistent-and-secure-rbac.rst
@ -802,8 +802,11 @@ of project-member.
 ^^^^^^^^^^^^^^^^^^^^^^^

 #. Any service that implemented `Phase 1`_ in 2023.1 and enabled
-   ``enforce_secure_defaults`` in 2023.2 release can remove deprecated policies
-   used to implement `Phase 1`_.
+   ``enforce_secure_defaults`` in the 2023.2 release (non SLURP) needs to
+   keep the old deprecated policies for the 2024.1 release (SLURP) also and
+   can remove them after that. The Idea here is to have at least one SLURP
+   release between the point when the new defaults are enabled and the
+   old policies are removed.

 #. Remove the oslo.policy ``enforce_scope`` config flag