From fd4c49c1cc4acc1e8a71da196d4e200cb7f5ce79 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Sun, 17 Aug 2025 19:41:30 +0900
Subject: [PATCH] Remove unused policy file

The policy rules in neutron-fwaas namespace is not at all used in any
policy check (actually, no policy check exists in this dashboard atm).

Change-Id: I9794831331379aa95e98d2401f602e7070224ff4
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
---
 devstack/plugin.sh                            |  7 +---
 doc/source/install/index.rst                  | 18 ----------
 etc/neutron-fwaas-policy.json                 | 36 -------------------
 .../local_settings.d/_7000_neutron_fwaas.py   | 16 ---------
 4 files changed, 1 insertion(+), 76 deletions(-)
 delete mode 100644 etc/neutron-fwaas-policy.json
 delete mode 100644 neutron_fwaas_dashboard/local_settings.d/_7000_neutron_fwaas.py

diff --git a/devstack/plugin.sh b/devstack/plugin.sh
index ba088e6..65f8407 100644
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@@ -17,10 +17,6 @@ function configure_neutron_fwaas_dashboard {
         (cd $FWAAS_DASHBOARD_DIR/neutron_fwaas_dashboard; \
          DJANGO_SETTINGS_MODULE=openstack_dashboard.settings $PYTHON ../manage.py compilemessages)
     fi
-    # Add policy file for FWaaS
-    cp $FWAAS_DASHBOARD_DIR/etc/neutron-fwaas-policy.json $OPENSTACK_DASHBOARD_DIR/conf/
-    cp $FWAAS_DASHBOARD_DIR/neutron_fwaas_dashboard/local_settings.d/_7000_neutron_fwaas.py \
-        $OPENSTACK_DASHBOARD_DIR/local/local_settings.d/
 }
 
 # check for service enabled
@@ -58,7 +54,6 @@ if is_service_enabled neutron-fwaas-dashboard; then
     if [[ "$1" == "clean"  ]]; then
         # Remove state and transient data
         # Remember clean.sh first calls unstack.sh
-        rm -f $OPENSTACK_DASHBOARD_DIR/local/local_settings.d/_7000_neutron_fwaas.py*
-        rm -f $OPENSTACK_DASHBOARD_DIR/conf/neutron-fwaas-policy.json
+        :
     fi
 fi
diff --git a/doc/source/install/index.rst b/doc/source/install/index.rst
index 8de2cf5..766b9c3 100644
--- a/doc/source/install/index.rst
+++ b/doc/source/install/index.rst
@@ -60,24 +60,6 @@ Enable the horizon plugin.
    <https://docs.openstack.org/horizon/latest/configuration/pluggable_panels.html>`__
    in the horizon documentation.
 
-Configure the policy file for Neutron FWaaS dashboard
-in OpenStack Dashboard ``local_settings.py``.
-``<fwaas-dashboard-config-dir>`` is a directory which contains
-configurations for Neutron FWaaS dashboard and the location varies
-across distributions or deployments.
-
-.. code-block:: python
-
-   POLICY_FILES['neutron-fwaas'] = '<fwaas-dashboard-config-dir>/etc/neutron-fwaas-policy.yaml'
-
-.. note::
-
-   If you do not configure ``POLICY_FILES`` in your ``local_settings.py``,
-   you also need to define the default ``POLICY_FILES`` in
-   ``local_settings.py``. If you use the example ``local_settings.py`` file
-   from horizon, what you need is to uncomment ``POLICY_FILES`` (which contains
-   the default values).
-
 Compile the message catalogs of Neutron FWaaS dashboard.
 
 .. code-block:: console
diff --git a/etc/neutron-fwaas-policy.json b/etc/neutron-fwaas-policy.json
deleted file mode 100644
index ecd00ab..0000000
--- a/etc/neutron-fwaas-policy.json
+++ /dev/null
@@ -1,36 +0,0 @@
-{
-    "context_is_admin":  "role:admin",
-    "owner": "tenant_id:%(tenant_id)s",
-    "admin_or_owner": "rule:context_is_admin or rule:owner",
-    "admin_only": "rule:context_is_admin",
-    "shared_firewalls": "field:firewalls:shared=True",
-    "shared_firewall_policies": "field:firewall_policies:shared=True",
-    "default": "rule:admin_or_owner",
-
-    "create_firewall": "",
-    "get_firewall": "rule:admin_or_owner",
-    "create_firewall:shared": "rule:admin_only",
-    "get_firewall:shared": "rule:admin_only",
-    "update_firewall": "rule:admin_or_owner",
-    "update_firewall:shared": "rule:admin_only",
-    "delete_firewall": "rule:admin_or_owner",
-
-    "create_firewall_policy": "",
-    "get_firewall_policy": "rule:admin_or_owner or rule:shared_firewall_policies",
-    "update_firewall_policy": "rule:admin_or_owner",
-    "delete_firewall_policy": "rule:admin_or_owner",
-    "create_firewall_policy:shared": "rule:admin_only",
-    "update_firewall_policy:shared": "rule:admin_only",
-    "delete_firewall_policy:shared": "rule:admin_only",
-
-    "insert_rule": "rule:admin_or_owner",
-    "remove_rule": "rule:admin_or_owner",
-
-    "create_firewall_rule": "",
-    "get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
-    "update_firewall_rule": "rule:admin_or_owner",
-    "delete_firewall_rule": "rule:admin_or_owner",
-    "create_firewall_rule:shared": "rule:admin_only",
-    "update_firewall_rule:shared": "rule:admin_only",
-    "delete_firewall_rule:shared": "rule:admin_only"
-}
diff --git a/neutron_fwaas_dashboard/local_settings.d/_7000_neutron_fwaas.py b/neutron_fwaas_dashboard/local_settings.d/_7000_neutron_fwaas.py
deleted file mode 100644
index 5ddb37f..0000000
--- a/neutron_fwaas_dashboard/local_settings.d/_7000_neutron_fwaas.py
+++ /dev/null
@@ -1,16 +0,0 @@
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from django.conf import settings
-
-
-settings.POLICY_FILES['neutron-fwaas'] = 'neutron-fwaas-policy.json'