Description of problem:
The "network:attach_external_network" policy is being checked in nova-compute rather than in nova-api.

Version-Release number of selected component (if applicable):
Red Hat OpenStack Platform - 13 (RHOSP-13)

How reproducible:
Always

Steps to Reproduce:
policy changes are done on the controller nodes and nova_api handles most of them. But for having "network:attach_external_network" in nova_api will not be enough and we need the policy in nova_compute as well

Only the API process should be doing policy checks.
Someone who wants to override policy for this would have to put a policy.json file on each host, which is certainly problematic.

Actual results:
Policy network:attach_external_network should be set on compute nodes as well and only setting it on controller nodes (nova_api) has no effect

Expected results:
setting policy on controller nodes should be enough

Additional info:
Upstream bug: https://bugs.launchpad.net/nova/+bug/1675486

The workaround for the bug is to have the policy changed on the compute nodes as well.

Also, triple-0 doesn't have the code logic to implement policy changes on the compute nodes. Meaning, " NovaApiPolicies " will only help us put policies in Controller nodes and not compute nodes.