In order to execute tempest we need the following configuration
at > policy.yml << EOF
"create_port:binding:profile": "rule:admin_or_network_owner"
"get_port:binding:profile": "rule:admin_or_network_owner"
"update_port:binding:profile": "rule:admin_or_network_owner"
"create_network:provider:network_type": "rule:regular_user"
"get_network:provider:network_type": "rule:regular_user"
"update_network:provider:network_type": "rule:regular_user"
"create_network:provider:physical_network": "rule:regular_user"
"get_network:provider:physical_network": "rule:regular_user"
"update_network:provider:physical_network": "rule:regular_user"
"create_network:provider:segmentation_id": "rule:regular_user"
"get_network:provider:segmentation_id": "rule:regular_user"
"update_network:provider:segmentation_id": "rule:regular_user"
EOF
oc -n openstack create configmap neutron-policy --from-file=policy.yaml

oc patch openstackcontrolplane openstack-galera-network-isolation --type=merge --patch '
spec:
neutron:
template:
customServiceConfig: |
[oslo_policy]
policy_file=/etc/neutron/policy.d/policy.yaml
extraMounts:

• name: v1
  region: r1
  extraVol:
• propagation:
• NeutronAPI
  extraVolType: Policy
  volumes:
• name: neutron-policy
  configMap:
  name: neutron-policy
  mounts:
• name: neutron-policy
  mountPath: /etc/neutron/policy.d
  readOnly: true
  '