The issue can be summed up like this... when nova has asked neutron to create a port in previous releases, it has always used a token with the admin role. Something has gone into newton that has changed this behavior, which has the potential to break users who have customized neutron's policy.json file. Unless there's a very good reason for this change and it is appropriately documented in the release notes so that folks will know to look for and handle this on upgrades, that behavioral change needs to be reverted.
The issue can be summed up like this... when nova has asked neutron to create a port in previous releases, it has always used a token with the admin role. Something has gone into newton that has changed this behavior, which has the potential to break users who have customized neutron's policy.json file. Unless there's a very good reason for this change and it is appropriately documented in the release notes so that folks will know to look for and handle this on upgrades, that behavioral change needs to be reverted.