openstack/bifrost
Code Issues Proposed changes
bifrost/releasenotes/notes/fix-keystone-usage-with-newer-ironic-2f226975226f45ea.yaml
Dmitry Tantsur 9bf1fde62a fix keystone auth scope 
Fixes bifrost so it utilizes:
* The admin role, instead of the long deprecated baremetal_admin
  role.
* Utilizes system scope and admin scoped access where needed
  for during installation self-test commands to execute
  as expected.
* The user utilized for inspector's keystone access
  now utilizes the "admin" role instead of the
  baremetal_admin role.

Closes-Bug: 2051168
Change-Id: I090520547846a7a8d85bd032a52d6da039761186
2024-01-24 13:02:24 -08:00

11 lines
493 B
YAML
Raw Blame History

---
fixes:
- |
Fixes Bifrost's creation of accounts and Keystone account usage to align
with the newer role based access control within Ironic. Ironic deprecated
the legacy access policy, which utilized custom roles ``baremetal_admin``
and ``baremetal_observer`` in the Wallaby release of OpenStack, and
Bifrost now utilizes a mix of a project scoped and system scoped
``admin`` accounts with Keystone to facilitate authentication
and authorization to resources.
View Git Blame Copy Permalink