Merge "trivial: Fix policy scope restriction for automated cleaning"

ironic/common/policy.py

@@ -1002,7 +1002,7 @@ node_policies = [
     policy.DocumentedRuleDefault(
         name='baremetal:node:disable_cleaning',
         check_str=SYSTEM_ADMIN,
-        scope_types=['system'],
+        scope_types=['system', 'project'],
         description='Disable Node disk cleaning',
         operations=[
             {'path': '/nodes/{node_ident}', 'method': 'PATCH'}

releasenotes/notes/change-scope-restriction-automated-clean-2f9f82058b5bad87.yaml

@@ -0,0 +1,8 @@
+---
+fixes:
+  - |
+    Fixes the policy scope checking for the RBAC Policy
+    ``baremetal:node:disable_cleaning``, which previously
+    restricted to ``system`` user scope. The scope restriction
+    has been revised to permit ``project`` scoped matching,
+    but the default RBAC policy has not been revised.