openstack/kolla-ansible
Code Issues Proposed changes
448209459d
kolla-ansible/releasenotes/notes/ironic-rbac-elevated-6804dab4061ab236.yaml
Bartosz Bezak 121aa3d258 Ironic: enable elevated access for project scoped service role 
Ironic recently started to enforce new policies and scope [1].
And Ironic is one of the sole openstack project which need
system scope for some admin related api calls [2].
However Ironic also started to allow project-scope behaviour
for service role with setting
``rbac_service_role_elevated_access``[3] [4]. This change enables
this setting to get similar behaviour of service role as other
openstack projects.

[1] https://review.opendev.org/c/openstack/ironic/+/902009
[2] e2a47de10a/goals/selected/consistent-and-secure-rbac.rst (L261)
[3] https://review.opendev.org/c/openstack/ironic/+/907148
[4] 8ec5606622/releasenotes/notes/service-project-service-role-fix-e4d1a8c23856926a.yaml

Related-Bug: #2051837

Change-Id: If8d7cf1663145d0398a2e936486e2b316d4df5e0
2024-02-15 15:04:06 +01:00

13 lines
521 B
YAML
Raw Blame History

---
features:
- |
Enable elevated access for project scoped service role
in Ironic. Ironic recently started to enforce new policies
and scope. And Ironic is one of the sole openstack project
which need system scope for some admin related api calls.
However Ironic also started to allow project-scope behaviour
for service role with setting
``rbac_service_role_elevated_access``. This change enables
this setting to get similar behaviour of service role as other
openstack projects.
View Git Blame Copy Permalink