Merge "Require usage of service_token_roles"

2022-10-05 12:30:26 +00:00 · 2022-10-05 12:30:26 +00:00 · 909a3bbe00
commit 909a3bbe00
parent dac2c00c48 6c396318ed
2 changed files with 8 additions and 3 deletions
--- a/inventory/group_vars/all/keystone.yml
+++ b/inventory/group_vars/all/keystone.yml
@ -40,6 +40,3 @@ keystone_service_publicuri_insecure: False

 keystone_service_publicuri: "{{ keystone_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ keystone_service_port }}"
 keystone_service_publicurl: "{{ keystone_service_publicuri }}/v3"
-
-# NOTE(noonedeadpunk): Drop variable after Y release. Placed for upgrade purposes only
-openstack_service_token_roles_required: False
--- a/releasenotes/notes/service_token_roles_required-5d0dce2878775b23.yaml
+++ b/releasenotes/notes/service_token_roles_required-5d0dce2878775b23.yaml
@ -0,0 +1,8 @@
+---
+upgrade:
+  - |
+    Since Yoga release ``service`` role is being assigned to all service users.
+    Though, service_token_roles_required was set to ``False`` for upgrade
+    purposes. Now ``service_token_roles_required`` is set to ``True`` by
+    default. If you still want to preserve old behaviour, you can define
+    ``openstack_service_token_roles_required: False`` in your user_variables.