b20cc91e6f
As per the revised SRBAC community goals, glance service is now switching to new defaults by default hence removing the deprecated ``enforce_secure_rbac`` option which is no longer needed. The ``enforce_secure_rbac`` option was introduced EXPERIMENTAL in Wallaby release for operators to opt into enforcing authorization based on common RBAC personas. Related blueprint secure-rbac Change-Id: I273527c85d30c1c09c086c73c892aaa6d127df6b
17 lines
617 B
YAML
17 lines
617 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
As per the revised SRBAC community goals, glance service is switching to
|
|
new defaults by default in Antelope cycle, hence removing the deprecated
|
|
``enforce_secure_rbac`` option which is no longer needed.
|
|
The ``enforce_secure_rbac`` option was introduced EXPERIMENTAL in Wallaby
|
|
release for operators to opt into enforcing authorization based on common
|
|
RBAC personas.
|
|
|
|
Now operator can control the scope and new defaults flag with the below
|
|
config options in
|
|
``glance-api.conf`` file::
|
|
|
|
[oslo_policy]
|
|
enforce_new_defaults=True
|
|
enforce_scope=True |