93594c30ec
This commit updates default policies to account for system scope and default roles. This is part of a broader change to provide a consistent and secure authorization experience across OpenStack projects. - Introduces basic/reusable check strings in base.py - Implements secure RBAC for build info API - Implements secure RBAC for the action API - Implements secure RBAC for cloud formations - Implements secure RBAC for events - Implements secure RBAC for the resource API - Implements secure RBAC for the service API - Implements secure RBAC for software configs - Implements secure RBAC for software deployments - Implements secure RBAC for stacks - Adds unit tests for legacy and new secure-rbac policies. Change-Id: Iff1e39481ea3b1f00bd89dba4a00aed30334ecec
16 lines
561 B
YAML
16 lines
561 B
YAML
---
|
|
features:
|
|
- |
|
|
The default policies provided by heat api have been updated to add support
|
|
for default roles and system scope. This is part of a broader community
|
|
effort to support read-only roles and implement secure, consistent default
|
|
policies.
|
|
|
|
Refer to `the Keystone documentation`__ for more information on the reason
|
|
for these changes.
|
|
|
|
__ https://docs.openstack.org/keystone/latest/admin/service-api-protection.html
|
|
deprecations:
|
|
- |
|
|
The old default policy rules have been deprecated for removal in Xena cycle.
|