ironic/releasenotes/notes/add-service-role-support-8e9390769508ca99.yaml
Julia Kreger bad3790e8a Add service role RBAC policy support
This change adds support for the ``service`` role, which is intended
largely for service to service communiation, such as if one wanted to
utilzie a "nova" project, and have an ironic service user within it,
and then configure the ``nova-compute`` service utilizing those credentials.

Or vice versa, an "ironic" project, with a nova user.

In this case, access is exceptionally similar to the rights afforded to
a "project scoped manager" or an "owner-admin".

Change-Id: Ifd098a4567d60c90550afe5236ae2af143b6bac2
2023-01-18 07:59:35 -08:00

14 lines
589 B
YAML

---
features:
- |
Adds support for the ``service`` role, which is intended for service to
service communication, such as for those where ``ironic-inspector``,
``nova-compute``, or ``networking-baremetal`` needs to communicate with
Ironic's API.
upgrade:
- |
Ironic now has support for the ``service`` role, which is available in the
``system`` scope as well as the ``project`` scope. This functionality
is for service to service communication, if desired. Effective access rights
are similar to the ``manager`` or the ``owner`` scoped admin privileges.