88673f1e94
Adds policy scope based RBAC handling for the allocations endpoing which enables admins to create allocations if they have baremetal nodes which are available to them. Change-Id: I60e273afaf344fded9bdb8c4c8e143efc9971fc1
14 lines
698 B
YAML
14 lines
698 B
YAML
---
|
|
security:
|
|
- |
|
|
Ability to create an allocation has been restricted by a new policy rule
|
|
``baremetal::allocation::create_pre_rbac`` which prevents creation of
|
|
allocations by any project administrator when operating with the new
|
|
Role Based Access Control model. The use and enforcement of this
|
|
rule is disabled when ``[oslo_policy]enforce_new_defaults`` is set which
|
|
also makes the population of a ``owner`` field for allocations to
|
|
become automatically populated. Most deployments should not encounter any
|
|
issues with this security change, and the policy rule will be removed
|
|
when support for the legacy ``baremetal_admin`` custom role has been
|
|
removed.
|