31 lines
1.5 KiB
YAML
31 lines
1.5 KiB
YAML
---
|
|
features:
|
|
- |
|
|
The Baremetal API, provided by the ironic-api process, now supports use of
|
|
``system`` scoped ``keystone`` authentication for the following endpoints:
|
|
nodes, ports, portgroups, chassis
|
|
upgrade:
|
|
- |
|
|
Deprecated policy rules are not expressed via a default policy file
|
|
generation from the source code. The generated default policy file
|
|
indicates the new default policies with notes on the deprecation
|
|
to which ``oslo.policy`` falls back to, until the
|
|
``[oslo_policy]enforce_scope`` and ``[oslo_policy]enforce_new_defaults``
|
|
have been set to ``True``.
|
|
Please see the `Victoria policy configuration <https://docs.openstack.org/ironic/victoria/configuration/policy.html>`_
|
|
documentation to reference prior policy configuration.
|
|
- |
|
|
Operators are encouraged to move to ``system`` scope based authentication
|
|
by setting ``[oslo_policy]enforce_scope`` and
|
|
``[oslo_policy]enforce_new_defaults``. This requires a migration from
|
|
using an ``admin project`` with the ``baremetal_admin`` and
|
|
``baremetal_observer``. System wide administrators using ``system``
|
|
scoped ``admin`` and ``reader`` accounts superceed the deprecated
|
|
model.
|
|
deprecations:
|
|
- |
|
|
Use of an ``admin project`` with ironic is deprecated. With this the
|
|
custom roles, ``baremetal_admin`` and ``baremetal_observer`` are also
|
|
deprecated. Please migrate to using a ``system`` scoped account with the
|
|
``admin`` and ``reader`` roles, respectively.
|