c782262842
There were a couple really minor things that needed to be addressed in: https://review.openstack.org/#/c/580331/ This patch addresses those issues. Change-Id: I68d39ef06efef08ed986e6525b13f2d2a09b193c
36 lines
1.7 KiB
YAML
36 lines
1.7 KiB
YAML
---
|
|
features:
|
|
- >
|
|
[`blueprint strict-two-level-model <https://blueprints.launchpad.net/keystone/+spec/strict-two-level-model>`_]
|
|
A new limit enforcement model called `strict_two_level` is added. Change the
|
|
value of the option `[unified_limit]/enforcement_model` to
|
|
`strict_two_level` to enable it.
|
|
|
|
In this [`model <http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/strict-two-level-enforcement-model.html>`_]:
|
|
|
|
1. The project depth is force limited to 2 level.
|
|
2. Any child project's limit can not exceed the parent's.
|
|
|
|
Please ensure that the previous project and limit structure deployment in
|
|
your Keystone won't break this model before starting to use it.
|
|
|
|
If a newly created project results in a project tree depth greater than 2, a
|
|
`403 Forbidden` error will be raised.
|
|
|
|
When try to use this model but the project depth exceed 2 already, Keystone
|
|
process will fail to start. Operators should choose another available model
|
|
to fix the issue first.
|
|
|
|
- >
|
|
[`blueprint strict-two-level-model <https://blueprints.launchpad.net/keystone/+spec/strict-two-level-model>`_]
|
|
The `project_id` filter is added for listing limits. This filter is used
|
|
for system-scoped request only to fetch the specified project limits. Non
|
|
system-scoped request will get empty response body instead.
|
|
|
|
- >
|
|
[`blueprint strict-two-level-model <https://blueprints.launchpad.net/keystone/+spec/strict-two-level-model>`_]
|
|
The `include_limits` filter is added to `GET /v3/projects/{project_id}` API.
|
|
This filter should be used together with `parents_as_list` or
|
|
`subtree_as_list` filter to add parent/sub project's limit information the
|
|
response body.
|