keystone/releasenotes/notes/bp-strict-two-level-model.yaml

36 lines
1.7 KiB
YAML

---
features:
- >
[`blueprint strict-two-level-model <https://blueprints.launchpad.net/keystone/+spec/strict-two-level-model>`_]
A new limit enforcement model called `strict_two_level` is added. Change the
value of the option `[unified_limit]/enforcement_model` to
`strict_two_level` to enable it.
In this [`model <http://specs.openstack.org/openstack/keystone-specs/specs/keystone/rocky/strict-two-level-enforcement-model.html>`_]:
1. The project depth is force limited to 2 level.
2. Any child project's limit can not exceed the parent's.
Please ensure that the previous project and limit structure deployment in
your Keystone won't break this model before starting to use it.
If a newly created project results in a project tree depth greater than 2, a
`403 Forbidden` error will be raised.
When try to use this model but the project depth exceed 2 already, Keystone
process will fail to start. Operators should choose another available model
to fix the issue first.
- >
[`blueprint strict-two-level-model <https://blueprints.launchpad.net/keystone/+spec/strict-two-level-model>`_]
The `project_id` filter is added for listing limits. This filter is used
for system-scoped request only to fetch the specified project limits. Non
system-scoped request will get empty response body instead.
- >
[`blueprint strict-two-level-model <https://blueprints.launchpad.net/keystone/+spec/strict-two-level-model>`_]
The `include_limits` filter is added to `GET /v3/projects/{project_id}` API.
This filter should be used together with `parents_as_list` or
`subtree_as_list` filter to add parent/sub project's limit information the
response body.