da28046944
In the previous cycle, the ``--immutable-roles`` option was added to the bootstrap command as an optional way to opt-in to making the default roles immutable. Following step 4 of the spec[1], we now make that behavior the default and additionally offer a way to opt out of it. [1] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/train/immutable-resources.html#proposed-change Change-Id: I6b680efb2c87c1d7559ddcc989bbce68456b9a5f Closes-Bug: #1823258
11 lines
487 B
YAML
11 lines
487 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
[`bug 1823258 <https://bugs.launchpad.net/keystone/+bug/1823258>`_]
|
|
The ``keystone-manage bootstrap`` command now defaults to making the
|
|
default roles (`admin`, `member`, and `reader`) immutable. This has the
|
|
consequence that if the bootstrap command is re-run on an existing
|
|
deployment, those roles will become immutable if they were not before. To
|
|
opt out of this behavior, add the ``--no-immutable-roles`` flag to the
|
|
bootstrap command.
|