2e933dceb5
A system-scoped token implies the user has authorization to act on the deployment system. These tokens are useful for interacting with resources that affect the deployment as a whole, or exposes resources that may otherwise violate project or domain isolation. Since Queens, the keystone-manage bootstrap command assigns the admin role to the admin user with system scope, as well as in the admin project. This patch transitions the Keystone admin user from authenticating using project scoped tokens to system scoped tokens. This is a necessary step towards being able to enable the updated oslo policies in services that allow finer grained access to system-level resources and APIs. An etherpad with discussion about the transition to the new oslo service policies is: https://etherpad.opendev.org/p/enabling-system-scope-in-kolla-ansible Change-Id: Ib631e2211682862296cce9ea179f2661c90fa585 Signed-off-by: Niklas Hagman <ubuntu@post.blinkiz.com>
9 lines
398 B
YAML
9 lines
398 B
YAML
---
|
|
features:
|
|
- Transitions to using system-scoped tokens when authenticating as the
|
|
Keystone admin user. This is a necessary step towards being able to
|
|
enable the updated oslo policies in services that allow finer grained
|
|
access to system-level resources and APIs. Since Queens, the admin role
|
|
is assigned to the admin user with system scope as well as in the admin
|
|
project.
|