kolla-ansible/ansible/roles/ironic
Niklas Hagman 2e933dceb5 Transition Keystone admin user to system scope
A system-scoped token implies the user has authorization to act on the
deployment system. These tokens are useful for interacting with
resources that affect the deployment as a whole, or exposes resources
that may otherwise violate project or domain isolation.

Since Queens, the keystone-manage bootstrap command assigns the admin
role to the admin user with system scope, as well as in the admin
project. This patch transitions the Keystone admin user from
authenticating using project scoped tokens to system scoped tokens.
This is a necessary step towards being able to enable the updated oslo
policies in services that allow finer grained access to system-level
resources and APIs.

An etherpad with discussion about the transition to the new oslo
service policies is:

https://etherpad.opendev.org/p/enabling-system-scope-in-kolla-ansible

Change-Id: Ib631e2211682862296cce9ea179f2661c90fa585
Signed-off-by: Niklas Hagman <ubuntu@post.blinkiz.com>
2021-09-28 09:45:06 -07:00
..
defaults Extra var ironic_enable_keystone_integration added. 2021-08-06 17:58:48 +03:00
handlers Use Docker healthchecks for ironic services 2021-03-08 14:18:03 +00:00
tasks Merge "ironic: Follow up for ironic_enable_keystone_integration" 2021-08-11 09:50:58 +00:00
templates Transition Keystone admin user to system scope 2021-09-28 09:45:06 -07:00