5971243169
The Magnum service allow enables policies (RBAC) new defaults and scope by default. The Default value of config options ``[oslo_policy] enforce_scope`` and ``[oslo_policy] oslo_policy.enforce_new_defaults`` are both to ``False``, but will change to ``True`` in following cycles. To enable them then modify the below config options value in ``magnum.conf`` file:: [oslo_policy] enforce_new_defaults=True enforce_scope=True reference tc goal for more detail: https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html Related blueprint secure-rbac Change-Id: I249942a355577c4f1ef51b3988f0cc4979959d0b
14 lines
416 B
YAML
14 lines
416 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
The Magnum service now allows enables policies (RBAC) new defaults
|
|
and scope checks. These are controlled by the following (default) config
|
|
options in ``magnum.conf`` file::
|
|
|
|
[oslo_policy]
|
|
enforce_new_defaults=False
|
|
enforce_scope=False
|
|
|
|
We will change the default to True in 2024.1 (Caracal) cycle.
|
|
If you want to enable them then modify both values to True.
|