0256c26d21
This change is the first step to support secure RBAC and allows usage of system scope credentials for Keystone API request. This change covers the following three items. - assignment of system scope roles to system user - credential parameters for authtoken middleware - credential parameters for service token feature Note that the credential parameters for authtoken middleware are used in some providers, and these providers still require a project scope credential. This will be fixed by the subsequent change. Depends-on: https://review.opendev.org/804325 Change-Id: I33f912aeb058fd269d4a0eda57438051a2f094ff
17 lines
400 B
YAML
17 lines
400 B
YAML
---
|
|
features:
|
|
- |
|
|
The ``cinder::keystone::auth`` class now supports the following new
|
|
parameters to define system-scoped roles.
|
|
|
|
- ``system_scope``
|
|
- ``system_roles``
|
|
- ``system_scope_v3``
|
|
- ``system_roles_v3``
|
|
|
|
- |
|
|
The ``system_scope`` parameter has been added to the following classes.
|
|
|
|
- ``cinder::keystone::authtoken``
|
|
- ``cinder::keystone::service_user``
|