puppet-ironic/system_scope-all-35a686d082e4b1cc.yaml at 16dd50e03c6f1d905c80fe32d9833d3187aa6fcd - puppet-ironic - OpenDev: Free Software Needs Free Tools

openstack/puppet-ironic

Takashi Kajinami 69df6cf152 Globally support system scope credentials

After spending huge effort to understand the exact requirements to
enforce SRBAC, we learned it's very difficult to find the required
scope in each credential. This requires understanding implementation of
client-side as well as server-side, and requirement might be different
according to the deployment architecture or features used.

Instead of implementing support based on the actual implementation,
this introduces support for system scope credentials to all places
where keystone user credential is defined, and make all credential
configurations consistent.

Change-Id: I180c00bf826387176427a85319cb254713d40924

2022-03-04 01:20:44 +09:00

13 lines

306 B

YAML

Raw Blame History

 ---
 features:
   - |
     The new ``system_scope`` parameter has been added to the following classes.
     - ``ironic::cinder``
     - ``ironic::glance``
     - ``ironic::neutron``
     - ``ironic::service_catalog``
     - ``ironic::swift``
     - ``ironic::inspector::ironic``
     - ``ironic::inspector::swift``