c140a44aeb
When SRBAC is enforced, Keystone allows only system admin to create resources like user, role, role assignment and etc. With this change now each provider uses system scope credential to create resources like user, endpoint and etc. This change also replaces /etc/keystone/puppet.conf by the yaml file for openstackclient(/etc/openstack/puppet/admin-clouds.yaml) This allows us to switch a system scope credential and a project scope credential, and helps us implement a new provider which requires project scope, in the future. Depends-on: https://review.opendev.org/828025 Change-Id: I27eb6b11df593581c94ef0affaf5abb8e333833b
24 lines
654 B
YAML
24 lines
654 B
YAML
---
|
|
upgrades:
|
|
- |
|
|
Now the following resource types require system scope credential instead
|
|
of project scope credential when sending requests to Keystone API.
|
|
|
|
- ``keystone_domain``
|
|
- ``keystone_endpoint``
|
|
- ``keystone_identity_provider``
|
|
- ``keystone_role``
|
|
- ``keystone_service``
|
|
- ``keystone_tenant``
|
|
- ``keystone_user_role``
|
|
- ``keystone_user``
|
|
|
|
- |
|
|
The ``/etc/keystone/puppet.conf`` file has been replaced by
|
|
the ``/etc/openstack/puppet/admin-clouds.yaml`` file.
|
|
|
|
deprecations:
|
|
- |
|
|
The ``keystone_puppet_config`` resource type has been deprecated and will
|
|
be removed in a future release.
|