5457be773e
This change is the initial work to support enforcing secure RBAC(SRBAC) feature. The following two changes are made by this change. - The keystone_user_role resource type now supports creating system roles in addition to project roles and domain roles. The following example shows how to assign the "admin" role to the "nova" user for the system scope "all". keystone_user_role{'nova@::::all': ensure => 'present', roles => ['admin'], } - Some defined resource types were updated so that the other puppet modules can define keystone credentials for system scope access instead of project scope access. Note that this change does not update the usage of project scope credentials in each providers, and that should be fixed later to enforce SRBAC completely. Change-Id: Id43eeb31424f04d6969a993704e5a5c175eb1cb0 |
||
---|---|---|
.. | ||
notes | ||
source |