5457be773e
This change is the initial work to support enforcing secure RBAC(SRBAC)
feature. The following two changes are made by this change.
- The keystone_user_role resource type now supports creating system
roles in addition to project roles and domain roles. The following
example shows how to assign the "admin" role to the "nova" user for
the system scope "all".
keystone_user_role{'nova@::::all':
ensure => 'present',
roles => ['admin'],
}
- Some defined resource types were updated so that the other puppet
modules can define keystone credentials for system scope access
instead of project scope access.
Note that this change does not update the usage of project scope
credentials in each providers, and that should be fixed later to
enforce SRBAC completely.
Change-Id: Id43eeb31424f04d6969a993704e5a5c175eb1cb0
12 lines
276 B
YAML
12 lines
276 B
YAML
---
|
|
features:
|
|
- |
|
|
The ``system_scope`` parameter has been added to the following resource
|
|
types.
|
|
|
|
- ``keystone::resource::authtoken``
|
|
- ``keystone::resource::service_user``
|
|
|
|
- |
|
|
The ``keystone_user_role`` resource type supports creating a system role.
|