af93169d4d
This change is the first step to support secure RBAC and allows usage of system scope credentials for Keystone API request. This change covers the following three items. - assignment of system scope roles to system user - credential parameters for authtoken middleware - credential parameters for service token feature Note that the credential parameters for authtoken middleware are used in some providers, and these providers still require a project scope credential. This will be fixed by the subsequent change. Depends-on: https://review.opendev.org/804325 Change-Id: Ibd7afcb121b669cf533b077b926637b092e3df19
15 lines
342 B
YAML
15 lines
342 B
YAML
---
|
|
features:
|
|
- |
|
|
The ``nova::keystone::auth`` class now supports the following new
|
|
parameters to define system-scoped roles.
|
|
|
|
- ``system_scope``
|
|
- ``system_roles``
|
|
|
|
- |
|
|
The ``system_scope`` parameter has been added to the following classes.
|
|
|
|
- ``nova::keystone::authtoken``
|
|
- ``nova::keystone::service_user``
|