puppet-nova/system_scope-all-3d705c45620c2959.yaml at f8bde51891354083ae389a447ce946c38ea29aa5 - puppet-nova - OpenDev: Free Software Needs Free Tools

openstack/puppet-nova

Takashi Kajinami 48cd95a59b Globally support system scope credentials

After spending huge effort to understand the exact requirements to
enforce SRBAC, we learned it's very difficult to find the required
scope in each credential. This requires understanding implementation of
client-side as well as server-side, and requirement might be different
according to the deployment architecture or features used.

Instead of implementing support based on the actual implementation,
this introduces support for system scope credentials to all places
where keystone user credential is defined, and make all credential
configurations consistent.

Change-Id: I99eb7f368d68e393685041d20cd9adfb8f10eecb

2022-03-04 08:25:26 +09:00

13 lines

303 B

YAML

Raw Blame History

 ---
 features:
   - |
     The new ``system_scope`` parameter has been added to the following classes.
     - ``nova::cinder``
     - ``nova::ironic::common``
     - ``nova::metadata::novajoin::api``
   - |
     The new ``nova::vendordata::vendordata_dynamic_auth_system_scope``
     parameter has been added.