Merge "Support project personas in cinder"
This commit is contained in:
commit
51941d3ba6
@ -105,6 +105,14 @@ parameters:
|
|||||||
type: string
|
type: string
|
||||||
description: The password for the nova service and db account
|
description: The password for the nova service and db account
|
||||||
hidden: true
|
hidden: true
|
||||||
|
CinderPolicyEnforceNewDefaults:
|
||||||
|
default: false
|
||||||
|
description: Set to True to disable cinder's deprecated default policies.
|
||||||
|
Doing so causes cinder's default policies to enforce the
|
||||||
|
project based personas associated with secure RBAC. This
|
||||||
|
parameter will be deprecated in favor of a global EnforceSecureRbac
|
||||||
|
parameter after cinder adds support for system scoped policies.
|
||||||
|
type: boolean
|
||||||
|
|
||||||
outputs:
|
outputs:
|
||||||
role_data:
|
role_data:
|
||||||
@ -161,3 +169,4 @@ outputs:
|
|||||||
cinder::nova::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
cinder::nova::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
|
||||||
cinder::nova::password: {get_param: NovaPassword}
|
cinder::nova::password: {get_param: NovaPassword}
|
||||||
cinder::nova::region_name: {get_param: KeystoneRegion}
|
cinder::nova::region_name: {get_param: KeystoneRegion}
|
||||||
|
cinder::policy::enforce_new_defaults: {get_param: CinderPolicyEnforceNewDefaults}
|
||||||
|
@ -0,0 +1,9 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
A new ``CinderPolicyEnforceNewDefaults`` parameter adds the ability to
|
||||||
|
disable Cinder's deprecated authorization policies. The default value
|
||||||
|
is False, which means Cinder's deprecated policies are enabled. Setting
|
||||||
|
the parameter to True disables the deprecated policies, which causes
|
||||||
|
Cinder to enforce the project-admin, project-member, and project-reader
|
||||||
|
RBAC personas. Support for system personas is planned for a future release.
|
Loading…
Reference in New Issue
Block a user