openstack/tripleo-heat-templates
Code Issues Proposed changes
ab4004e4aa
tripleo-heat-templates/releasenotes/notes/enable_secure_rbac_for_keystone-62685484ef589726.yaml
Lance Bragstad b49da72366 Allow keystone to configure secure RBAC options 
This updates the keystone api container to set the appropriate
configuration options when EnforceSecureRbac is True. This will be
needed when more OpenStack services support system-scope and deployers
want to enable those personas.

Change-Id: I7ed3ace9d9fea56b800685bb890ccbb0530e36a9
2022-01-03 12:40:27 +01:00

10 lines
448 B
YAML
Raw Blame History

---
features:
- |
Keystone can now be configured to support secure RBAC `personas
<https://docs.openstack.org/keystone/latest/admin/service-api-protection.html#roles-definitions>`_
with the `EnforceSecureRbac` setting. Note that deployments with mixed permission
models will have unexpected side-effects. Setting this option won't have
meaningful effect until all services in your deployment support secure RBAC
personas.
View Git Blame Copy Permalink