Bartosz Bezak
|
121aa3d258
|
Ironic: enable elevated access for project scoped service role
Ironic recently started to enforce new policies and scope [1].
And Ironic is one of the sole openstack project which need
system scope for some admin related api calls [2].
However Ironic also started to allow project-scope behaviour
for service role with setting
``rbac_service_role_elevated_access``[3] [4]. This change enables
this setting to get similar behaviour of service role as other
openstack projects.
[1] https://review.opendev.org/c/openstack/ironic/+/902009
[2] e2a47de10a/goals/selected/consistent-and-secure-rbac.rst (L261)
[3] https://review.opendev.org/c/openstack/ironic/+/907148
[4] 8ec5606622/releasenotes/notes/service-project-service-role-fix-e4d1a8c23856926a.yaml
Related-Bug: #2051837
Change-Id: If8d7cf1663145d0398a2e936486e2b316d4df5e0
|
2024-02-15 15:04:06 +01:00 |
|