openstack/neutron
Code Issues Proposed changes
418c479569
neutron/releasenotes/notes/Add-service-role-support-3e28b1bfcfc59c29.yaml
Slawek Kaplonski 428f7a8418 [S-RBAC] Add service role in neutron policy 
RBAC community wide goal phase-2[1] is to add service
role for the service APIs policy rule.
This patch adds new "service_api" role in policies, deprecates old rule
"context_is_advsvc" as this had basically same goal but for consistency
reasons we want now to have it named "service_api" as in other policies
for other projects.
This patch also adds unit tests to ensure what is allowed and what is
forbidden for the service role user.

[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#phase-2

Closes-Bug: #2026182

Change-Id: Iaa1a3a491d310c2304f6500c6e5d2b9c31a72fa8
2023-10-06 07:55:05 +00:00

11 lines
394 B
YAML
Raw Blame History

---
features:
- |
Support for new ``service`` role is added to the Neutron API policies as
part of the Secure-RBAC initiative. This new role is designed to be used for
the service-to-service communication.
deprecations:
- |
Old role ``advsvc`` used in the Neutron API policies is now deprecated. New
``service`` role should be used for service-to-service communication.
View Git Blame Copy Permalink