diff options
Diffstat (limited to 'releasenotes/notes/remove-enforce-secure-rbac-ec9a0249870460c2.yaml')
-rw-r--r-- | releasenotes/notes/remove-enforce-secure-rbac-ec9a0249870460c2.yaml | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/releasenotes/notes/remove-enforce-secure-rbac-ec9a0249870460c2.yaml b/releasenotes/notes/remove-enforce-secure-rbac-ec9a0249870460c2.yaml new file mode 100644 index 000000000..f40f46ed5 --- /dev/null +++ b/releasenotes/notes/remove-enforce-secure-rbac-ec9a0249870460c2.yaml @@ -0,0 +1,17 @@ +--- +upgrade: + - | + As per the revised SRBAC community goals, glance service is switching to + new defaults by default in Antelope cycle, hence removing the deprecated + ``enforce_secure_rbac`` option which is no longer needed. + The ``enforce_secure_rbac`` option was introduced EXPERIMENTAL in Wallaby + release for operators to opt into enforcing authorization based on common + RBAC personas. + + Now operator can control the scope and new defaults flag with the below + config options in + ``glance-api.conf`` file:: + + [oslo_policy] + enforce_new_defaults=True + enforce_scope=True
\ No newline at end of file |