Implement system scoped RBAC for node and driver passthru

This commit updates the policies for baremetal passthru policies to understand scope checking and account for a read-only role. This is part of a broader series of changes across OpenStack to provide a consistent RBAC experience and improve security. Change-Id: I31a258e0ce7db7e931e62f2a06e610857dabdd47
author: Lance Bragstad <lbragstad@gmail.com> 2020-11-18 21:16:05 +0000
committer: Julia Kreger <juliaashleykreger@gmail.com> 2021-02-22 05:49:11 -0800
commit: ff883486e62e394b03ed7c6e6911ca082e599586 (patch)
tree: 0f7f02886dcea39535066197fe794ed41839c6a8 /releasenotes/notes/system-scoped-authentication-28e3651de250bea8.yaml
parent: 9e773d96cae24436afc3cf9aff30f40d558678af (diff)
download: ironic-ff883486e62e394b03ed7c6e6911ca082e599586.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/releasenotes/notes/system-scoped-authentication-28e3651de250bea8.yaml b/releasenotes/notes/system-scoped-authentication-28e3651de250bea8.yaml
index 20ff567da..d6bf79999 100644
--- a/releasenotes/notes/system-scoped-authentication-28e3651de250bea8.yaml
+++ b/releasenotes/notes/system-scoped-authentication-28e3651de250bea8.yaml
@@ -3,7 +3,7 @@ features:
   - |
     The Baremetal API, provided by the ironic-api process, now supports use of
     ``system`` scoped ``keystone`` authentication for the following endpoints:
-    nodes, ports, portgroups, chassis, drivers
+    nodes, ports, portgroups, chassis, drivers, vendor passthru.
 upgrade:
   - |
     Deprecated policy rules are not expressed via a default policy file
author	Lance Bragstad <lbragstad@gmail.com>	2020-11-18 21:16:05 +0000
committer	Julia Kreger <juliaashleykreger@gmail.com>	2021-02-22 05:49:11 -0800
commit	ff883486e62e394b03ed7c6e6911ca082e599586 (patch)
tree	0f7f02886dcea39535066197fe794ed41839c6a8 /releasenotes/notes/system-scoped-authentication-28e3651de250bea8.yaml
parent	9e773d96cae24436afc3cf9aff30f40d558678af (diff)
download	ironic-ff883486e62e394b03ed7c6e6911ca082e599586.tar.gz