womax/nova
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add service role in Nova policy

Browse Source 
RBAC community wide goal phase-2[1] is to add 'service'
role for the service APIs policy rule. This commit
defaults the service APIs to 'service' role. This way
service APIs will be allowed for service user only.

Tempest tests also modified to simulate the service-to-service
communication. Tempest tests send the user with service
role to nova API.
- https://review.opendev.org/c/openstack/tempest/+/892639>

Partial implement blueprint policy-service-role-default

[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#phase-2

Change-Id: I1565ea163fa2c8212f71c9ba375654d2aab28330
Signed-off-by: Ghanshyam Maan <gmaan@ghanshyammann.com>
This commit is contained in:
Ghanshyam Maan
2025-08-16 04:11:31 +00:00
parent a7e5377da4
commit f914cb185c
34 changed files with 308 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api-ref/source/parameters.yaml
+6
View File
@@ -7628,6 +7628,12 @@ volumeId_swap:
in: body
required: true
type: string
volumeId_update:
description: |
The UUID of the attached volume.
in: body
required: true
type: string
volumes:
description: |
The list of ``volume`` objects.