22929f654e
This patch makes the current version of the keystone default roles the default RBAC policy for Octavia. Change-Id: Icf3171c8bb6496e2999e078b74fdbbc53b922f97
25 lines
1.2 KiB
YAML
25 lines
1.2 KiB
YAML
---
|
|
upgrade:
|
|
- |
|
|
When upgrading, the default RBAC rules will switch from Octavia Advanced
|
|
RBAC to the keystone default roles. This means the load_balancer_* roles
|
|
will not longer have access to the load balancer API. To continue to use
|
|
the Octavia Advanced RBAC rules, please use the
|
|
octavia-advanced-rbac-policy.yaml override file provided.
|
|
critical:
|
|
- |
|
|
When upgrading, the default RBAC rules will switch from Octavia Advanced
|
|
RBAC to the keystone default roles. This means the load_balancer_* roles
|
|
will not longer have access to the load balancer API. To continue to use
|
|
the Octavia Advanced RBAC rules, please use the
|
|
octavia-advanced-rbac-policy.yaml override file provided.
|
|
security:
|
|
- |
|
|
When upgrading, the default RBAC rules will switch from Octavia Advanced
|
|
RBAC to the keystone default roles. This means the load_balancer_* roles
|
|
will not longer have access to the load balancer API. To continue to use
|
|
the Octavia Advanced RBAC rules, please use the
|
|
octavia-advanced-rbac-policy.yaml override file provided. Note: the
|
|
keystone default roles are less restrictive than the Octavia Advanced RBAC
|
|
rules and you will no longer have global observer or quota specific roles.
|