diff options
| author | Julia Kreger <juliaashleykreger@gmail.com> | 2021-11-19 12:54:50 -0800 |
|---|---|---|
| committer | Julia Kreger <juliaashleykreger@gmail.com> | 2022-05-23 16:21:19 -0700 |
| commit | c3f397149ac217e305e52e9eb241f33d1ba21d78 (patch) | |
| tree | bf1b1c75363a8321b58c0858be41a28763f943e7 /ironic/conf/conductor.py | |
| parent | 2e94aa424198b2f0f8231ef7d2086262b6ee9c9f (diff) | |
| download | ironic-c3f397149ac217e305e52e9eb241f33d1ba21d78.tar.gz | |
Auto-populate lessee for deployments
Adds a configuration option and capability to automatically
record the lessee for a deployment based upon the original
auth_token information provided in the request context.
Additional token information is now shared through the context
which is extended in the same fashion as most other projects
saving request token information to their RequestContext,
instead of triggering excess API calls in the background to
Keystone to try and figure out requestor's information.
Change-Id: I42a2ceb9d2e7dfdc575eb37ed773a1bc682cec23
Diffstat (limited to 'ironic/conf/conductor.py')
| -rw-r--r-- | ironic/conf/conductor.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ironic/conf/conductor.py b/ironic/conf/conductor.py index 854330e78..b1d6bae4f 100644 --- a/ironic/conf/conductor.py +++ b/ironic/conf/conductor.py @@ -348,6 +348,16 @@ opts = [ 'be specified multiple times to define priorities ' 'for multiple steps. If set to 0, this specific step ' 'will not run during verification. ')), + cfg.BoolOpt('automatic_lessee', + default=False, + mutable=True, + help=_('If the conductor should record the Project ID ' + 'indicated by Keystone for a requested deployment. ' + 'Allows rights to be granted to directly access the ' + 'deployed node as a lessee within the RBAC security ' + 'model. The conductor does *not* record this value ' + 'otherwise, and this information is not backfilled ' + 'for prior instances which have been deployed.')), ] |