Wallaby Series (10.5.0 - 10.6.x) Release Notes¶
The default policy will been replaced with one which aligns with the Secure-RBAC scopes and roles. Since ironic-inspector is a tool used only by system-level admins, only the
systemscope is supported, and the only roles in the policy rules are
ibmc_addressin the default configuration, allowing introspection to try and match the BMC address if no ports are defined when using the ibmc driver.
The default value of
[oslo_policy] policy_fileconfig option has been changed from
policy.yaml. Operators who are utilizing customized policy files or previously generated static policy files (which are not needed by default), should generate new policy files and modify them to meet their needs in the event of any new policies or rules have been added. Please consult the oslopolicy-convert-json-to-yaml tool to convert a JSON to YAML formatted policy file in backward compatible way.
The new policy is only enforced when
[oslo_policy]config is changed to
enforce_scope=True, otherwise the existing deprecated policy is used. User accounts which rely on having the
baremetal_observerroles will need to have system-scoped
readerroles to use the API when the new policy is enforced.
Use of legacy policy files was deprecated by the
oslo.policylibrary during the Victoria development cycle. As a result, this deprecation is being noted in the Wallaby with an anticipated future removal of support by
oslo.policy. As such operators will need to convert to YAML policy files. Please see the upgrade notes for details on migration of any custom policy files.
The previous policy is still enforced by default, but is now deprecated and will be removed in a future release.
Adds a possibility to setup ironic inspector behind a proxy, while allowing the links of the resources API returns to remain correct. Inspector now respects the following headers that are passed with API requests:
X-Forwarded-Prefix. If the API is run providing
SCRIPT_NAMEenvironment variable, it is now also respected, and it allows to return the correct links in response to requests, even if inspector API is not placed at the web server root resource.
Fixes database migrations with SQLAlchemy 1.3.20.