diff options
| author | Casey Bodley <cbodley@users.noreply.github.com> | 2025-01-08 19:02:17 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-01-08 19:02:17 +0100 |
| commit | 093e0de0b870f3cc10663e24dc60c991ac615612 (patch) | |
| tree | ee7accec13696760f48ac019b2537569d6e1878e | |
| parent | Merge pull request #61074 from chardan/wip-radowsgw-admin-jfw-restructure_file (diff) | |
| parent | docs/rgw: deprecate tenant-based IAM in favor of accounts (diff) | |
| download | ceph-093e0de0b870f3cc10663e24dc60c991ac615612.tar.xz ceph-093e0de0b870f3cc10663e24dc60c991ac615612.zip | |
Merge pull request #60848 from cbodley/wip-rgw-deprecate-iam-tenant
docs/rgw: deprecate tenant-based IAM in favor of accounts
Reviewed-by: Anthony D'Atri <anthony.datri@gmail.com>
| -rw-r--r-- | PendingReleaseNotes | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/PendingReleaseNotes b/PendingReleaseNotes index 9e677217e90..b4824a65584 100644 --- a/PendingReleaseNotes +++ b/PendingReleaseNotes @@ -1,5 +1,16 @@ >=20.0.0 +* RGW: The User Account feature introduced in Squid provides first-class support for + IAM APIs and policy. Our preliminary STS support was instead based on tenants, and + exposed some IAM APIs to admins only. This tenant-level IAM functionality is now + deprecated in favor of accounts. While we'll continue to support the tenant feature + itself for namespace isolation, the following features will be removed no sooner + than the V release: + * tenant-level IAM APIs like CreateRole, PutRolePolicy and PutUserPolicy, + * use of tenant names instead of accounts in IAM policy documents, + * interpretation of IAM policy without cross-account policy evaluation, + * S3 API support for cross-tenant names such as `Bucket='tenant:bucketname'` + * RBD: All Python APIs that produce timestamps now return "aware" `datetime` objects instead of "naive" ones (i.e. those including time zone information instead of those not including it). All timestamps remain to be in UTC but |