Greetings, Could we get some clarity as to what is actually required/expected. A baremetal_observer role is already available as the "observer" or "baremetal_observer" role if granted, and "baremetal_admin" for administrator usage. I guess what this ultimately means is this is a rather confusing BZ at this time, Any clarity you can provide would be much appreciated.
A huge series of patches have almost merged upstream. One or two minor patches in final sequence for the service. All patches have the "secure-rbac" topic upstream against the ironic and ironic-inspector repository.
Moving to modified state as the work has been completed in Ironic and Ironic Inpsector. In terms of ironic-inspector, and specifically project scoped personas, such access is out of scope for Inspector as it is a system service for data collection. Workflows *are* possible where ironic can be asked directly to trigger inspection, should someone still need introspection to occur, but again, that pattern is out of scope of it's use and unlikely to ever be supported given the operational role and position in any hardware interaction workflow.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Release of components for Red Hat OpenStack Platform 17.0 (Wallaby)), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2022:6543