doc/releases/tentacle: add missing rgw deprecation notice

author Casey Bodley <cbodley@redhat.com>

Fri, 24 Oct 2025 12:57:52 +0000 (08:57 -0400)

committer Laura Flores <lflores@ibm.com>

Tue, 18 Nov 2025 17:51:13 +0000 (11:51 -0600)
author Casey Bodley <cbodley@redhat.com>
Fri, 24 Oct 2025 12:57:52 +0000 (08:57 -0400)
committer Laura Flores <lflores@ibm.com>
Tue, 18 Nov 2025 17:51:13 +0000 (11:51 -0600)
diff --git a/doc/releases/tentacle.rst b/doc/releases/tentacle.rst

index ecaf56f0ab275af42fde8b7e76fd3686eb0e4856..a44302606c899148a377d9e3303c4d348c2ad505 100644 (file)
--- a/doc/releases/tentacle.rst
+++ b/doc/releases/tentacle.rst
@@ -84,6 +84,17 @@ RGW
  * Bucket resharding now does most of its processing before it starts to block
    write operations. This should significantly reduce the client-visible impact
    of resharding on large buckets.
+* RGW: The User Account feature introduced in Squid provides first-class support for
+  IAM APIs and policy. Our preliminary STS support was based on tenants, and
+  exposed some IAM APIs to admins only. This tenant-level IAM functionality is now
+  deprecated in favor of accounts. While we'll continue to support the tenant feature
+  itself for namespace isolation, the following features will be removed no sooner
+  than the V release:
+    * Tenant-level IAM APIs including CreateRole, PutRolePolicy and PutUserPolicy,
+    * Use of tenant names instead of accounts in IAM policy documents,
+    * Interpretation of IAM policy without cross-account policy evaluation,
+    * S3 API support for cross-tenant names such as `Bucket='tenant:bucketname'`
+    * STS Lite and `sts:GetSessionToken`.
  
  CephFS
  ------
author	Casey Bodley <cbodley@redhat.com>
	Fri, 24 Oct 2025 12:57:52 +0000 (08:57 -0400)
committer	Laura Flores <lflores@ibm.com>
	Tue, 18 Nov 2025 17:51:13 +0000 (11:51 -0600)