From 084d9ffc50ed9ee22b6b742428bb7342f123b3fc Mon Sep 17 00:00:00 2001
From: Claudia Watson <claudia@stackhpc.com>
Date: Fri, 26 Sep 2025 17:16:33 +0100
Subject: [PATCH 1/2] Updating policy to allow role: baremetaluser

---
 etc/kayobe/kolla/config/neutron/policy.yml | 2 ++
 etc/kayobe/kolla/config/nova/policy.yml    | 2 ++
 2 files changed, 4 insertions(+)
 create mode 100644 etc/kayobe/kolla/config/neutron/policy.yml
 create mode 100644 etc/kayobe/kolla/config/nova/policy.yml

diff --git a/etc/kayobe/kolla/config/neutron/policy.yml b/etc/kayobe/kolla/config/neutron/policy.yml
new file mode 100644
index 0000000000..6cee340edc
--- /dev/null
+++ b/etc/kayobe/kolla/config/neutron/policy.yml
@@ -0,0 +1,2 @@
+"create_port:fixed_ips:ip_address": "(rule:admin_only) or (rule:service_api) or role:manager and project_id:%(project_id)s or role:member and rule:network_owner or role:baremetaluser"
+"create_port:mac_address": "(rule:admin_only) or (rule:service_api) or role:manager and project_id:%(project_id)s or role:member and rule:network_owner or role:baremetaluser"
diff --git a/etc/kayobe/kolla/config/nova/policy.yml b/etc/kayobe/kolla/config/nova/policy.yml
new file mode 100644
index 0000000000..1b19845334
--- /dev/null
+++ b/etc/kayobe/kolla/config/nova/policy.yml
@@ -0,0 +1,2 @@
+"os_compute_api:servers:create:forced_host": "rule:context_is_admin or role:baremetaluser"
+"compute:servers:create:requested_destination": "rule:context_is_admin or role:baremetaluser"

From cc673c428c6b6d9b5b8c0215e941c855ff601f03 Mon Sep 17 00:00:00 2001
From: Claudia Watson <claudia@stackhpc.com>
Date: Wed, 8 Oct 2025 10:22:48 +0100
Subject: [PATCH 2/2] release note added

---
 ...emetaluser-neutron-and-nova-policy-321b73327546ceec.yaml | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 releasenotes/notes/baremetaluser-neutron-and-nova-policy-321b73327546ceec.yaml

diff --git a/releasenotes/notes/baremetaluser-neutron-and-nova-policy-321b73327546ceec.yaml b/releasenotes/notes/baremetaluser-neutron-and-nova-policy-321b73327546ceec.yaml
new file mode 100644
index 0000000000..758d77ea91
--- /dev/null
+++ b/releasenotes/notes/baremetaluser-neutron-and-nova-policy-321b73327546ceec.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Updated neutron and nova policy to allow role:
+    ``baremetaluser`` to map baremetal instances
+    to specific ironic nodes.