Remove policy json file
Remove the policy.json template, as they contain no templated variables. This would allow use of the policy.json files provided via the package, and decrease the need to sync them with upstream Change-Id: I2e4e3b5ed25b1449678e33dbd4ea45fcb6cac946 Implements: blueprint remove-policy-templates
This commit is contained in:
parent
8d2cc01705
commit
3839660292
|
@ -1,6 +1,9 @@
|
|||
# CHANGELOG for cookbook-openstack-orchestration
|
||||
|
||||
This file is used to list changes made in each version of cookbook-openstack-orchestration
|
||||
## 9.0.1
|
||||
* Remove policy file
|
||||
|
||||
## 9.0.0
|
||||
* Upgrade to Icehouse
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@ maintainer 'IBM, Inc.'
|
|||
license 'Apache 2.0'
|
||||
description 'Installs and configures the Heat Service'
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||
version '9.0.0'
|
||||
version '9.0.1'
|
||||
recipe 'openstack-orchestration::api', 'Start and configure the Heat API service'
|
||||
recipe 'openstack-orchestration::api-cfn', 'Start and configure the Heat API CloudFormation service'
|
||||
recipe 'openstack-orchestration::api-cloudwatch', 'Start and configure the Heat API CloudWatch service'
|
||||
|
|
|
@ -45,11 +45,3 @@ template '/etc/heat/api-paste.ini' do
|
|||
mode 00644
|
||||
notifies :restart, 'service[heat-api-cfn]', :immediately
|
||||
end
|
||||
|
||||
template '/etc/heat/policy.json' do
|
||||
source 'policy.json.erb'
|
||||
group node['openstack']['orchestration']['group']
|
||||
owner node['openstack']['orchestration']['user']
|
||||
mode 00644
|
||||
notifies :restart, 'service[heat-api-cfn]', :immediately
|
||||
end
|
||||
|
|
|
@ -49,11 +49,3 @@ template '/etc/heat/api-paste.ini' do
|
|||
mode 00644
|
||||
notifies :restart, 'service[heat-api-cloudwatch]', :immediately
|
||||
end
|
||||
|
||||
template '/etc/heat/policy.json' do
|
||||
source 'policy.json.erb'
|
||||
group node['openstack']['orchestration']['group']
|
||||
owner node['openstack']['orchestration']['user']
|
||||
mode 00644
|
||||
notifies :restart, 'service[heat-api-cloudwatch]', :immediately
|
||||
end
|
||||
|
|
|
@ -45,11 +45,3 @@ template '/etc/heat/api-paste.ini' do
|
|||
mode 00644
|
||||
notifies :restart, 'service[heat-api]', :immediately
|
||||
end
|
||||
|
||||
template '/etc/heat/policy.json' do
|
||||
source 'policy.json.erb'
|
||||
group node['openstack']['orchestration']['group']
|
||||
owner node['openstack']['orchestration']['user']
|
||||
mode 00644
|
||||
notifies :restart, 'service[heat-api]', :immediately
|
||||
end
|
||||
|
|
|
@ -21,8 +21,6 @@ describe 'openstack-orchestration::api-cfn' do
|
|||
|
||||
expect_creates_api_paste 'service[heat-api-cfn]'
|
||||
|
||||
expect_creates_policy_json 'service[heat-api-cfn]', 'heat', 'heat'
|
||||
|
||||
it 'starts heat api-cfn on boot' do
|
||||
expect(@chef_run).to enable_service('openstack-heat-api-cfn')
|
||||
end
|
||||
|
|
|
@ -21,8 +21,6 @@ describe 'openstack-orchestration::api-cloudwatch' do
|
|||
|
||||
expect_creates_api_paste 'service[heat-api-cloudwatch]'
|
||||
|
||||
expect_creates_policy_json 'service[heat-api-cloudwatch]', 'heat', 'heat'
|
||||
|
||||
it 'starts heat api-cloudwatch on boot' do
|
||||
expect(@chef_run).to enable_service('openstack-heat-api-cloudwatch')
|
||||
end
|
||||
|
|
|
@ -21,8 +21,6 @@ describe 'openstack-orchestration::api' do
|
|||
|
||||
expect_creates_api_paste 'service[heat-api]'
|
||||
|
||||
expect_creates_policy_json 'service[heat-api]', 'heat', 'heat'
|
||||
|
||||
it 'starts heat api on boot' do
|
||||
expect(@chef_run).to enable_service('openstack-heat-api')
|
||||
end
|
||||
|
|
|
@ -86,24 +86,3 @@ def expect_creates_api_paste(service, action = :restart) # rubocop:disable Metho
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
def expect_creates_policy_json(service, user, group, action = :restart) # rubocop:disable MethodLength
|
||||
describe 'policy.json' do
|
||||
before do
|
||||
@template = @chef_run.template '/etc/heat/policy.json'
|
||||
end
|
||||
|
||||
it 'has proper owner' do
|
||||
expect(@template.owner).to eq(user)
|
||||
expect(@template.group).to eq(group)
|
||||
end
|
||||
|
||||
it 'has proper modes' do
|
||||
expect(sprintf('%o', @template.mode)).to eq '644'
|
||||
end
|
||||
|
||||
it 'notifies service restart' do
|
||||
expect(@template).to notify(service).to(action)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,50 +0,0 @@
|
|||
{
|
||||
"context_is_admin": "role:admin",
|
||||
"deny_stack_user": "not role:heat_stack_user",
|
||||
|
||||
"cloudformation:ListStacks": "rule:deny_stack_user",
|
||||
"cloudformation:CreateStack": "rule:deny_stack_user",
|
||||
"cloudformation:DescribeStacks": "rule:deny_stack_user",
|
||||
"cloudformation:DeleteStack": "rule:deny_stack_user",
|
||||
"cloudformation:UpdateStack": "rule:deny_stack_user",
|
||||
"cloudformation:DescribeStackEvents": "rule:deny_stack_user",
|
||||
"cloudformation:ValidateTemplate": "rule:deny_stack_user",
|
||||
"cloudformation:GetTemplate": "rule:deny_stack_user",
|
||||
"cloudformation:EstimateTemplateCost": "rule:deny_stack_user",
|
||||
"cloudformation:DescribeStackResource": "",
|
||||
"cloudformation:DescribeStackResources": "rule:deny_stack_user",
|
||||
"cloudformation:ListStackResources": "rule:deny_stack_user",
|
||||
|
||||
"cloudwatch:DeleteAlarms": "rule:deny_stack_user",
|
||||
"cloudwatch:DescribeAlarmHistory": "rule:deny_stack_user",
|
||||
"cloudwatch:DescribeAlarms": "rule:deny_stack_user",
|
||||
"cloudwatch:DescribeAlarmsForMetric": "rule:deny_stack_user",
|
||||
"cloudwatch:DisableAlarmActions": "rule:deny_stack_user",
|
||||
"cloudwatch:EnableAlarmActions": "rule:deny_stack_user",
|
||||
"cloudwatch:GetMetricStatistics": "rule:deny_stack_user",
|
||||
"cloudwatch:ListMetrics": "rule:deny_stack_user",
|
||||
"cloudwatch:PutMetricAlarm": "rule:deny_stack_user",
|
||||
"cloudwatch:PutMetricData": "",
|
||||
"cloudwatch:SetAlarmState": "rule:deny_stack_user",
|
||||
|
||||
"actions:action": "rule:deny_stack_user",
|
||||
"build_info:build_info": "rule:deny_stack_user",
|
||||
"events:index": "rule:deny_stack_user",
|
||||
"events:show": "rule:deny_stack_user",
|
||||
"resource:index": "rule:deny_stack_user",
|
||||
"resource:metadata": "",
|
||||
"resource:show": "rule:deny_stack_user",
|
||||
"stacks:abandon": "rule:deny_stack_user",
|
||||
"stacks:create": "rule:deny_stack_user",
|
||||
"stacks:delete": "rule:deny_stack_user",
|
||||
"stacks:detail": "rule:deny_stack_user",
|
||||
"stacks:generate_template": "rule:deny_stack_user",
|
||||
"stacks:index": "rule:deny_stack_user",
|
||||
"stacks:list_resource_types": "rule:deny_stack_user",
|
||||
"stacks:lookup": "rule:deny_stack_user",
|
||||
"stacks:resource_schema": "rule:deny_stack_user",
|
||||
"stacks:show": "rule:deny_stack_user",
|
||||
"stacks:template": "rule:deny_stack_user",
|
||||
"stacks:update": "rule:deny_stack_user",
|
||||
"stacks:validate_template": "rule:deny_stack_user"
|
||||
}
|
Loading…
Reference in New Issue