Merge "Revert "Check RBAC policy for nested stacks""

2016-02-24 08:47:51 +00:00 · 2016-02-24 08:47:51 +00:00 · 0a2915fca4
commit 0a2915fca4
parent f83c5b9004 4a4ce672fb
3 changed files with 0 additions and 31 deletions
--- a/heat/common/policy.py
+++ b/heat/common/policy.py
@ -111,12 +111,5 @@ class ResourceEnforcer(Enforcer):
                return result

    def enforce_stack(self, stack, scope=None, target=None):
-        stack.preview_resources()
        for res in stack.resources.values():
-            if res.has_nested():
-                self.enforce_stack(res.nested())
-                # After the preview_resources() call nested stack name will
-                # be equal to stack.name + res.name, without uuid part. Get
-                # rid of the side effect of preview.
-                res._nested = None
            self.enforce(stack.context, res.type(), scope=scope, target=target)
--- a/heat/engine/stack.py
+++ b/heat/engine/stack.py
@ -673,8 +673,6 @@ class Stack(collections.Mapping):
                    (r.CREATE, r.COMPLETE),
                    (r.RESUME, r.IN_PROGRESS),
                    (r.RESUME, r.COMPLETE),
-                    (r.SUSPEND, r.IN_PROGRESS),
-                    (r.SUSPEND, r.COMPLETE),
                    (r.UPDATE, r.IN_PROGRESS),
                    (r.UPDATE, r.COMPLETE)) and r.FnGetRefId() == refid:
                return r
--- a/heat_integrationtests/functional/test_conditional_exposure.py
+++ b/heat_integrationtests/functional/test_conditional_exposure.py
@ -76,20 +76,6 @@ resources:
      ram: 20000
      vcpus: 10
 """
-    fl_tmpl_nested = """
-heat_template_version: 2015-10-15
-
-resources:
-  not4everyonerg:
-    type: OS::Heat::ResourceGroup
-    properties:
-        count: 1
-        resource_def:
-            type: OS::Nova::Flavor
-            properties:
-              ram: 20000
-              vcpus: 10
-"""

    def test_non_admin_forbidden_create_flavors(self):
        """Fail to create Flavor resource w/o admin role.
@ -105,14 +91,6 @@ resources:
                               template=self.fl_tmpl)
        self.assertIn(self.forbidden_resource_type, ex.message)

-    def test_non_admin_forbidden_create_flavors_nested(self):
-        stack_name = self._stack_rand_name()
-        ex = self.assertRaises(exc.Forbidden,
-                               self.client.stacks.create,
-                               stack_name=stack_name,
-                               template=self.fl_tmpl_nested)
-        self.assertIn(self.forbidden_resource_type, ex.message)
-
    def test_forbidden_resource_not_listed(self):
        resources = self.client.resource_types.list()
        self.assertNotIn(self.forbidden_resource_type,