Revert "Check RBAC policy for nested stacks"

This is causing issues with tripleo failures with ValueError, when trying do stack-preview as part of policy enforcement for stack DELETE. This reverts commit a8accbba98. Change-Id: I366316f27f24c650bd435e67dd17abd8676cedf4 Closes-Bug: #1561172
2016-03-30 09:34:36 +05:30
parent 8662cd52dd
commit 354f1bcef0
3 changed files with 1 additions and 30 deletions
--- a/heat/common/policy.py
+++ b/heat/common/policy.py
@@ -24,6 +24,7 @@ import six

 from heat.common import exception

+
 CONF = cfg.CONF
 LOG = logging.getLogger(__name__)

@@ -110,12 +111,5 @@ class ResourceEnforcer(Enforcer):
                return result

    def enforce_stack(self, stack, scope=None, target=None):
-        stack.preview_resources()
        for res in stack.resources.values():
-            if res.has_nested():
-                self.enforce_stack(res.nested())
-                # After the preview_resources() call nested stack name will
-                # be equal to stack.name + res.name, without uuid part. Get
-                # rid of the side effect of preview.
-                res._nested = None
            self.enforce(stack.context, res.type(), scope=scope, target=target)
--- a/heat/engine/stack.py
+++ b/heat/engine/stack.py
@@ -689,8 +689,6 @@ class Stack(collections.Mapping):
                    (r.CREATE, r.COMPLETE),
                    (r.RESUME, r.IN_PROGRESS),
                    (r.RESUME, r.COMPLETE),
-                    (r.SUSPEND, r.IN_PROGRESS),
-                    (r.SUSPEND, r.COMPLETE),
                    (r.UPDATE, r.IN_PROGRESS),
                    (r.UPDATE, r.COMPLETE)) and
                    (r.FnGetRefId() == refid or r.name == refid)):
--- a/heat_integrationtests/functional/test_conditional_exposure.py
+++ b/heat_integrationtests/functional/test_conditional_exposure.py
@@ -76,19 +76,6 @@ resources:
      ram: 20000
      vcpus: 10
 """
-    fl_tmpl_nested = """
-heat_template_version: 2015-10-15
-resources:
-  not4everyonerg:
-    type: OS::Heat::ResourceGroup
-    properties:
-        count: 1
-        resource_def:
-            type: OS::Nova::Flavor
-            properties:
-              ram: 20000
-              vcpus: 10
-"""

    def test_non_admin_forbidden_create_flavors(self):
        """Fail to create Flavor resource w/o admin role.
@@ -108,11 +95,3 @@ resources:
        resources = self.client.resource_types.list()
        self.assertNotIn(self.forbidden_resource_type,
                         (r.resource_type for r in resources))
-
-    def test_non_admin_forbidden_create_flavors_nested(self):
-        stack_name = self._stack_rand_name()
-        ex = self.assertRaises(exc.Forbidden,
-                               self.client.stacks.create,
-                               stack_name=stack_name,
-                               template=self.fl_tmpl_nested)
-        self.assertIn(self.forbidden_resource_type, ex.message)