From 4a4ce672fbffbf45ff5ec4310cb73cf6238d1337 Mon Sep 17 00:00:00 2001
From: Thomas Herve <therve@redhat.com>
Date: Mon, 22 Feb 2016 22:54:04 +0000
Subject: [PATCH] Revert "Check RBAC policy for nested stacks"

This reverts commit 57fdf732a4bbec296c45355818e67549593c6afb.

It breaks magnum gate.

Change-Id: I0553482d6b56edc08d29e1ab318b3b8962edc04d
---
 heat/common/policy.py                         |  7 ------
 heat/engine/stack.py                          |  2 --
 .../functional/test_conditional_exposure.py   | 22 -------------------
 3 files changed, 31 deletions(-)

diff --git a/heat/common/policy.py b/heat/common/policy.py
index e5f41ebcfa..7ade8403ea 100644
--- a/heat/common/policy.py
+++ b/heat/common/policy.py
@@ -111,12 +111,5 @@ class ResourceEnforcer(Enforcer):
                 return result
 
     def enforce_stack(self, stack, scope=None, target=None):
-        stack.preview_resources()
         for res in stack.resources.values():
-            if res.has_nested():
-                self.enforce_stack(res.nested())
-                # After the preview_resources() call nested stack name will
-                # be equal to stack.name + res.name, without uuid part. Get
-                # rid of the side effect of preview.
-                res._nested = None
             self.enforce(stack.context, res.type(), scope=scope, target=target)
diff --git a/heat/engine/stack.py b/heat/engine/stack.py
index 53ccb564f6..caecf889ae 100644
--- a/heat/engine/stack.py
+++ b/heat/engine/stack.py
@@ -646,8 +646,6 @@ class Stack(collections.Mapping):
                     (r.CREATE, r.COMPLETE),
                     (r.RESUME, r.IN_PROGRESS),
                     (r.RESUME, r.COMPLETE),
-                    (r.SUSPEND, r.IN_PROGRESS),
-                    (r.SUSPEND, r.COMPLETE),
                     (r.UPDATE, r.IN_PROGRESS),
                     (r.UPDATE, r.COMPLETE)) and r.FnGetRefId() == refid:
                 return r
diff --git a/heat_integrationtests/functional/test_conditional_exposure.py b/heat_integrationtests/functional/test_conditional_exposure.py
index 0361a9b951..90f7d7aa49 100644
--- a/heat_integrationtests/functional/test_conditional_exposure.py
+++ b/heat_integrationtests/functional/test_conditional_exposure.py
@@ -80,20 +80,6 @@ resources:
       ram: 20000
       vcpus: 10
 """
-    fl_tmpl_nested = """
-heat_template_version: 2015-10-15
-
-resources:
-  not4everyonerg:
-    type: OS::Heat::ResourceGroup
-    properties:
-        count: 1
-        resource_def:
-            type: OS::Nova::Flavor
-            properties:
-              ram: 20000
-              vcpus: 10
-"""
 
     def test_non_admin_forbidden_create_flavors(self):
         """Fail to create Flavor resource w/o admin role.
@@ -109,14 +95,6 @@ resources:
                                template=self.fl_tmpl)
         self.assertIn(self.forbidden_resource_type, ex.message)
 
-    def test_non_admin_forbidden_create_flavors_nested(self):
-        stack_name = self._stack_rand_name()
-        ex = self.assertRaises(exc.Forbidden,
-                               self.client.stacks.create,
-                               stack_name=stack_name,
-                               template=self.fl_tmpl_nested)
-        self.assertIn(self.forbidden_resource_type, ex.message)
-
     def test_forbidden_resource_not_listed(self):
         resources = self.client.resource_types.list()
         self.assertNotIn(self.forbidden_resource_type,