openstack/heat
Code Issues Proposed changes
OpenStack Orchestration (Heat)
16,037 Commits 10 Branches 52 Tags 216 MiB
Python 99.5%
Shell 0.5%
185f28a3b4
Go to file
Takashi Kajinami 185f28a3b4 Isolate project scope and system scope 
This change updates the default policies implemented in Heat, to follow
the updated guideline[1] to implement SRBAC.

The main change is that system users are no longer allowed to perform
any operations about project-level resources like stacks, while project
admin(*1) is still allowed to perform operations about project-level
resources BEYOND project (like getting stacks for all projects by list
stacks API).

[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#direction-change

This also adds the test cases to validate reader role which was almost
implemented in heat.

(*1)
If Keystone has an admin project defined, Heat checks an additional
requirement that request context is scoped by that admin project.

Change-Id: I943b3c1ce021cc05445b73fbc342b8386cf5bf6a
2023-06-28 18:38:59 +09:00
api-ref/source Integrate pre-commit 2023-03-22 17:16:30 +00:00
bin db: Migrate to alembic 2023-03-25 12:00:35 +09:00
contrib/heat_docker Use unittest.mock instead of third party mock 2020-05-05 08:42:11 -05:00
devstack Disable unstable test cases in grenade 2023-03-23 23:32:49 +09:00
doc Update the "Creating your first stack" document 2023-04-12 16:09:33 +02:00
etc/heat Deploy healthcheck middleware as app instead of filter 2022-06-06 23:47:16 +09:00
heat Isolate project scope and system scope 2023-06-28 18:38:59 +09:00
heat_integrationtests Replace KeyPair resource by TestResource 2022-08-01 13:50:29 +09:00
heat_upgradetests Integrate pre-commit 2023-03-22 17:16:30 +00:00
playbooks/devstack/functional Remove gabbi tempest plugin 2020-11-04 02:12:11 +00:00
rally-scenarios Switch to use opendev.org 2019-04-22 09:36:50 +05:30
releasenotes Isolate project scope and system scope 2023-06-28 18:38:59 +09:00
roles/run-heat-tests Fix setting the tempest virtual env constraints env var 2023-02-21 16:05:09 +00:00
tools Fix lower-constraints errors 2020-09-10 14:19:03 -04:00
.coveragerc Update .coveragerc after the removal of openstack directory 2016-11-12 09:21:05 +05:30
.gitignore Ignore old 'vN-branch' tags when scanning for release notes 2020-03-27 17:44:43 +00:00
.gitreview OpenDev Migration Patch 2019-04-19 19:33:28 +00:00
.pre-commit-config.yaml Integrate pre-commit 2023-03-22 17:16:30 +00:00
.stestr.conf Use stestr for unit tests 2017-12-15 12:39:37 +05:30
.zuul.yaml Switch to 2023.1 Python3 unit tests and generic template name 2022-09-13 14:14:13 +00:00
babel.cfg Add setup.py and friends 2012-03-14 09:25:54 +11:00
bindep.txt Remove python2 from bindep 2022-06-10 20:27:28 +03:00
config-generator.conf Merge "Add missing [oslo_reports] options" 2021-09-21 02:15:31 +00:00
CONTRIBUTING.rst [ussuri][goal] Update contributor documentation 2021-05-31 20:37:14 +00:00
HACKING.rst Clean up test requirements 2018-07-27 13:38:27 +00:00
install.sh Remove use of heat_watch_server_url 2018-01-28 09:11:18 +05:30
LICENSE Initial commit (basics copied from glance) 2012-03-13 21:48:07 +11:00
README.rst Add ironic client plugin support 2020-04-09 14:14:38 +08:00
requirements.txt db: Remove legacy migrations 2023-03-25 03:01:02 +00:00
setup.cfg Add Python 3.10 to supported runtime. 2023-03-30 14:40:59 +09:00
setup.py Disable auto discovery 2022-03-29 01:15:03 +10:00
test-requirements.txt Update doc8 version 2021-01-06 16:28:32 +08:00
tox.ini tests: Enable SQLAlchemy 2.0 deprecation warnings 2023-03-25 03:01:09 +00:00
uninstall.sh use stderr for error echo message 2016-01-17 05:20:40 +00:00

README.rst

Team and repository tags

image

Heat

Heat is a service to orchestrate multiple composite cloud applications using templates, through both an OpenStack-native REST API and a CloudFormation-compatible Query API.

Why heat? It makes the clouds rise and keeps them there.

Getting Started

If you'd like to run from the master branch, you can clone the git repo:

git clone https://opendev.org/openstack/heat

Python client

Report a Story (a bug/blueprint)

If you'd like to report a Story (we used to call a bug/blueprint), you can report it under Report a story in Heat's StoryBoard. If you must report the story under other sub-project of heat, you can find them all in Heat StoryBoard Group. if you encounter any issue.

References

We have integration with