Browse Source

Change stacks:global_index heat policy to context_is_admin

Rule "context_is_admin" is defined in heat for admin role
and heat uses this rule to authorize admin operations.
Since default admin context can be updated by heat, we
should use the rule: context_is_admin.

In newton, heat updated the admin context to admin role
with admin tenant in following patch:-
https://review.openstack.org/#/c/316627/

Change-Id: Iea6f3a6124e0c4d29801641aff51e385f0399488
Closes-Bug: #1499302
changes/20/352020/2
yatin 5 years ago
committed by yatin karel
parent
commit
28d8eca8c1
2 changed files with 2 additions and 2 deletions
  1. +1
    -1
      devstack/lib/magnum
  2. +1
    -1
      doc/source/userguide.rst

+ 1
- 1
devstack/lib/magnum View File

@ -229,7 +229,7 @@ function create_api_paste_conf {
function update_heat_policy {
# enable stacks global_index search so that magnum can use
# list(global_tenant=True)
sed -i 's/\("stacks:global_index":\).*$/\1 "role:admin",/' $HEAT_CONF_DIR/policy.json
sed -i 's/\("stacks:global_index":\).*$/\1 "rule:context_is_admin",/' $HEAT_CONF_DIR/policy.json
}
# create_magnum_cache_dir() - Part of the init_magnum() process


+ 1
- 1
doc/source/userguide.rst View File

@ -1675,7 +1675,7 @@ it for Magnum. If you want to enable it nonetheless, proceed as follows:
.. code-block:: ini
...
stacks:global_index: "role:admin",
stacks:global_index: "rule:context_is_admin",
Now restart heat.


Loading…
Cancel
Save