Change stacks:global_index heat policy to context_is_admin

Rule "context_is_admin" is defined in heat for admin role
and heat uses this rule to authorize admin operations.
Since default admin context can be updated by heat, we
should use the rule: context_is_admin.

In newton, heat updated the admin context to admin role
with admin tenant in following patch:-
https://review.openstack.org/#/c/316627/

Change-Id: Iea6f3a6124e0c4d29801641aff51e385f0399488
Closes-Bug: #1499302
This commit is contained in:
yatin 2016-08-06 18:49:07 +05:30 committed by yatin karel
parent 35bec1887c
commit 28d8eca8c1
2 changed files with 2 additions and 2 deletions

View File

@ -229,7 +229,7 @@ function create_api_paste_conf {
function update_heat_policy {
# enable stacks global_index search so that magnum can use
# list(global_tenant=True)
sed -i 's/\("stacks:global_index":\).*$/\1 "role:admin",/' $HEAT_CONF_DIR/policy.json
sed -i 's/\("stacks:global_index":\).*$/\1 "rule:context_is_admin",/' $HEAT_CONF_DIR/policy.json
}
# create_magnum_cache_dir() - Part of the init_magnum() process

View File

@ -1675,7 +1675,7 @@ it for Magnum. If you want to enable it nonetheless, proceed as follows:
.. code-block:: ini
...
stacks:global_index: "role:admin",
stacks:global_index: "rule:context_is_admin",
Now restart heat.