Grant proper privileges to admin user for testing purposes
At the moment we assign `heat_stack_owner` to the `admin` user in a
`service` project, which leads to a completely unwanted behaviour, since
`admin` user does not have any other privileges to the `service` project
rather then `heat_stack_owner`.
Instead we should be granting privileges to the bootstrapped project
for the admin user.
This fixes unclarity and potential issues users might face in horizon
by switching to the `service` project, where they have no permissions.
Change-Id: I95faa779bf62524fafd09576aa7ae27de029bb57
(cherry picked from commit 408f794e2a
)
This commit is contained in:
parent
388d52c324
commit
449970d913
|
@ -50,10 +50,10 @@
|
|||
domain: "{{ heat_service_user_domain_id }}"
|
||||
# Any user creating stacks needs to have the 'heat_stack_owner' role assigned.
|
||||
# We add to admin user here for testing purposes.
|
||||
- name: "{{ keystone_admin_user_name }}"
|
||||
- name: "{{ keystone_admin_user_name | default('admin') }}"
|
||||
role: "{{ heat_stack_owner_name }}"
|
||||
project: "{{ heat_service_project_name }}"
|
||||
domain: "{{ heat_service_user_domain_id }}"
|
||||
project: "{{ keystone_admin_tenant_name | default('admin') }}"
|
||||
domain: "{{ keystone_admin_domain_name | default('default') }}"
|
||||
- name: "{{ heat_stack_domain_admin }}"
|
||||
password: "{{ heat_stack_domain_admin_password }}"
|
||||
domain: "{{ heat_stack_user_domain_name }}"
|
||||
|
|
Loading…
Reference in New Issue