Only implement policy.json if an override is configured
With I610115dc1974b2182ce673bb086a1da15b022de3 merged there is no longer a default policy.json file in the venv, so we need to change how we implement the file, and should only do so if there is a config override configured for it. Change-Id: Ifd0e57e14d5691daf4d715a46bdea2f1d90050d5
This commit is contained in:
parent
d5e16dbdf6
commit
a839cc1713
@ -39,9 +39,12 @@
|
||||
dest: "/etc/heat/templates/AWS_RDS_DBInstance.yaml"
|
||||
config_overrides: "{{ heat_aws_rds_dbinstance_yaml_overrides }}"
|
||||
config_type: "yaml"
|
||||
- src: "policy.json.j2"
|
||||
dest: "/etc/heat/policy.json"
|
||||
config_overrides: "{{ heat_policy_overrides }}"
|
||||
config_type: "json"
|
||||
notify:
|
||||
- Restart heat services
|
||||
|
||||
- name: Implement policy.json if there are overrides configured
|
||||
copy:
|
||||
content: "{{ heat_policy_overrides | to_nice_json }}"
|
||||
dest: "/etc/heat/policy.json"
|
||||
when:
|
||||
- heat_policy_overrides != {}
|
||||
|
@ -1,15 +0,0 @@
|
||||
{
|
||||
"cloudformation:ListStacks": "rule:deny_stack_user",
|
||||
"cloudformation:CreateStack": "rule:deny_stack_user",
|
||||
"cloudformation:DescribeStacks": "rule:deny_stack_user",
|
||||
"cloudformation:DeleteStack": "rule:deny_stack_user",
|
||||
"cloudformation:UpdateStack": "rule:deny_stack_user",
|
||||
"cloudformation:CancelUpdateStack": "rule:deny_stack_user",
|
||||
"cloudformation:DescribeStackEvents": "rule:deny_stack_user",
|
||||
"cloudformation:ValidateTemplate": "rule:deny_stack_user",
|
||||
"cloudformation:GetTemplate": "rule:deny_stack_user",
|
||||
"cloudformation:EstimateTemplateCost": "rule:deny_stack_user",
|
||||
"cloudformation:DescribeStackResource": "",
|
||||
"cloudformation:DescribeStackResources": "rule:deny_stack_user",
|
||||
"cloudformation:ListStackResources": "rule:deny_stack_user",
|
||||
}
|
Loading…
Reference in New Issue
Block a user