On 09/23/2013 11:16 AM, Steven Hardy wrote:
On Fri, Sep 20, 2013 at 09:43:27AM +0300, Juha Tynninen wrote:
Hi,
In havana the user must have admin privileges to be able to create heat
stacks having e.g. HARestarter resource. Otherwise an error will occur...
What's logic behind this / or is this a bug?
Unforuntately this is a known problem:
https://bugs.launchpad.net/heat/+bug/1089261
https://blueprints.launchpad.net/heat/+spec/instance-users
See the updated policy config file for Keystone. We are not deploying
it by default, yet,. as it will break a lot of deployments, but it shows
how to do policy in a more locked down manner:
https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json
We expect to fix this during Icehouse, but for Havana you will need admin
role for the following resources:
AWS::CloudFormation::WaitConditionHandle
OS::Heat::HARestarter
AWS::AutoScaling::ScalingPolicy
AWS::IAM::User
Steve
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
