Only implement policy.json if an override is configured

With I610115dc1974b2182ce673bb086a1da15b022de3 merged there
is no longer a default policy.json file in the venv, so we
need to change how we implement the file, and should only do
so if there is a config override configured for it.

Change-Id: Ifd0e57e14d5691daf4d715a46bdea2f1d90050d5
This commit is contained in:
Jesse Pretorius 2019-01-08 13:54:26 +00:00
parent d5e16dbdf6
commit a839cc1713
2 changed files with 7 additions and 19 deletions

View File

@ -39,9 +39,12 @@
dest: "/etc/heat/templates/AWS_RDS_DBInstance.yaml"
config_overrides: "{{ heat_aws_rds_dbinstance_yaml_overrides }}"
config_type: "yaml"
- src: "policy.json.j2"
dest: "/etc/heat/policy.json"
config_overrides: "{{ heat_policy_overrides }}"
config_type: "json"
notify:
- Restart heat services
- name: Implement policy.json if there are overrides configured
copy:
content: "{{ heat_policy_overrides | to_nice_json }}"
dest: "/etc/heat/policy.json"
when:
- heat_policy_overrides != {}

View File

@ -1,15 +0,0 @@
{
"cloudformation:ListStacks": "rule:deny_stack_user",
"cloudformation:CreateStack": "rule:deny_stack_user",
"cloudformation:DescribeStacks": "rule:deny_stack_user",
"cloudformation:DeleteStack": "rule:deny_stack_user",
"cloudformation:UpdateStack": "rule:deny_stack_user",
"cloudformation:CancelUpdateStack": "rule:deny_stack_user",
"cloudformation:DescribeStackEvents": "rule:deny_stack_user",
"cloudformation:ValidateTemplate": "rule:deny_stack_user",
"cloudformation:GetTemplate": "rule:deny_stack_user",
"cloudformation:EstimateTemplateCost": "rule:deny_stack_user",
"cloudformation:DescribeStackResource": "",
"cloudformation:DescribeStackResources": "rule:deny_stack_user",
"cloudformation:ListStackResources": "rule:deny_stack_user",
}