From 28d8eca8c17f7477d62b22080b20bbedb20dea3c Mon Sep 17 00:00:00 2001 From: yatin Date: Sat, 6 Aug 2016 18:49:07 +0530 Subject: [PATCH] Change stacks:global_index heat policy to context_is_admin Rule "context_is_admin" is defined in heat for admin role and heat uses this rule to authorize admin operations. Since default admin context can be updated by heat, we should use the rule: context_is_admin. In newton, heat updated the admin context to admin role with admin tenant in following patch:- https://review.openstack.org/#/c/316627/ Change-Id: Iea6f3a6124e0c4d29801641aff51e385f0399488 Closes-Bug: #1499302 --- devstack/lib/magnum | 2 +- doc/source/userguide.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/devstack/lib/magnum b/devstack/lib/magnum index 3e690de3f2..62a75df4dc 100644 --- a/devstack/lib/magnum +++ b/devstack/lib/magnum @@ -229,7 +229,7 @@ function create_api_paste_conf { function update_heat_policy { # enable stacks global_index search so that magnum can use # list(global_tenant=True) - sed -i 's/\("stacks:global_index":\).*$/\1 "role:admin",/' $HEAT_CONF_DIR/policy.json + sed -i 's/\("stacks:global_index":\).*$/\1 "rule:context_is_admin",/' $HEAT_CONF_DIR/policy.json } # create_magnum_cache_dir() - Part of the init_magnum() process diff --git a/doc/source/userguide.rst b/doc/source/userguide.rst index 9358e54319..f80368e56e 100644 --- a/doc/source/userguide.rst +++ b/doc/source/userguide.rst @@ -1675,7 +1675,7 @@ it for Magnum. If you want to enable it nonetheless, proceed as follows: .. code-block:: ini ... - stacks:global_index: "role:admin", + stacks:global_index: "rule:context_is_admin", Now restart heat.