33f0c13ef4
* Updated Keystone wsgi and paste files from upstream. * Updated all clients in the openstack_client.yml file. * Kilo services are tracking the head of master. * Removed pinned middleware because they're pinned else where. * Added additional service references for neutron vpnaas, fwaas, and lbaas which have now been moved into their own repos and no longer exist within the core neutron repository. * The neutron vpnaas, fwaas, and lbaas have been removed from the basic plugins being loaded and a comment has been added to describe how one might add them back in. * Updated rootwrap filters for neutron dhcp and l3. * Updated heat policy.json * Added the `python-libguestfs` to the nova-compute installation packages. * Updates all services to point to the latest kilo tag Services updated due to deprecated configs: * Keystone * Glance * Nova * Neutron (is still using the deprecated nova auth plugin) * Heat * Tempest Items for future work post initial release: * roles/os_neutron/files/post-up-checksum-rules:25: TODO(cloudnull) remove this script once the bug is fixed. * roles/rabbitmq_server/tasks/rabbitmq_cluster_join.yml:17: TODO(someone): implement a more robust way of checking Implements: blueprint minimal-kilo Closes-Bug: 1428421 Closes-Bug: 1428431 Closes-Bug: 1428437 Closes-Bug: 1428445 Closes-Bug: 1428451 Closes-Bug: 1428469 Closes-Bug: 1428639 Change-Id: I28a305d9e40a9cf70148ef7d7b00d467a65ca076
74 lines
3.4 KiB
JSON
74 lines
3.4 KiB
JSON
{
|
|
"context_is_admin": "role:admin",
|
|
"deny_stack_user": "not role:heat_stack_user",
|
|
"deny_everybody": "!",
|
|
|
|
"cloudformation:ListStacks": "rule:deny_stack_user",
|
|
"cloudformation:CreateStack": "rule:deny_stack_user",
|
|
"cloudformation:DescribeStacks": "rule:deny_stack_user",
|
|
"cloudformation:DeleteStack": "rule:deny_stack_user",
|
|
"cloudformation:UpdateStack": "rule:deny_stack_user",
|
|
"cloudformation:CancelUpdateStack": "rule:deny_stack_user",
|
|
"cloudformation:DescribeStackEvents": "rule:deny_stack_user",
|
|
"cloudformation:ValidateTemplate": "rule:deny_stack_user",
|
|
"cloudformation:GetTemplate": "rule:deny_stack_user",
|
|
"cloudformation:EstimateTemplateCost": "rule:deny_stack_user",
|
|
"cloudformation:DescribeStackResource": "",
|
|
"cloudformation:DescribeStackResources": "rule:deny_stack_user",
|
|
"cloudformation:ListStackResources": "rule:deny_stack_user",
|
|
|
|
"cloudwatch:DeleteAlarms": "rule:deny_stack_user",
|
|
"cloudwatch:DescribeAlarmHistory": "rule:deny_stack_user",
|
|
"cloudwatch:DescribeAlarms": "rule:deny_stack_user",
|
|
"cloudwatch:DescribeAlarmsForMetric": "rule:deny_stack_user",
|
|
"cloudwatch:DisableAlarmActions": "rule:deny_stack_user",
|
|
"cloudwatch:EnableAlarmActions": "rule:deny_stack_user",
|
|
"cloudwatch:GetMetricStatistics": "rule:deny_stack_user",
|
|
"cloudwatch:ListMetrics": "rule:deny_stack_user",
|
|
"cloudwatch:PutMetricAlarm": "rule:deny_stack_user",
|
|
"cloudwatch:PutMetricData": "",
|
|
"cloudwatch:SetAlarmState": "rule:deny_stack_user",
|
|
|
|
"actions:action": "rule:deny_stack_user",
|
|
"build_info:build_info": "rule:deny_stack_user",
|
|
"events:index": "rule:deny_stack_user",
|
|
"events:show": "rule:deny_stack_user",
|
|
"resource:index": "rule:deny_stack_user",
|
|
"resource:metadata": "",
|
|
"resource:signal": "",
|
|
"resource:show": "rule:deny_stack_user",
|
|
"stacks:abandon": "rule:deny_stack_user",
|
|
"stacks:create": "rule:deny_stack_user",
|
|
"stacks:delete": "rule:deny_stack_user",
|
|
"stacks:detail": "rule:deny_stack_user",
|
|
"stacks:generate_template": "rule:deny_stack_user",
|
|
"stacks:global_index": "rule:deny_everybody",
|
|
"stacks:index": "rule:deny_stack_user",
|
|
"stacks:list_resource_types": "rule:deny_stack_user",
|
|
"stacks:lookup": "",
|
|
"stacks:preview": "rule:deny_stack_user",
|
|
"stacks:resource_schema": "rule:deny_stack_user",
|
|
"stacks:show": "rule:deny_stack_user",
|
|
"stacks:template": "rule:deny_stack_user",
|
|
"stacks:update": "rule:deny_stack_user",
|
|
"stacks:update_patch": "rule:deny_stack_user",
|
|
"stacks:validate_template": "rule:deny_stack_user",
|
|
"stacks:snapshot": "rule:deny_stack_user",
|
|
"stacks:show_snapshot": "rule:deny_stack_user",
|
|
"stacks:delete_snapshot": "rule:deny_stack_user",
|
|
"stacks:list_snapshots": "rule:deny_stack_user",
|
|
"stacks:restore_snapshot": "rule:deny_stack_user",
|
|
|
|
"software_configs:create": "rule:deny_stack_user",
|
|
"software_configs:show": "rule:deny_stack_user",
|
|
"software_configs:delete": "rule:deny_stack_user",
|
|
"software_deployments:index": "rule:deny_stack_user",
|
|
"software_deployments:create": "rule:deny_stack_user",
|
|
"software_deployments:show": "rule:deny_stack_user",
|
|
"software_deployments:update": "rule:deny_stack_user",
|
|
"software_deployments:delete": "rule:deny_stack_user",
|
|
"software_deployments:metadata": "",
|
|
|
|
"service:index": "rule:context_is_admin"
|
|
}
|