Thanks Steven that is helpful. ________________________________________ From: Steven Hardy <[email protected]> Sent: Thursday, May 28, 2015 3:25 PM To: Ashish Jain (WT01 - BAS) Cc: [email protected] Subject: Re: [Openstack] [heat] How to use 'heat stack-list -g' in Juno
On Wed, May 27, 2015 at 10:37:13AM +0000, [email protected] wrote: > Hi, > > When I run the command 'heat stack-list -g' as an 'admin' user, I get > unauthorized. Heat policy.json says "stacks:global_index": > "rule:deny_everybody". How can I make this work? You'll have to modify the rule in policy.json, it's deliberately disabled by default due to the potential for misuse, particularly give this long-standing keystone bug[1] If you're prepared for any admin in any project to have global visibility of all stacks, you could just s/deny_everybody/context_is_admin on that line. A potentially more secure solution for real deployments would be to create a new role which is only given to operator/service admins who you want to grant global list access to. [1] https://bugs.launchpad.net/keystone/+bug/968696 The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
