openstack-manuals

install-guide should clarify purpose of heat_stack_owner role

Bug #1401668 reported by Steve Baker on 2014-12-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openstack-manuals	Fix Released	Low	Darren Chan

Bug Description

wherever the install-guide includes the following instructions:

$ keystone role-create --name heat_stack_user
$ keystone role-create --name heat_stack_owner

there needs to be a warning that users should *never* be assigned to the role heat_stack_owner, since the default policy forbids most operations with that role.

Because of the name of the heat_stack_owner role, people often assume that their users should be assigned to it, so the warning will emphasise that they should not.

The instructions should also better clarify that users do need to be assigned to the heat_stack_user role to use heat.

See original description

Tags:

Steve Baker (steve-stevebaker) on 2014-12-11

description:

updated

Revision history for this message

Matt Kassawara (ionosphere80) wrote on 2014-12-13:

Thanks!

Changed in openstack-manuals:
status:	New → Confirmed
importance:	Undecided → Low

Darren Chan (dazzachan) on 2014-12-13

Changed in openstack-manuals:
assignee:	nobody → Darren Chan (dazzachan)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-16: Fix proposed to openstack-manuals (master)

Fix proposed to branch: master
Review: https://review.openstack.org/141975

Changed in openstack-manuals:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-17: Fix merged to openstack-manuals (master)

Reviewed: https://review.openstack.org/141975
Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=4f8a32470d476b45a4de3f9ec66d39b4021914eb
Submitter: Jenkins
Branch: master

commit 4f8a32470d476b45a4de3f9ec66d39b4021914eb
Author: darrenchan <email address hidden>
Date: Tue Dec 16 14:50:51 2014 +1100

Clarify heat roles in the Installation Guide

1. Added a brief description of the heat_stack_owner and heat_stack_user roles
2. Added a warning not to assign heat_stack_owner and heat_stack_user roles to the same user.

    Change-Id: Ic180902bfe2d2e66eb8739f7ef41f6dd96b11d6b
    backport: Juno
    Closes-Bug: #1401668

Changed in openstack-manuals:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-18: Fix proposed to openstack-manuals (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/142882

Revision history for this message

Matt Kassawara (ionosphere80) wrote on 2014-12-23:

Steve,

According to various documentation [1][2], I think your report reverses the 'heat_stack_owner' and 'heat_stack_user' roles.

[1] http://hardysteven.blogspot.com/2014/04/heat-auth-model-updates-part-1-trusts.html
[2] http://hardysteven.blogspot.com/2014/04/heat-auth-model-updates-part-2-stack.html

I'm updating the patch to reflect this documentation.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-23: Fix proposed to openstack-manuals (master)

Fix proposed to branch: master
Review: https://review.openstack.org/143680

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-23: Fix merged to openstack-manuals (master)

Reviewed: https://review.openstack.org/143680
Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=01a4e4060b300c1fc0b1b1634f106115e79aef2b
Submitter: Jenkins
Branch: master

commit 01a4e4060b300c1fc0b1b1634f106115e79aef2b
Author: Matthew Kassawara <email address hidden>
Date: Mon Dec 22 15:31:49 2014 -0600

Clarify heat roles

Building on an earlier patch, I further clarified the purpose
of the heat_stack_owner and heat_stack_user roles.

    Change-Id: I67804d2e7bfbd53e8f453adc251a102c6f0e39ff
    Closes-Bug: #1401668
    backport: juno

Revision history for this message

Steve Baker (steve-stevebaker) wrote on 2014-12-24: Re: [Bug 1401668] Re: install-guide should clarify purpose of heat_stack_owner role

On 24/12/14 04:12, Matt Kassawara wrote:
> According to various documentation [1][2], I think your report reverses
> the 'heat_stack_owner' and 'heat_stack_user' roles.
>
> [1] http://hardysteven.blogspot.com/2014/04/heat-auth-model-updates-part-1-trusts.html
> [2] http://hardysteven.blogspot.com/2014/04/heat-auth-model-updates-part-2-stack.html
>
> I'm updating the patch to reflect this documentation.
>
Its looking good now, thanks

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-24: Change abandoned on openstack-manuals (stable/juno)

Change abandoned by Matthew Kassawara (<email address hidden>) on branch: stable/juno
Review: https://review.openstack.org/142882
Reason: Superseded by patch #143680.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-25: Fix merged to openstack-manuals (stable/juno)

#10

Reviewed: https://review.openstack.org/142882
Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=12010158d63ca991c4c4951db04990a530c80db1
Submitter: Jenkins
Branch: stable/juno

commit 12010158d63ca991c4c4951db04990a530c80db1
Author: darrenchan <email address hidden>
Date: Tue Dec 16 14:50:51 2014 +1100

Clarify heat roles in the Installation Guide

1. Added a brief description of the heat_stack_owner and heat_stack_user roles
2. Added a warning not to assign heat_stack_owner and heat_stack_user roles to the same user.

    Change-Id: Ic180902bfe2d2e66eb8739f7ef41f6dd96b11d6b
    backport: Juno
    Closes-Bug: #1401668
    (cherry picked from commit 4f8a32470d476b45a4de3f9ec66d39b4021914eb)

tags:

added: in-stable-juno

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-25: Fix proposed to openstack-manuals (stable/juno)

#11

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/143977

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-25: Fix merged to openstack-manuals (stable/juno)

#12

Reviewed: https://review.openstack.org/143977
Committed: https://git.openstack.org/cgit/openstack/openstack-manuals/commit/?id=609313297eda343e41b9e975556e43532a805c41
Submitter: Jenkins
Branch: stable/juno

commit 609313297eda343e41b9e975556e43532a805c41
Author: Matthew Kassawara <email address hidden>
Date: Mon Dec 22 15:31:49 2014 -0600

Clarify heat roles

Building on an earlier patch, I further clarified the purpose
of the heat_stack_owner and heat_stack_user roles.

    Change-Id: I67804d2e7bfbd53e8f453adc251a102c6f0e39ff
    Closes-Bug: #1401668
    backport: juno
    (cherry picked from commit 01a4e4060b300c1fc0b1b1634f106115e79aef2b)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-03-24: Fix included in openstack/openstack-manuals 15.0.0

#13

This issue was fixed in the openstack/openstack-manuals 15.0.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.