Heat: policy rules should be present for heat-engine
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Takashi Kajinami |
Bug Description
Description
===========
This was initially reported in https:/
The heat-engine service requires access to policy rules so that it can enforce policy rules for resource types.
https:/
However currently the heat::policy class is not loaded when generating config files for heat-engine service, and the oslo.policy options are not rendered into the heat.conf file for heat-engine.
This prevents users from setting resource type policy rules by HeatApiPolicies.
Steps to reproduce
==================
* Create an environment file to define a resource type policy by HeatApiPolicies.
parameter_
HeatApiPoli
'
* Deploy overcloud/
* Create a stack with the flavor by a non-admin user
Expected result
===============
* Stack creation succeeds without error
Actual result
=============
* Stack creation fails because the user is not allowed to create a flavor resource
Environment
===========
* This issue was initially found in our downstream product based on stable/train
Logs & Configs
==============
N/A
description: | updated |
Changed in tripleo: | |
importance: | Undecided → High |
assignee: | nobody → Takashi Kajinami (kajinamit) |
milestone: | none → zed-1 |
tags: | added: train-backport-potential wallaby-backport-potential |
Changed in tripleo: | |
status: | New → In Progress |
Fix proposed to branch: master /review. opendev. org/c/openstack /puppet- tripleo/ +/851803
Review: https:/