Heat can sometimes delete end-user's own project
Bug #1365332 reported by
Kieran Spear
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Heat |
Fix Released
|
High
|
Steven Hardy | ||
Icehouse |
Fix Released
|
High
|
Kieran Spear |
Bug Description
We upgraded from Havana to Icehouse Heat about a month ago. A few days ago I configured Heat to use its own Keystone domain for user/project creation. I short while after that I found that a user's own tenant in the 'default' domain had been deleted.
- Create a stack on a Heat deployment that isn't configured to use its own Keystone domain (i.e., stack_user_
- Set stack_user_
- Delete the stack
The user's own project will be deleted.
In retrospect I should have realised this but with Keystone's default policy.json the heat_stack_admin will have admin over everything, not just its own domain.
tags: | added: icehouse-backport-potential |
Changed in heat: | |
status: | Fix Committed → Fix Released |
Changed in heat: | |
milestone: | juno-rc1 → 2014.2 |
To post a comment you must log in.
Ouch! We should definitely add a check to avoid this! :-O