The heat policy.json file needs to be updated in order to allow heat to fully run within the Kilo code base as deployed from master.
Our heat policy file should be replaced with the upstream file. The file to be replaced is:
https://github.com/stackforge/os-ansible-deployment/blob/master/playbooks/roles/os_heat/files/policy.json
The upstream file used that was tested as working is:
https://github.com/openstack/heat/blob/master/etc/heat/policy.json
Without the update heat will not allow any access and will provide the following error:
-- Heat error --
{
"code": 403,
"error": {
"message": "You are not authorized to complete this action.",
"traceback": "Traceback (most recent call last):\n File \"/usr/local/lib/python2.7/dist-packages/heat/api/middleware/fault.py\", line 147, in process_request\n return req.get_response(self.application)\n File \"/usr/local/lib/python2.7/dist-packages/webob/request.py\", line 1320, in send\n application, catch_exc_info=False)\n File \"/usr/local/lib/python2.7/dist-packages/webob/request.py\", line 1284, in call_application\n app_iter = application(self.environ, start_response)\n File \"/usr/local/lib/python2.7/dist-packages/webob/dec.py\", line 130, in __call__\n resp = self.call_func(req, *args, **self.kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/webob/dec.py\", line 195, in call_func\n return self.func(req, *args, **kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/heat/common/wsgi.py\", line 397, in __call__\n response = req.get_response(self.application)\n File \"/usr/local/lib/python2.7/dist-packages/webob/request.py\", line 1320, in send\n application, catch_exc_info=False)\n File \"/usr/local/lib/python2.7/dist-packages/webob/request.py\", line 1284, in call_application\n app_iter = application(self.environ, start_response)\n File \"/usr/local/lib/python2.7/dist-packages/webob/dec.py\", line 130, in __call__\n resp = self.call_func(req, *args, **self.kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/webob/dec.py\", line 195, in call_func\n return self.func(req, *args, **kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/heat/common/wsgi.py\", line 397, in __call__\n response = req.get_response(self.application)\n File \"/usr/local/lib/python2.7/dist-packages/webob/request.py\", line 1320, in send\n application, catch_exc_info=False)\n File \"/usr/local/lib/python2.7/dist-packages/webob/request.py\", line 1284, in call_application\n app_iter = application(self.environ, start_response)\n File \"/usr/local/lib/python2.7/dist-packages/webob/dec.py\", line 130, in __call__\n resp = self.call_func(req, *args, **self.kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/webob/dec.py\", line 195, in call_func\n return self.func(req, *args, **kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/heat/common/wsgi.py\", line 397, in __call__\n response = req.get_response(self.application)\n File \"/usr/local/lib/python2.7/dist-packages/webob/request.py\", line 1320, in send\n application, catch_exc_info=False)\n File \"/usr/local/lib/python2.7/dist-packages/webob/request.py\", line 1284, in call_application\n app_iter = application(self.environ, start_response)\n File \"/usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token.py\", line 823, in __call__\n return self._call_app(env, start_response)\n File \"/usr/local/lib/python2.7/dist-packages/keystonemiddleware/auth_token.py\", line 758, in _call_app\n return self._app(env, _fake_start_response)\n File \"/usr/local/lib/python2.7/dist-packages/webob/dec.py\", line 130, in __call__\n resp = self.call_func(req, *args, **self.kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/webob/dec.py\", line 195, in call_func\n return self.func(req, *args, **kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/heat/common/wsgi.py\", line 397, in __call__\n response = req.get_response(self.application)\n File \"/usr/local/lib/python2.7/dist-packages/webob/request.py\", line 1320, in send\n application, catch_exc_info=False)\n File \"/usr/local/lib/python2.7/dist-packages/webob/request.py\", line 1284, in call_application\n app_iter = application(self.environ, start_response)\n File \"/usr/local/lib/python2.7/dist-packages/webob/dec.py\", line 144, in __call__\n return resp(environ, start_response)\n File \"/usr/local/lib/python2.7/dist-packages/routes/middleware.py\", line 136, in __call__\n response = self.app(environ, start_response)\n File \"/usr/local/lib/python2.7/dist-packages/webob/dec.py\", line 144, in __call__\n return resp(environ, start_response)\n File \"/usr/local/lib/python2.7/dist-packages/webob/dec.py\", line 130, in __call__\n resp = self.call_func(req, *args, **self.kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/webob/dec.py\", line 195, in call_func\n return self.func(req, *args, **kwargs)\n File \"/usr/local/lib/python2.7/dist-packages/heat/common/wsgi.py\", line 687, in __call__\n raise translate_exception(err, request.best_match_language())\nForbidden: You are not authorized to complete this action.\n",
"type": "Forbidden"
},
"explanation": "Access was denied to this resource.",
"title": "Forbidden"
}
Fix proposed to branch: master /review. openstack. org/166986
Review: https:/