]> review.fuel-infra Code Review - openstack-build/heat-build.git/commit
Code Review / openstack-build / heat-build.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: a45bbcc) | patch
heat api : Add policy.json authorization to CFN API
authorSteven Hardy <shardy@redhat.com>
Tue, 5 Feb 2013 19:23:38 +0000 (19:23 +0000)
committerSteven Hardy <shardy@redhat.com>
Wed, 6 Feb 2013 14:58:23 +0000 (14:58 +0000)
commitdfacae65b5711ad960128c337295e756f6234b31
tree8cd55b35804f7f12a84aa836c1ab71912b16471etree | snapshot
parenta45bbcc8e2c2c98cbd673c845a226721931d9729commit | diff
heat api : Add policy.json authorization to CFN API

Adds a basic policy.json to authorize all actions for the CFN API -
this will deny access to the in-instance users defined in stack
templates (which are assigned the heat_stack_user role) to all API
actions apart from DescribeStackResource, which is used for metadata
updates

ref bug 1115758

Change-Id: I1431c1f23593fffd0f911f71ef9c186a43e5063a
Signed-off-by: Steven Hardy <shardy@redhat.com>
etc/heat/policy.json [new file with mode: 0644] blob
heat/api/cfn/v1/stacks.py diff | blob | history
heat/tests/test_api_cfn_v1.py diff | blob | history