1. devstack
  2. Commit 8b469c1c5e36047a9e5a80e040f137957bdb8d66
Browse code

Remove heat_stack_owner role

Since https://review.openstack.org/#/c/128509/ heat no longer requires
the "heat_stack_owner" role by default, as we now delegate all roles
via the trust. So remove the now unnecessary role creation and assignment
from lib/heat.

Change-Id: Ia097ac9a76b3242ed6e62b11ca64c7ac7680b97c

Steven Hardy authored on 2014/12/04 19:43:52
Showing 1 changed files
lib/heat
History View file @ 8b469c1
... ... 
@@ -252,17 +252,6 @@ function create_heat_accounts {
252 252 
     get_or_create_role "heat_stack_user"
253 253
254 254 
     if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then
255 
-
256 
-        # heat_stack_owner role is given to users who create Heat stacks,
257 
-        # it's the default role used by heat to delegate to the heat service
258 
-        # user (for performing deferred operations via trusts), see heat.conf
259 
-        local heat_owner_role=$(get_or_create_role "heat_stack_owner")
260 
-
261 
-        # Give the role to the demo and admin users so they can create stacks
262 
-        # in either of the projects created by devstack
263 
-        get_or_add_user_role $heat_owner_role demo demo
264 
-        get_or_add_user_role $heat_owner_role admin demo
265 
-        get_or_add_user_role $heat_owner_role admin admin
266 255 
         iniset $HEAT_CONF DEFAULT deferred_auth_method trusts
267 256 
     fi
268 257