Merge "Drop heat_stack_owner role"

2019-02-05 20:06:21 +00:00 · 2019-02-05 20:06:21 +00:00 · 3c8a6c0f8e
commit 3c8a6c0f8e
parent 99b3062315 776f4a8297
2 changed files with 2 additions and 16 deletions
--- a/heat/values.yaml
+++ b/heat/values.yaml
@ -572,13 +572,10 @@ bootstrap:
  enabled: true
  ks_user: admin
  script: |
-    #NOTE(portdirect): required for all users who operate heat stacks
-    openstack role create --or-show heat_stack_owner
-
    #NOTE(portdirect): The Orchestration service automatically assigns the
    # 'heat_stack_user' role to users that it creates during stack deployment.
    # By default, this role restricts API operations. To avoid conflicts, do
-    # not add this role to users with the heat_stack_owner role.
+    # not add this role to actual users.
    openstack role create --or-show heat_stack_user

 dependencies:
@ -766,9 +763,7 @@ endpoints:
        user_domain_name: default
        project_domain_name: default
      heat:
-        role:
-          - admin
-          - heat_stack_owner
+        role: admin
        region_name: RegionOne
        username: heat
        password: password
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@ -64,15 +64,6 @@ bootstrap:
          --project="${OS_PROJECT_NAME}" \
          "member"

-    #NOTE(portdirect): required for all users who operate heat stacks
-    openstack role create --or-show heat_stack_owner
-    openstack role add \
-          --user="${OS_USERNAME}" \
-          --user-domain="${OS_USER_DOMAIN_NAME}" \
-          --project-domain="${OS_PROJECT_DOMAIN_NAME}" \
-          --project="${OS_PROJECT_NAME}" \
-          "heat_stack_owner"
-
 network:
  api:
    ingress: