On 09/23/2013 11:16 AM, Steven Hardy wrote: > On Fri, Sep 20, 2013 at 09:43:27AM +0300, Juha Tynninen wrote: >> Hi, >> >> In havana the user must have admin privileges to be able to create heat >> stacks having e.g. HARestarter resource. Otherwise an error will occur... >> >> What's logic behind this / or is this a bug? > Unforuntately this is a known problem: > > https://bugs.launchpad.net/heat/+bug/1089261 > > https://blueprints.launchpad.net/heat/+spec/instance-users See the updated policy config file for Keystone. We are not deploying it by default, yet,. as it will break a lot of deployments, but it shows how to do policy in a more locked down manner: https://github.com/openstack/keystone/blob/master/etc/policy.v3cloudsample.json > > We expect to fix this during Icehouse, but for Havana you will need admin > role for the following resources: > > AWS::CloudFormation::WaitConditionHandle > OS::Heat::HARestarter > AWS::AutoScaling::ScalingPolicy > AWS::IAM::User > > Steve > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack