kgess-mirror/openstack-heat
1
0
Fork 0
mirror of https://opendev.org/openstack/heat.git synced 2026-01-16 23:00:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
OpenStack Orchestration (Heat)
16037 commits 8 branches 224 tags 222 MiB
Find a file
Takashi Kajinami 185f28a3b4 Isolate project scope and system scope 
This change updates the default policies implemented in Heat, to follow
the updated guideline[1] to implement SRBAC.

The main change is that system users are no longer allowed to perform
any operations about project-level resources like stacks, while project
admin(*1) is still allowed to perform operations about project-level
resources BEYOND project (like getting stacks for all projects by list
stacks API).

[1] https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#direction-change

This also adds the test cases to validate reader role which was almost
implemented in heat.

(*1)
If Keystone has an admin project defined, Heat checks an additional
requirement that request context is scoped by that admin project.

Change-Id: I943b3c1ce021cc05445b73fbc342b8386cf5bf6a
2023-06-28 18:38:59 +09:00
api-ref/source Integrate pre-commit 2023-03-22 17:16:30 +00:00
bin db: Migrate to alembic 2023-03-25 12:00:35 +09:00
contrib/heat_docker Use unittest.mock instead of third party mock 2020-05-05 08:42:11 -05:00
devstack Disable unstable test cases in grenade 2023-03-23 23:32:49 +09:00
doc Update the "Creating your first stack" document 2023-04-12 16:09:33 +02:00
etc/heat Deploy healthcheck middleware as app instead of filter 2022-06-06 23:47:16 +09:00
heat Isolate project scope and system scope 2023-06-28 18:38:59 +09:00
heat_integrationtests Replace KeyPair resource by TestResource 2022-08-01 13:50:29 +09:00
heat_upgradetests Integrate pre-commit 2023-03-22 17:16:30 +00:00
playbooks/devstack/functional Remove gabbi tempest plugin 2020-11-04 02:12:11 +00:00
rally-scenarios Switch to use opendev.org 2019-04-22 09:36:50 +05:30
releasenotes Isolate project scope and system scope 2023-06-28 18:38:59 +09:00
roles/run-heat-tests Fix setting the tempest virtual env constraints env var 2023-02-21 16:05:09 +00:00
tools Fix lower-constraints errors 2020-09-10 14:19:03 -04:00
.coveragerc Update .coveragerc after the removal of openstack directory 2016-11-12 09:21:05 +05:30
.gitignore Ignore old 'vN-branch' tags when scanning for release notes 2020-03-27 17:44:43 +00:00
.gitreview OpenDev Migration Patch 2019-04-19 19:33:28 +00:00
.pre-commit-config.yaml Integrate pre-commit 2023-03-22 17:16:30 +00:00
.stestr.conf Use stestr for unit tests 2017-12-15 12:39:37 +05:30
.zuul.yaml Switch to 2023.1 Python3 unit tests and generic template name 2022-09-13 14:14:13 +00:00
babel.cfg Add setup.py and friends 2012-03-14 09:25:54 +11:00
bindep.txt Remove python2 from bindep 2022-06-10 20:27:28 +03:00
config-generator.conf Merge "Add missing [oslo_reports] options" 2021-09-21 02:15:31 +00:00
CONTRIBUTING.rst [ussuri][goal] Update contributor documentation 2021-05-31 20:37:14 +00:00
HACKING.rst Clean up test requirements 2018-07-27 13:38:27 +00:00
install.sh Remove use of heat_watch_server_url 2018-01-28 09:11:18 +05:30
LICENSE Initial commit (basics copied from glance) 2012-03-13 21:48:07 +11:00
README.rst Add ironic client plugin support 2020-04-09 14:14:38 +08:00
requirements.txt db: Remove legacy migrations 2023-03-25 03:01:02 +00:00
setup.cfg Add Python 3.10 to supported runtime. 2023-03-30 14:40:59 +09:00
setup.py Disable auto discovery 2022-03-29 01:15:03 +10:00
test-requirements.txt Update doc8 version 2021-01-06 16:28:32 +08:00
tox.ini tests: Enable SQLAlchemy 2.0 deprecation warnings 2023-03-25 03:01:09 +00:00
uninstall.sh use stderr for error echo message 2016-01-17 05:20:40 +00:00

README.rst 

========================
Team and repository tags
========================

.. image:: https://governance.openstack.org/tc/badges/heat.svg
    :target: https://governance.openstack.org/tc/reference/tags/index.html

.. Change things from this point on

====
Heat
====

Heat is a service to orchestrate multiple composite cloud applications using
templates, through both an OpenStack-native REST API and a
CloudFormation-compatible Query API.

Why heat? It makes the clouds rise and keeps them there.

Getting Started
---------------

If you'd like to run from the master branch, you can clone the git repo:

    git clone https://opendev.org/openstack/heat


* Documentation: https://docs.openstack.org/heat/latest
* Template samples: https://opendev.org/openstack/heat-templates
* Agents: https://opendev.org/openstack/heat-agents
* Release Notes: https://docs.openstack.org/releasenotes/heat/

Python client
-------------

* Documentation: https://docs.openstack.org/python-heatclient/latest
* Source: https://opendev.org/openstack/python-heatclient

Report a Story (a bug/blueprint)
--------------------------------

If you'd like to report a Story (we used to call a bug/blueprint), you can
report it under Report a story in
`Heat's StoryBoard <https://storyboard.openstack.org/#!/project/989>`_.
If you must report the story under other sub-project of heat, you can find
them all in `Heat StoryBoard Group <https://storyboard.openstack.org/#!/project_group/82>`_.
if you encounter any issue.

References
----------
* https://docs.amazonwebservices.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html
* https://docs.amazonwebservices.com/AWSCloudFormation/latest/UserGuide/create-stack.html
* https://docs.amazonwebservices.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
* https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=tosca

We have integration with
------------------------
* https://opendev.org/openstack/python-novaclient (instance)
* https://opendev.org/openstack/python-keystoneclient (auth)
* https://opendev.org/openstack/python-swiftclient (object storage)
* https://opendev.org/openstack/python-neutronclient (networking)
* https://opendev.org/openstack/python-aodhclient (alarming service)
* https://opendev.org/openstack/python-cinderclient (block storage)
* https://opendev.org/openstack/python-glanceclient (image service)
* https://opendev.org/openstack/python-troveclient (database as a Service)
* https://opendev.org/openstack/python-saharaclient (hadoop cluster)
* https://opendev.org/openstack/python-barbicanclient (key management service)
* https://opendev.org/openstack/python-designateclient (DNS service)
* https://opendev.org/openstack/python-magnumclient (container service)
* https://opendev.org/openstack/python-manilaclient (shared file system service)
* https://opendev.org/openstack/python-mistralclient (workflow service)
* https://opendev.org/openstack/python-zaqarclient (messaging service)
* https://opendev.org/openstack/python-monascaclient (monitoring service)
* https://opendev.org/openstack/python-zunclient (container management service)
* https://opendev.org/openstack/python-blazarclient (reservation service)
* https://opendev.org/openstack/python-octaviaclient.git (Load-balancer service)
* https://opendev.org/openstack/python-senlinclient (Clustering service)
* https://opendev.org/openstack/python-vitrageclient.git (RCA service)
* https://opendev.org/openstack/python-ironicclient (baremetal provisioning service)