On Mon, Nov 09, 2015 at 11:00:10AM +0000, Bruno Bompastor wrote: > Hello, > > I was looking to enable admin operations for heat stacks on all tenants. This > is useful to do support operations and debug stacks owned by different users. > > I came across the “heat stack-list -g” command that allows to see all stacks > but after that is not possible to “heat stack-show” or “heat template-show” > based on ID (even if you allow that operation for admins on the policy.json). > > Does anyone has a solution for this? Is it even possible?
Currently it's not possible, stack-list -g is the only "global" API supported, and that is disabled by default in the policy.json. This was discussed in the operator feedback session at summit, ref this bug: https://bugs.launchpad.net/heat/+bug/1466694 It sounds like there is a desire to see a general solution to this, but so far we've resisted embracing the "global admin" concept, because it seemed like several other projects made assumptions relating to the scope of the admin role, ref https://bugs.launchpad.net/keystone/+bug/968696 I'll triage the heat bug mentioned above and we can continue discussion there. Steve __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev