Bug 1374372

Summary: explicit required permissions for OSP cloud provider's ceilometer user
Product: Red Hat CloudForms Management Engine Reporter: Colin Arnott <carnott>
Component: DocumentationAssignee: Red Hat CloudForms Documentation <cloudforms-docs>
Status: CLOSED WONTFIX QA Contact: Red Hat CloudForms Documentation <cloudforms-docs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 5.6.0CC: adahms, benglish, hhudgeon, jhardy, mfeifer, obarenbo, tzumainn
Target Milestone: GA   
Target Release: 5.7.0   
Hardware: x86_64   
OS: Linux   
Whiteboard: doc
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-04 04:40:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Colin Arnott 2016-09-08 14:02:11 UTC 
Document URL: 
https://access.redhat.com/documentation/en/red-hat-cloudforms/4.1/deployment-planning-guide/#data_collection_for_red_hat_enterprise_linux_openstack_platform

Section Number and Name: 
4.5.4 Data Collection for Red Hat Enterprise Linux OpenStack Platform: create users and roles

Describe the issue: 
The OSP cloud provider supports ceilometer, but currently requires the use of an admin role, my security standards prevent me from giving cart blanch access to my OSP overcloud environment. Can you please enumerate the permissions required by CFME so that I can use least privilege when creating the ceilometer user for CFME in my OSP overcloud environment.

Suggestions for improvement: 
Add a section indicating required roles for the ceilometer user in the OSP provider.

Additional information:
Comment 3 Andrew Dahms 2018-04-04 04:40:49 UTC 
Thank you for raising this bug.

After further discussion with the program team, we have been given the advice not to document specific permissions for service accounts at this time based on the following article -

http://cloudformsblog.redhat.com/2017/08/16/security-management-operations/

As such, I will be closing this bug for now, but we can re-investigate this request again in the future if required.
Comment 4 Andrew Dahms 2018-05-30 23:45:07 UTC 
Cancelling old needinfo request.