Bug 1319027 - [bug] heat-stack delete needs a strong warning and confirmation prompt
Summary: [bug] heat-stack delete needs a strong warning and confirmation prompt
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: rhosp-director
Version: 7.0 (Kilo)
Hardware: All
OS: Linux
high
medium
Target Milestone: async
: 7.0 (Kilo)
Assignee: Angus Thomas
QA Contact: Arik Chernetsky
URL:
Whiteboard:
Depends On: 1259939 1319028
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-03-18 13:21 UTC by Jaromir Coufal
Modified: 2019-10-10 11:36 UTC (History)
18 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 1259939
Environment:
Last Closed: 2016-03-23 19:58:41 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1494058 0 None None None 2016-03-18 13:21:12 UTC
OpenStack gerrit 254351 0 None None None 2016-03-18 13:21:12 UTC

Comment 2 Zane Bitter 2016-03-18 14:51:28 UTC 
It's not appropriate to backport the python-heatclient change to a z-stream, since it may break some scripts that run in an environment where they are connected to a tty (for example, we encountered this problem with Ansible in the upstream TripleO CI).

With reference to the OSPd undercloud specifically (as opposed to Heat in general), a far more robust way to ensure that the overcloud is never deleted is to either disallow it entirely or give permissions only to a separate user in policy.json. Since this occurs on the server side it doesn't depend on everyone using the correct version of the client, and you can actually require elevated privileges rather than just an extra keystroke to delete the overcloud.
Comment 3 Jaromir Coufal 2016-03-23 19:58:41 UTC 
To avoid this usability issue, there is going to be documentation provided on restricting policies for OSP7.
Note You need to log in before you can comment on or make changes to this bug.