1 files changed, 1 insertions, 90 deletions

diff --git a/etc/heat/policy.json b/etc/heat/policy.json
index 0f5dd61..c093f33 100644
--- a/etc/heat/policy.json
+++ b/etc/heat/policy.json
@@ -1,92 +1,3 @@
 {
-    "deny_readonly": "not role:readonly",
-    "context_is_admin":  "role:admin and rule:deny_readonly",
-    "project_admin": "role:admin",
-    "deny_stack_user": "not role:heat_stack_user",
-    "deny_everybody": "!",
-
-    "cloudformation:ListStacks": "rule:deny_stack_user",
-    "cloudformation:CreateStack": "rule:deny_stack_user and rule:deny_readonly",
-    "cloudformation:DescribeStacks": "rule:deny_stack_user",
-    "cloudformation:DeleteStack": "rule:deny_stack_user and rule:deny_readonly",
-    "cloudformation:UpdateStack": "rule:deny_stack_user and rule:deny_readonly",
-    "cloudformation:CancelUpdateStack": "rule:deny_stack_user and rule:deny_readonly",
-    "cloudformation:DescribeStackEvents": "rule:deny_stack_user",
-    "cloudformation:ValidateTemplate": "rule:deny_stack_user",
-    "cloudformation:GetTemplate": "rule:deny_stack_user",
-    "cloudformation:EstimateTemplateCost": "rule:deny_stack_user",
-    "cloudformation:DescribeStackResource": "",
-    "cloudformation:DescribeStackResources": "rule:deny_stack_user",
-    "cloudformation:ListStackResources": "rule:deny_stack_user",
-    "cloudwatch:DeleteAlarms": "rule:deny_stack_user and rule:deny_readonly",
-    "cloudwatch:DescribeAlarmHistory": "rule:deny_stack_user",
-    "cloudwatch:DescribeAlarms": "rule:deny_stack_user",
-    "cloudwatch:DescribeAlarmsForMetric": "rule:deny_stack_user",
-    "cloudwatch:DisableAlarmActions": "rule:deny_stack_user and rule:deny_readonly",
-    "cloudwatch:EnableAlarmActions": "rule:deny_stack_user and rule:deny_readonly",
-    "cloudwatch:GetMetricStatistics": "rule:deny_stack_user",
-    "cloudwatch:ListMetrics": "rule:deny_stack_user",
-    "cloudwatch:PutMetricAlarm": "rule:deny_stack_user",
-    "cloudwatch:PutMetricData": "",
-    "cloudwatch:SetAlarmState": "rule:deny_stack_user and rule:deny_readonly",
-    "actions:action": "rule:deny_stack_user",
-    "build_info:build_info": "rule:deny_stack_user",
-    "events:index": "rule:deny_stack_user",
-    "events:show": "rule:deny_stack_user",
-    "resource:index": "rule:deny_stack_user",
-    "resource:metadata": "",
-    "resource:signal": "",
-    "resource:mark_unhealthy": "rule:deny_stack_user",
-    "resource:show": "rule:deny_stack_user",
-    "stacks:abandon": "rule:deny_stack_user and rule:deny_readonly",
-    "stacks:create": "rule:deny_stack_user and rule:deny_readonly",
-    "stacks:delete": "rule:deny_stack_user and rule:deny_readonly",
-    "stacks:detail": "rule:deny_stack_user",
-    "stacks:export": "rule:deny_stack_user",
-    "stacks:generate_template": "rule:deny_stack_user",
-    "stacks:global_index": "rule:deny_everybody",
-    "stacks:index": "rule:deny_stack_user",
-    "stacks:list_resource_types": "rule:deny_stack_user",
-    "stacks:list_template_versions": "rule:deny_stack_user",
-    "stacks:list_template_functions": "rule:deny_stack_user",
-    "stacks:lookup": "",
-    "stacks:preview": "rule:deny_stack_user",
-    "stacks:resource_schema": "rule:deny_stack_user",
-    "stacks:show": "rule:deny_stack_user",
-    "stacks:template": "rule:deny_stack_user",
-    "stacks:environment": "rule:deny_stack_user",
-    "stacks:files": "rule:deny_stack_user",
-    "stacks:update": "rule:deny_stack_user and rule:deny_readonly",
-    "stacks:update_patch": "rule:deny_stack_user and rule:deny_readonly",
-    "stacks:preview_update": "rule:deny_stack_user and rule:deny_readonly",
-    "stacks:preview_update_patch": "rule:deny_stack_user and rule:deny_readonly",
-    "stacks:validate_template": "rule:deny_stack_user",
-    "stacks:snapshot": "rule:deny_stack_user",
-    "stacks:show_snapshot": "rule:deny_stack_user",
-    "stacks:delete_snapshot": "rule:deny_stack_user and rule:deny_readonly",
-    "stacks:list_snapshots": "rule:deny_stack_user",
-    "stacks:restore_snapshot": "rule:deny_stack_user and rule:deny_readonly",
-    "stacks:list_outputs": "rule:deny_stack_user",
-    "stacks:show_output": "rule:deny_stack_user",
-    "software_configs:global_index": "rule:deny_everybody",
-    "software_configs:index": "rule:deny_stack_user",
-    "software_configs:create": "rule:deny_stack_user and rule:deny_readonly",
-    "software_configs:show": "rule:deny_stack_user",
-    "software_configs:delete": "rule:deny_stack_user and rule:deny_readonly",
-    "software_deployments:index": "rule:deny_stack_user",
-    "software_deployments:create": "rule:deny_stack_user and rule:deny_readonly",
-    "software_deployments:show": "rule:deny_stack_user",
-    "software_deployments:update": "rule:deny_stack_user and rule:deny_readonly",
-    "software_deployments:delete": "rule:deny_stack_user and rule:deny_readonly",
-    "software_deployments:metadata": "",
-    "service:index": "rule:context_is_admin",
-    "resource_types:OS::Nova::Flavor": "rule:project_admin",
-    "resource_types:OS::Cinder::EncryptedVolumeType": "rule:project_admin",
-    "resource_types:OS::Cinder::VolumeType": "rule:project_admin",
-    "resource_types:OS::Cinder::Quota": "rule:project_admin",
-    "resource_types:OS::Manila::ShareType": "rule:project_admin",
-    "resource_types:OS::Neutron::QoSPolicy": "rule:project_admin",
-    "resource_types:OS::Neutron::QoSBandwidthLimitRule": "rule:project_admin",
-    "resource_types:OS::Nova::HostAggregate": "rule:project_admin",
-    "resource_types:OS::Cinder::QoSSpecs": "rule:project_admin"
+    "context_is_admin": "role:admin","project_admin": "role:admin","deny_stack_user": "not role:heat_stack_user","deny_everybody": "!","cloudformation:ListStacks": "rule:deny_stack_user","cloudformation:CreateStack": "rule:deny_stack_user","cloudformation:DescribeStacks": "rule:deny_stack_user","cloudformation:DeleteStack": "rule:deny_stack_user","cloudformation:UpdateStack": "rule:deny_stack_user","cloudformation:CancelUpdateStack": "rule:deny_stack_user","cloudformation:DescribeStackEvents": "rule:deny_stack_user","cloudformation:ValidateTemplate": "rule:deny_stack_user","cloudformation:GetTemplate": "rule:deny_stack_user","cloudformation:EstimateTemplateCost": "rule:deny_stack_user","cloudformation:DescribeStackResource": "","cloudformation:DescribeStackResources": "rule:deny_stack_user","cloudformation:ListStackResources": "rule:deny_stack_user","cloudwatch:DeleteAlarms": "rule:deny_stack_user","cloudwatch:DescribeAlarmHistory": "rule:deny_stack_user","cloudwatch:DescribeAlarms": "rule:deny_stack_user","cloudwatch:DescribeAlarmsForMetric": "rule:deny_stack_user","cloudwatch:DisableAlarmActions": "rule:deny_stack_user","cloudwatch:EnableAlarmActions": "rule:deny_stack_user","cloudwatch:GetMetricStatistics": "rule:deny_stack_user","cloudwatch:ListMetrics": "rule:deny_stack_user","cloudwatch:PutMetricAlarm": "rule:deny_stack_user","cloudwatch:PutMetricData": "","cloudwatch:SetAlarmState": "rule:deny_stack_user","actions:action": "rule:deny_stack_user","build_info:build_info": "rule:deny_stack_user","events:index": "rule:deny_stack_user","events:show": "rule:deny_stack_user","resource:index": "rule:deny_stack_user","resource:metadata": "","resource:signal": "","resource:mark_unhealthy": "rule:deny_stack_user","resource:show": "rule:deny_stack_user","stacks:abandon": "rule:deny_stack_user","stacks:create": "rule:deny_stack_user","stacks:delete": "rule:deny_stack_user","stacks:detail": "rule:deny_stack_user","stacks:export": "rule:deny_stack_user","stacks:generate_template": "rule:deny_stack_user","stacks:global_index": "rule:deny_everybody","stacks:index": "rule:deny_stack_user","stacks:list_resource_types": "rule:deny_stack_user","stacks:list_template_versions": "rule:deny_stack_user","stacks:list_template_functions": "rule:deny_stack_user","stacks:lookup": "","stacks:preview": "rule:deny_stack_user","stacks:resource_schema": "rule:deny_stack_user","stacks:show": "rule:deny_stack_user","stacks:template": "rule:deny_stack_user","stacks:environment": "rule:deny_stack_user","stacks:files": "rule:deny_stack_user","stacks:update": "rule:deny_stack_user","stacks:update_patch": "rule:deny_stack_user","stacks:preview_update": "rule:deny_stack_user","stacks:preview_update_patch": "rule:deny_stack_user","stacks:validate_template": "rule:deny_stack_user","stacks:snapshot": "rule:deny_stack_user","stacks:show_snapshot": "rule:deny_stack_user","stacks:delete_snapshot": "rule:deny_stack_user","stacks:list_snapshots": "rule:deny_stack_user","stacks:restore_snapshot": "rule:deny_stack_user","stacks:list_outputs": "rule:deny_stack_user","stacks:show_output": "rule:deny_stack_user","software_configs:global_index": "rule:deny_everybody","software_configs:index": "rule:deny_stack_user","software_configs:create": "rule:deny_stack_user","software_configs:show": "rule:deny_stack_user","software_configs:delete": "rule:deny_stack_user","software_deployments:index": "rule:deny_stack_user","software_deployments:create": "rule:deny_stack_user","software_deployments:show": "rule:deny_stack_user","software_deployments:update": "rule:deny_stack_user","software_deployments:delete": "rule:deny_stack_user","software_deployments:metadata": "","service:index": "rule:context_is_admin","resource_types:OS::Nova::Flavor": "rule:project_admin","resource_types:OS::Cinder::EncryptedVolumeType": "rule:project_admin","resource_types:OS::Cinder::VolumeType": "rule:project_admin","resource_types:OS::Cinder::Quota": "rule:project_admin","resource_types:OS::Manila::ShareType": "rule:project_admin","resource_types:OS::Neutron::QoSPolicy": "rule:project_admin","resource_types:OS::Neutron::QoSBandwidthLimitRule": "rule:project_admin","resource_types:OS::Nova::HostAggregate": "rule:project_admin","resource_types:OS::Cinder::QoSSpecs": "rule:project_admin"
 }