Policy.json should be defined by user
User can override and add values to policy.json by creating flat
key-value structure under heat:server:policy.
Change-Id: I1accd9557cc241a55d5e898b9350b34e078b82a6
diff --git a/tests/pillar/server_cluster.sls b/tests/pillar/server_cluster.sls
index 0a8e0f5..c0330aa 100644
--- a/tests/pillar/server_cluster.sls
+++ b/tests/pillar/server_cluster.sls
@@ -51,3 +51,7 @@
user: openstack
password: password
virtual_host: '/openstack'
+ policy:
+ deny_stack_user: 'not role:heat_stack_user'
+ 'cloudformation:ValidateTemplate': 'rule:deny_stack_user'
+ 'cloudformation:DescribeStackResource':
diff --git a/tests/pillar/server_plugin_dirs.sls b/tests/pillar/server_plugin_dirs.sls
index 846bab0..087df91 100644
--- a/tests/pillar/server_plugin_dirs.sls
+++ b/tests/pillar/server_plugin_dirs.sls
@@ -52,3 +52,7 @@
plugins:
- /test/dir1
- /test/dir2
+ policy:
+ deny_stack_user: 'not role:heat_stack_user'
+ 'cloudformation:ValidateTemplate': 'rule:deny_stack_user'
+ 'cloudformation:DescribeStackResource':
diff --git a/tests/pillar/server_single.sls b/tests/pillar/server_single.sls
index 1600f46..fe4ab4e 100644
--- a/tests/pillar/server_single.sls
+++ b/tests/pillar/server_single.sls
@@ -49,3 +49,7 @@
user: openstack
password: password
virtual_host: '/openstack'
+ policy:
+ deny_stack_user: 'not role:heat_stack_user'
+ 'cloudformation:ValidateTemplate': 'rule:deny_stack_user'
+ 'cloudformation:DescribeStackResource':