Reduce service user permissions Most of the services create the service user with the admin permission. This is unnecessary for token validation and they should be restricted to only having the service role. Change-Id: Id7a9366d2c6a36139240f64371002362dc2d8d3b

commit: e8bc2b82a04f4cca251ed7437f738672107428a3 [log] [tgz]
author: Jamie Lennox <jamielennox@redhat.com> Tue Feb 10 20:38:56 2015 +1100
committer: Jamie Lennox <jamielennox@redhat.com> Wed Feb 11 14:49:56 2015 +1100
tree: 4a8125751858323656c1f8afdf927c508926ade2
parent: 8ed3e40be8672aa23ebd2b6c95accf06a2ff8ac4 [diff] [blame]
diff --git a/lib/ceilometer b/lib/ceilometer
index f03bab2..8fff910 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer

@@ -108,7 +108,7 @@
     # Ceilometer
     if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then
 
-        create_service_user "ceilometer" "admin"
+        create_service_user "ceilometer"
 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
             local ceilometer_service=$(get_or_create_service "ceilometer" \
commit	e8bc2b82a04f4cca251ed7437f738672107428a3	[log] [tgz]
author	Jamie Lennox <jamielennox@redhat.com>	Tue Feb 10 20:38:56 2015 +1100
committer	Jamie Lennox <jamielennox@redhat.com>	Wed Feb 11 14:49:56 2015 +1100
tree	4a8125751858323656c1f8afdf927c508926ade2
parent	8ed3e40be8672aa23ebd2b6c95accf06a2ff8ac4 [diff] [blame]