Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 41fb3c4)
Refactor Heat template to use generic user
authorClint Byrum <clint@fewbar.com>
Thu, 18 Apr 2013 22:23:07 +0000 (15:23 -0700)
committerClint Byrum <clint@fewbar.com>
Thu, 18 Apr 2013 22:23:07 +0000 (15:23 -0700)
generic-user.yaml [new file with mode: 0644] patch | blob
heat.yaml patch | blob | history

diff --git a/generic-user.yaml b/generic-user.yaml
new file mode 100644 (file)
index 0000000..ce6b84b
--- /dev/null
+++ b/generic-user.yaml
@@ -0,0 +1,24 @@
+HeatTemplateFormatVersion: '2012-12-12'
+Description: 'HEAT Template - Heat Engine and API'
+Parameters:
+  AllowedResources:
+    Type: list
+Resources:
+  AccessPolicy:
+    Type: OS::Heat::AccessPolicy
+    Properties:
+      AllowedResources: {Ref: AllowedResources}
+  User:
+    Type: AWS::IAM::User
+    Properties:
+      Policies: [ { Ref: AccessPolicy } ]
+  Key:
+    Type: AWS::IAM::AccessKey
+    Properties:
+      UserName:
+        Ref: User
+Outputs:
+  AccessKeyId:
+    Ref: Key
+  SecretKey:
+    Fn::GetAtt: [ Key, SecretAccessKey ]
diff --git a/heat.yaml b/heat.yaml
index 92f4574..0312a14 100644 (file)
--- a/heat.yaml
+++ b/heat.yaml
@@ -30,33 +30,20 @@ Parameters:
   AvailabilityZones:
     Type: List
     Default: [ 1 ]
+  TemplateURL:
+    Type: String
+    Default: https://raw.github.com/openstack-ops/templates/master/
 Resources:
-  EngineAccessPolicy:
-    Type: OS::Heat::AccessPolicy
-    Properties:
-      AllowedResources: [ HeatEngine ]
   EngineUser:
-    Type: AWS::IAM::User
-    Properties:
-      Policies: [ { Ref: EngineAccessPolicy } ]
-  EngineKey:
-    Type: AWS::IAM::AccessKey
-    Properties:
-      UserName:
-        Ref: EngineUser
-  ApiAccessPolicy:
-    Type: OS::Heat::AccessPolicy
-    Properties:
-      AllowedResources: [ HeatAPILaunch ]
+    Type: AWS::CloudFormation::Stack
+    TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]}
+    Parameters:
+      AccessList: [ HeatEngine ]
   ApiUser:
-    Type: AWS::IAM::User
-    Properties:
-      Policies: [ { Ref: ApiAccessPolicy } ]
-  ApiKey:
-    Type: AWS::IAM::AccessKey
-    Properties:
-      UserName:
-        Ref: ApiUser
+    Type: AWS::CloudFormation::Stack
+    TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]}
+    Parameters:
+      AccessList: [ HeatAPI, HeatAPILaunch ]
   HeatAPILaunch:
     Type: AWS::AutoScaling::LaunchConfiguration
     Metadata:
@@ -67,9 +54,9 @@ Resources:
           host: {Ref: RabbitMQHost}
           password: {Ref: RabbitMQPassword}
         access_key_id:
-          Ref: ApiKey
+          Fn::GetAtt: [ ApiUser, AccessKeyId ]
         secret_key:
-          Fn::GetAtt: [ ApiKey, SecretAccessKey ]
+          Fn::GetAtt: [ ApiUser, SecretAccessKey ]
         stack:
           name: {Ref: 'AWS::StackName'}
           region: {Ref: 'AWS::Region'}
@@ -99,9 +86,9 @@ Resources:
           host: {Ref: RabbitMQHost}
           password: {Ref: RabbitMQPassword}
         access_key_id:
-          Ref: EngineKey
+          Fn::GetAtt: [ EngineUser, AccessKeyId ]
         secret_key:
-          Fn::GetAtt: [ EngineKey, SecretAccessKey ]
+          Fn::GetAtt: [ EngineUser, SecretAccessKey ]
         stack:
           name: {Ref: 'AWS::StackName'}
           region: {Ref: 'AWS::Region'}