Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 2334a8f)
Make Resource names suitable for merge/include
authorClint Byrum <clint@fewbar.com>
Thu, 15 Aug 2013 00:56:48 +0000 (17:56 -0700)
committerClint Byrum <clint@fewbar.com>
Thu, 15 Aug 2013 03:25:14 +0000 (20:25 -0700)
In nova-compute-instance.yaml, we need to use resource names that are
unique within the entire set of resources that may be merged or
included. However, we need the instance resource name to _match_ the
one in overcloud-source.yaml so that its own access policies can
function.

Without this change we will not have unique users and Metadata access
keys/policies for compute and controller.

Change-Id: Iebde7e6adede4984f4f693cf2d57b6fadb8be558

nova-compute-instance.yaml patch | blob | history
overcloud-source.yaml patch | blob | history

diff --git a/nova-compute-instance.yaml b/nova-compute-instance.yaml
index be15e72..0da26e6 100644 (file)
--- a/nova-compute-instance.yaml
+++ b/nova-compute-instance.yaml
@@ -49,20 +49,20 @@ Parameters:
   NeutronEnableTunnelling:
     Type: String
 Resources:
-  AccessPolicy:
+  ComputeAccessPolicy:
     Type: OS::Heat::AccessPolicy
     Properties:
-      AllowedResources: [ NovaCompute ]
-  User:
+      AllowedResources: [ NovaCompute0 ]
+  ComputeUser:
     Type: AWS::IAM::User
     Properties:
-      Policies: [ { Ref: AccessPolicy } ]
-  Key:
+      Policies: [ { Ref: ComputeAccessPolicy } ]
+  ComputeKey:
     Type: AWS::IAM::AccessKey
     Properties:
       UserName:
-        Ref: User
-  NovaCompute:
+        Ref: ComputeUser
+  NovaCompute0:
     Type: AWS::EC2::Instance
     Properties:
       ImageId:
@@ -73,14 +73,14 @@ Resources:
       OpenStack::ImageBuilder::Elements: [ nova-compute ]
       heat: 
         access_key_id:
-          Ref: Key
+          Ref: ComputeKey
         secret_key:
-          Fn::GetAtt: [ Key, SecretAccessKey ]
+          Fn::GetAtt: [ ComputeKey, SecretAccessKey ]
         stack:
           name: {Ref: 'AWS::StackName'}
           region: {Ref: 'AWS::Region'}
         refresh:
-          - resource: NovaCompute
+          - resource: NovaCompute0
       nova:
         compute_driver: {Ref: NovaComputeDriver}
         compute_libvirt_type: {Ref: NovaComputeLibvirtType}
diff --git a/overcloud-source.yaml b/overcloud-source.yaml
index 52e2b33..f9c280b 100644 (file)
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@@ -35,15 +35,30 @@ Resources:
       AllowedResources:
       - notcompute
     Type: OS::Heat::AccessPolicy
+  ComputeAccessPolicy:
+    Properties:
+      AllowedResources:
+      - NovaCompute0
+    Type: OS::Heat::AccessPolicy
   Key:
     Properties:
       UserName:
         Ref: User
     Type: AWS::IAM::AccessKey
+  ComputeKey:
+    Properties:
+      UserName:
+        Ref: ComputeUser
+    Type: AWS::IAM::AccessKey
+  ComputeUser:
+    Properties:
+      Policies:
+      - Ref: ComputeAccessPolicy
+    Type: AWS::IAM::User
   NovaCompute0:
     Type: FileInclude
     Path: nova-compute-instance.yaml
-    SubKey: Resources.NovaCompute
+    SubKey: Resources.NovaCompute0
     Parameters:
         NovaApiHost: {"Fn::GetAtt": [notcompute, PrivateIp]}
         KeystoneHost: {"Fn::GetAtt": [notcompute, PrivateIp]}