Un-do all use of generic-user.yaml and remove it.

This was a rather experimental way to try and create some generic
templates in Heat. But the AllowedResources can only refer to resources
inside the template itself, so this is useless.

diff --git a/generic-user.yaml b/generic-user.yaml
deleted file mode 100644 (file)
index a14f1c6..0000000
--- a/generic-user.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-HeatTemplateFormatVersion: '2012-12-12'
-Description: 'HEAT Template - Heat Engine and API'
-Parameters:
-  AllowedResources:
-    Type: CommaDelimitedList
-Resources:
-  AccessPolicy:
-    Type: OS::Heat::AccessPolicy
-    Properties:
-      AllowedResources: {Ref: AllowedResources}
-  User:
-    Type: AWS::IAM::User
-    Properties:
-      Policies: [ { Ref: AccessPolicy } ]
-  Key:
-    Type: AWS::IAM::AccessKey
-    Properties:
-      UserName:
-        Ref: User
-Outputs:
-  AccessKeyId:
-    Ref: Key
-  SecretKey:
-    Fn::GetAtt: [ Key, SecretAccessKey ]

diff --git a/heat.yaml b/heat.yaml
index 0312a14..4c64983 100644 (file)
--- a/heat.yaml
+++ b/heat.yaml
@@ -34,16 +34,32 @@ Parameters:
     Type: String
     Default: https://raw.github.com/openstack-ops/templates/master/
 Resources:
+  EngineAccessPolicy:
+    Type: OS::Heat::AccessPolicy
+    Properties:
+      AllowedResources: [ HeatEngine ]
   EngineUser:
-    Type: AWS::CloudFormation::Stack
-    TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]}
-    Parameters:
-      AccessList: [ HeatEngine ]
+    Type: AWS::IAM::User
+    Properties:
+      Policies: [ { Ref: EngineAccessPolicy } ]
+  EngineKey:
+    Type: AWS::IAM::AccessKey
+    Properties:
+      UserName:
+        Ref: EngineUser
+  ApiAccessPolicy:
+    Type: OS::Heat::AccessPolicy
+    Properties:
+      AllowedResources: [ HeatAPI, HeatAPILaunch ]
   ApiUser:
-    Type: AWS::CloudFormation::Stack
-    TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]}
-    Parameters:
-      AccessList: [ HeatAPI, HeatAPILaunch ]
+    Type: AWS::IAM::User
+    Properties:
+      Policies: [ { Ref: ApiAccessPolicy } ]
+  ApiKey:
+    Type: AWS::IAM::AccessKey
+    Properties:
+      UserName:
+        Ref: ApiUser
   HeatAPILaunch:
     Type: AWS::AutoScaling::LaunchConfiguration
     Metadata:
@@ -54,9 +70,9 @@ Resources:
           host: {Ref: RabbitMQHost}
           password: {Ref: RabbitMQPassword}
         access_key_id:
-          Fn::GetAtt: [ ApiUser, AccessKeyId ]
+          Ref: ApiKey
         secret_key:
-          Fn::GetAtt: [ ApiUser, SecretAccessKey ]
+          Fn::GetAtt: [ ApiKey, SecretAccessKey ]
         stack:
           name: {Ref: 'AWS::StackName'}
           region: {Ref: 'AWS::Region'}
@@ -86,9 +102,9 @@ Resources:
           host: {Ref: RabbitMQHost}
           password: {Ref: RabbitMQPassword}
         access_key_id:
-          Fn::GetAtt: [ EngineUser, AccessKeyId ]
+          Ref: EngineKey
         secret_key:
-          Fn::GetAtt: [ EngineUser, SecretAccessKey ]
+          Fn::GetAtt: [ EngineKey, SecretAccessKey ]
         stack:
           name: {Ref: 'AWS::StackName'}
           region: {Ref: 'AWS::Region'}