From 72d250be0598aba3e9e9e09721cf99402ded0c91 Mon Sep 17 00:00:00 2001
From: Clint Byrum <clint@fewbar.com>
Date: Thu, 18 Apr 2013 15:23:07 -0700
Subject: [PATCH] Refactor Heat template to use generic user

---
 generic-user.yaml | 24 ++++++++++++++++++++++++
 heat.yaml         | 43 +++++++++++++++----------------------------
 2 files changed, 39 insertions(+), 28 deletions(-)
 create mode 100644 generic-user.yaml

diff --git a/generic-user.yaml b/generic-user.yaml
new file mode 100644
index 00000000..ce6b84b8
--- /dev/null
+++ b/generic-user.yaml
@@ -0,0 +1,24 @@
+HeatTemplateFormatVersion: '2012-12-12'
+Description: 'HEAT Template - Heat Engine and API'
+Parameters:
+  AllowedResources:
+    Type: list
+Resources:
+  AccessPolicy:
+    Type: OS::Heat::AccessPolicy
+    Properties:
+      AllowedResources: {Ref: AllowedResources}
+  User:
+    Type: AWS::IAM::User
+    Properties:
+      Policies: [ { Ref: AccessPolicy } ]
+  Key:
+    Type: AWS::IAM::AccessKey
+    Properties:
+      UserName:
+        Ref: User
+Outputs:
+  AccessKeyId:
+    Ref: Key
+  SecretKey:
+    Fn::GetAtt: [ Key, SecretAccessKey ]
diff --git a/heat.yaml b/heat.yaml
index 92f45744..0312a147 100644
--- a/heat.yaml
+++ b/heat.yaml
@@ -30,33 +30,20 @@ Parameters:
   AvailabilityZones:
     Type: List
     Default: [ 1 ]
+  TemplateURL:
+    Type: String
+    Default: https://raw.github.com/openstack-ops/templates/master/
 Resources:
-  EngineAccessPolicy:
-    Type: OS::Heat::AccessPolicy
-    Properties:
-      AllowedResources: [ HeatEngine ]
   EngineUser:
-    Type: AWS::IAM::User
-    Properties:
-      Policies: [ { Ref: EngineAccessPolicy } ]
-  EngineKey:
-    Type: AWS::IAM::AccessKey
-    Properties:
-      UserName:
-        Ref: EngineUser
-  ApiAccessPolicy:
-    Type: OS::Heat::AccessPolicy
-    Properties:
-      AllowedResources: [ HeatAPILaunch ]
+    Type: AWS::CloudFormation::Stack
+    TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]}
+    Parameters:
+      AccessList: [ HeatEngine ]
   ApiUser:
-    Type: AWS::IAM::User
-    Properties:
-      Policies: [ { Ref: ApiAccessPolicy } ]
-  ApiKey:
-    Type: AWS::IAM::AccessKey
-    Properties:
-      UserName:
-        Ref: ApiUser
+    Type: AWS::CloudFormation::Stack
+    TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]}
+    Parameters:
+      AccessList: [ HeatAPI, HeatAPILaunch ]
   HeatAPILaunch:
     Type: AWS::AutoScaling::LaunchConfiguration
     Metadata:
@@ -67,9 +54,9 @@ Resources:
           host: {Ref: RabbitMQHost}
           password: {Ref: RabbitMQPassword}
         access_key_id:
-          Ref: ApiKey
+          Fn::GetAtt: [ ApiUser, AccessKeyId ]
         secret_key:
-          Fn::GetAtt: [ ApiKey, SecretAccessKey ]
+          Fn::GetAtt: [ ApiUser, SecretAccessKey ]
         stack:
           name: {Ref: 'AWS::StackName'}
           region: {Ref: 'AWS::Region'}
@@ -99,9 +86,9 @@ Resources:
           host: {Ref: RabbitMQHost}
           password: {Ref: RabbitMQPassword}
         access_key_id:
-          Ref: EngineKey
+          Fn::GetAtt: [ EngineUser, AccessKeyId ]
         secret_key:
-          Fn::GetAtt: [ EngineKey, SecretAccessKey ]
+          Fn::GetAtt: [ EngineUser, SecretAccessKey ]
         stack:
           name: {Ref: 'AWS::StackName'}
           region: {Ref: 'AWS::Region'}
-- 
2.16.6