Make Resource names suitable for merge/include

In nova-compute-instance.yaml, we need to use resource names that are
unique within the entire set of resources that may be merged or
included. However, we need the instance resource name to _match_ the
one in overcloud-source.yaml so that its own access policies can
function.

Without this change we will not have unique users and Metadata access
keys/policies for compute and controller.

Change-Id: Iebde7e6adede4984f4f693cf2d57b6fadb8be558

1 files changed, 16 insertions, 1 deletions

diff --git a/overcloud-source.yaml b/overcloud-source.yaml
index 52e2b33f..f9c280be 100644
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@@ -35,15 +35,30 @@ Resources:
       AllowedResources:
       - notcompute
     Type: OS::Heat::AccessPolicy
+  ComputeAccessPolicy:
+    Properties:
+      AllowedResources:
+      - NovaCompute0
+    Type: OS::Heat::AccessPolicy
   Key:
     Properties:
       UserName:
         Ref: User
     Type: AWS::IAM::AccessKey
+  ComputeKey:
+    Properties:
+      UserName:
+        Ref: ComputeUser
+    Type: AWS::IAM::AccessKey
+  ComputeUser:
+    Properties:
+      Policies:
+      - Ref: ComputeAccessPolicy
+    Type: AWS::IAM::User
   NovaCompute0:
     Type: FileInclude
     Path: nova-compute-instance.yaml
-    SubKey: Resources.NovaCompute
+    SubKey: Resources.NovaCompute0
     Parameters:
         NovaApiHost: {"Fn::GetAtt": [notcompute, PrivateIp]}
         KeystoneHost: {"Fn::GetAtt": [notcompute, PrivateIp]}