diff options
| -rw-r--r-- | generic-user.yaml | 24 | ||||
| -rw-r--r-- | glance.yaml | 31 | ||||
| -rw-r--r-- | heat.yaml | 40 |
3 files changed, 50 insertions, 45 deletions
diff --git a/generic-user.yaml b/generic-user.yaml deleted file mode 100644 index 8cbf7509..00000000 --- a/generic-user.yaml +++ /dev/null @@ -1,24 +0,0 @@ -HeatTemplateFormatVersion: '2012-12-12' -Description: 'HEAT Template - Heat Engine and API' -Parameters: - AllowedResources: - Type: List -Resources: - AccessPolicy: - Type: OS::Heat::AccessPolicy - Properties: - AllowedResources: {Ref: AllowedResources} - User: - Type: AWS::IAM::User - Properties: - Policies: [ { Ref: AccessPolicy } ] - Key: - Type: AWS::IAM::AccessKey - Properties: - UserName: - Ref: User -Outputs: - AccessKeyId: - Ref: Key - SecretKey: - Fn::GetAtt: [ Key, SecretAccessKey ] diff --git a/glance.yaml b/glance.yaml index 9eab3a9a..af75b224 100644 --- a/glance.yaml +++ b/glance.yaml @@ -22,12 +22,24 @@ Parameters: TemplateURL: Type: String Default: https://raw.github.com/openstack-ops/templates/master/ + RabbitHost: + Type: String + RabbitPassword: + Type: String Resources: - GlanceUser: - Type: AWS::CloudFormation::Stack - TemplateURL: {'Fn::Join': [ {Ref: TemplateURL} , 'generic-user.yaml' ]} - Parameters: - AccessList: [ Glance ] + AccessPolicy: + Type: OS::Heat::AccessPolicy + Properties: + AllowedResources: [ Glance ] + User: + Type: AWS::IAM::User + Properties: + Policies: [ { Ref: AccessPolicy } ] + Key: + Type: AWS::IAM::AccessKey + Properties: + UserName: + Ref: User Glance: Type: AWS::EC2::Instance Properties: @@ -39,9 +51,9 @@ Resources: OpenStack::ImageBuilder::Elements: [ glance ] heat: access_key_id: - Fn::GetAtt: [ GlanceUser, AccessKeyId ] + Ref: Key secret_key: - Fn::GetAtt: [ GlanceUser, SecretAccessKey ] + Fn::GetAtt: [ Key, SecretAccessKey ] stack: name: {Ref: 'AWS::StackName'} region: {Ref: 'AWS::Region'} @@ -55,5 +67,6 @@ Resources: rabbit: host: {Ref: RabbitHost} password: {Ref: RabbitPassword} - swift.store_user: '' - swift.store_key: '' + swift: + store_user: '' + store_key: '' @@ -34,16 +34,32 @@ Parameters: Type: String Default: https://raw.github.com/openstack-ops/templates/master/ Resources: + EngineAccessPolicy: + Type: OS::Heat::AccessPolicy + Properties: + AllowedResources: [ HeatEngine ] EngineUser: - Type: AWS::CloudFormation::Stack - TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]} - Parameters: - AccessList: [ HeatEngine ] + Type: AWS::IAM::User + Properties: + Policies: [ { Ref: EngineAccessPolicy } ] + EngineKey: + Type: AWS::IAM::AccessKey + Properties: + UserName: + Ref: EngineUser + ApiAccessPolicy: + Type: OS::Heat::AccessPolicy + Properties: + AllowedResources: [ HeatAPI, HeatAPILaunch ] ApiUser: - Type: AWS::CloudFormation::Stack - TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]} - Parameters: - AccessList: [ HeatAPI, HeatAPILaunch ] + Type: AWS::IAM::User + Properties: + Policies: [ { Ref: ApiAccessPolicy } ] + ApiKey: + Type: AWS::IAM::AccessKey + Properties: + UserName: + Ref: ApiUser HeatAPILaunch: Type: AWS::AutoScaling::LaunchConfiguration Metadata: @@ -54,9 +70,9 @@ Resources: host: {Ref: RabbitMQHost} password: {Ref: RabbitMQPassword} access_key_id: - Fn::GetAtt: [ ApiUser, AccessKeyId ] + Ref: ApiKey secret_key: - Fn::GetAtt: [ ApiUser, SecretAccessKey ] + Fn::GetAtt: [ ApiKey, SecretAccessKey ] stack: name: {Ref: 'AWS::StackName'} region: {Ref: 'AWS::Region'} @@ -86,9 +102,9 @@ Resources: host: {Ref: RabbitMQHost} password: {Ref: RabbitMQPassword} access_key_id: - Fn::GetAtt: [ EngineUser, AccessKeyId ] + Ref: EngineKey secret_key: - Fn::GetAtt: [ EngineUser, SecretAccessKey ] + Fn::GetAtt: [ EngineKey, SecretAccessKey ] stack: name: {Ref: 'AWS::StackName'} region: {Ref: 'AWS::Region'} |