From c7241b26e5356c1cedeb687d5066d5822c146777 Mon Sep 17 00:00:00 2001
From: Clint Byrum <clint@fewbar.com>
Date: Wed, 14 Aug 2013 17:56:48 -0700
Subject: Make Resource names suitable for merge/include

In nova-compute-instance.yaml, we need to use resource names that are
unique within the entire set of resources that may be merged or
included. However, we need the instance resource name to _match_ the
one in overcloud-source.yaml so that its own access policies can
function.

Without this change we will not have unique users and Metadata access
keys/policies for compute and controller.

Change-Id: Iebde7e6adede4984f4f693cf2d57b6fadb8be558
---
 nova-compute-instance.yaml | 20 ++++++++++----------
 overcloud-source.yaml      | 17 ++++++++++++++++-
 2 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/nova-compute-instance.yaml b/nova-compute-instance.yaml
index be15e724..0da26e65 100644
--- a/nova-compute-instance.yaml
+++ b/nova-compute-instance.yaml
@@ -49,20 +49,20 @@ Parameters:
   NeutronEnableTunnelling:
     Type: String
 Resources:
-  AccessPolicy:
+  ComputeAccessPolicy:
     Type: OS::Heat::AccessPolicy
     Properties:
-      AllowedResources: [ NovaCompute ]
-  User:
+      AllowedResources: [ NovaCompute0 ]
+  ComputeUser:
     Type: AWS::IAM::User
     Properties:
-      Policies: [ { Ref: AccessPolicy } ]
-  Key:
+      Policies: [ { Ref: ComputeAccessPolicy } ]
+  ComputeKey:
     Type: AWS::IAM::AccessKey
     Properties:
       UserName:
-        Ref: User
-  NovaCompute:
+        Ref: ComputeUser
+  NovaCompute0:
     Type: AWS::EC2::Instance
     Properties:
       ImageId:
@@ -73,14 +73,14 @@ Resources:
       OpenStack::ImageBuilder::Elements: [ nova-compute ]
       heat: 
         access_key_id:
-          Ref: Key
+          Ref: ComputeKey
         secret_key:
-          Fn::GetAtt: [ Key, SecretAccessKey ]
+          Fn::GetAtt: [ ComputeKey, SecretAccessKey ]
         stack:
           name: {Ref: 'AWS::StackName'}
           region: {Ref: 'AWS::Region'}
         refresh:
-          - resource: NovaCompute
+          - resource: NovaCompute0
       nova:
         compute_driver: {Ref: NovaComputeDriver}
         compute_libvirt_type: {Ref: NovaComputeLibvirtType}
diff --git a/overcloud-source.yaml b/overcloud-source.yaml
index 52e2b33f..f9c280be 100644
--- a/overcloud-source.yaml
+++ b/overcloud-source.yaml
@@ -35,15 +35,30 @@ Resources:
       AllowedResources:
       - notcompute
     Type: OS::Heat::AccessPolicy
+  ComputeAccessPolicy:
+    Properties:
+      AllowedResources:
+      - NovaCompute0
+    Type: OS::Heat::AccessPolicy
   Key:
     Properties:
       UserName:
         Ref: User
     Type: AWS::IAM::AccessKey
+  ComputeKey:
+    Properties:
+      UserName:
+        Ref: ComputeUser
+    Type: AWS::IAM::AccessKey
+  ComputeUser:
+    Properties:
+      Policies:
+      - Ref: ComputeAccessPolicy
+    Type: AWS::IAM::User
   NovaCompute0:
     Type: FileInclude
     Path: nova-compute-instance.yaml
-    SubKey: Resources.NovaCompute
+    SubKey: Resources.NovaCompute0
     Parameters:
         NovaApiHost: {"Fn::GetAtt": [notcompute, PrivateIp]}
         KeystoneHost: {"Fn::GetAtt": [notcompute, PrivateIp]}
-- 
cgit 1.2.3-korg