HeatTemplateFormatVersion: '2012-12-12'
Description: 'HEAT Template - Dedicated MySQL server'
Parameters:
  KeyName: 
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
    Type: String
    Default: default
  InstanceType:
    Description: Use this flavor
    Type: String
    Default: m1.small
  MySQLImage:
    Type: String
  KeystoneUser:
    Description: Keystone database username.
    Type: String
    Default: keystone
Resources:
  ApiAccessPolicy:
    Type: OS::Heat::AccessPolicy
    Properties:
      AllowedResources: [ MySQL ]
  ApiUser:
    Type: AWS::IAM::User
    Properties:
      Policies: [ { Ref: ApiAccessPolicy } ]
  MySQL:
    Type: AWS::EC2::Instance
    Metadata:
      OpenStack::ImageBuilder::Elements: [ openstack-db ]
      OpenStack::Config:
        mysql:
          users:
            - database: keystone
              username: {Ref: KeystoneUser}
              userhandle: {Ref: KeystonePasswordHandle}
        heat:
          AWSAccessKeyId:
            Ref: ApiKey
          AWSSecretAccessKey:
            Fn::GetAtt: [ ApiKey, SecretAccessKey ]
    Properties:
      ImageId:
        {Ref: MySQLImage}
      InstanceType: {Ref: InstanceType}
      KeyName: {Ref: KeyName}
  KeystonePasswordHandle:
    Type: AWS::CloudFormation:WaitConditionHandle
    Properties:
  KeystonePassword:
    DependsOn: MySQL1
    Type: AWS::CloudFormation::WaitCondition
    Properties:
      Handle: {Ref: KeystonePasswordHandle}
      Timeout: 60
Outputs:
    MySQLHost: 
        Fn::GetAtt: [ MySQL , PrivateIp ]
    KeystonePassword:
        Fn::GetAtt: [ KeystonePassword, Data ]
    KeystoneUser: {Ref: KeystoneUser}