Refactor Heat template to use generic user
This commit is contained in:
parent
41fb3c4904
commit
72d250be05
|
@ -0,0 +1,24 @@
|
|||
HeatTemplateFormatVersion: '2012-12-12'
|
||||
Description: 'HEAT Template - Heat Engine and API'
|
||||
Parameters:
|
||||
AllowedResources:
|
||||
Type: list
|
||||
Resources:
|
||||
AccessPolicy:
|
||||
Type: OS::Heat::AccessPolicy
|
||||
Properties:
|
||||
AllowedResources: {Ref: AllowedResources}
|
||||
User:
|
||||
Type: AWS::IAM::User
|
||||
Properties:
|
||||
Policies: [ { Ref: AccessPolicy } ]
|
||||
Key:
|
||||
Type: AWS::IAM::AccessKey
|
||||
Properties:
|
||||
UserName:
|
||||
Ref: User
|
||||
Outputs:
|
||||
AccessKeyId:
|
||||
Ref: Key
|
||||
SecretKey:
|
||||
Fn::GetAtt: [ Key, SecretAccessKey ]
|
43
heat.yaml
43
heat.yaml
|
@ -30,33 +30,20 @@ Parameters:
|
|||
AvailabilityZones:
|
||||
Type: List
|
||||
Default: [ 1 ]
|
||||
TemplateURL:
|
||||
Type: String
|
||||
Default: https://raw.github.com/openstack-ops/templates/master/
|
||||
Resources:
|
||||
EngineAccessPolicy:
|
||||
Type: OS::Heat::AccessPolicy
|
||||
Properties:
|
||||
AllowedResources: [ HeatEngine ]
|
||||
EngineUser:
|
||||
Type: AWS::IAM::User
|
||||
Properties:
|
||||
Policies: [ { Ref: EngineAccessPolicy } ]
|
||||
EngineKey:
|
||||
Type: AWS::IAM::AccessKey
|
||||
Properties:
|
||||
UserName:
|
||||
Ref: EngineUser
|
||||
ApiAccessPolicy:
|
||||
Type: OS::Heat::AccessPolicy
|
||||
Properties:
|
||||
AllowedResources: [ HeatAPILaunch ]
|
||||
Type: AWS::CloudFormation::Stack
|
||||
TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]}
|
||||
Parameters:
|
||||
AccessList: [ HeatEngine ]
|
||||
ApiUser:
|
||||
Type: AWS::IAM::User
|
||||
Properties:
|
||||
Policies: [ { Ref: ApiAccessPolicy } ]
|
||||
ApiKey:
|
||||
Type: AWS::IAM::AccessKey
|
||||
Properties:
|
||||
UserName:
|
||||
Ref: ApiUser
|
||||
Type: AWS::CloudFormation::Stack
|
||||
TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]}
|
||||
Parameters:
|
||||
AccessList: [ HeatAPI, HeatAPILaunch ]
|
||||
HeatAPILaunch:
|
||||
Type: AWS::AutoScaling::LaunchConfiguration
|
||||
Metadata:
|
||||
|
@ -67,9 +54,9 @@ Resources:
|
|||
host: {Ref: RabbitMQHost}
|
||||
password: {Ref: RabbitMQPassword}
|
||||
access_key_id:
|
||||
Ref: ApiKey
|
||||
Fn::GetAtt: [ ApiUser, AccessKeyId ]
|
||||
secret_key:
|
||||
Fn::GetAtt: [ ApiKey, SecretAccessKey ]
|
||||
Fn::GetAtt: [ ApiUser, SecretAccessKey ]
|
||||
stack:
|
||||
name: {Ref: 'AWS::StackName'}
|
||||
region: {Ref: 'AWS::Region'}
|
||||
|
@ -99,9 +86,9 @@ Resources:
|
|||
host: {Ref: RabbitMQHost}
|
||||
password: {Ref: RabbitMQPassword}
|
||||
access_key_id:
|
||||
Ref: EngineKey
|
||||
Fn::GetAtt: [ EngineUser, AccessKeyId ]
|
||||
secret_key:
|
||||
Fn::GetAtt: [ EngineKey, SecretAccessKey ]
|
||||
Fn::GetAtt: [ EngineUser, SecretAccessKey ]
|
||||
stack:
|
||||
name: {Ref: 'AWS::StackName'}
|
||||
region: {Ref: 'AWS::Region'}
|
||||
|
|
Loading…
Reference in New Issue