Refactor Heat template to use generic user

2013-04-18 15:23:07 -07:00 · 2013-04-18 15:23:07 -07:00 · 72d250be05
parent 41fb3c4904
commit 72d250be05
2 changed files with 39 additions and 28 deletions
--- a/generic-user.yaml
+++ b/generic-user.yaml
@ -0,0 +1,24 @@
+HeatTemplateFormatVersion: '2012-12-12'
+Description: 'HEAT Template - Heat Engine and API'
+Parameters:
+  AllowedResources:
+    Type: list
+Resources:
+  AccessPolicy:
+    Type: OS::Heat::AccessPolicy
+    Properties:
+      AllowedResources: {Ref: AllowedResources}
+  User:
+    Type: AWS::IAM::User
+    Properties:
+      Policies: [ { Ref: AccessPolicy } ]
+  Key:
+    Type: AWS::IAM::AccessKey
+    Properties:
+      UserName:
+        Ref: User
+Outputs:
+  AccessKeyId:
+    Ref: Key
+  SecretKey:
+    Fn::GetAtt: [ Key, SecretAccessKey ]
--- a/heat.yaml
+++ b/heat.yaml
@ -30,33 +30,20 @@ Parameters:
  AvailabilityZones:
    Type: List
    Default: [ 1 ]
+  TemplateURL:
+    Type: String
+    Default: https://raw.github.com/openstack-ops/templates/master/
 Resources:
-  EngineAccessPolicy:
-    Type: OS::Heat::AccessPolicy
-    Properties:
-      AllowedResources: [ HeatEngine ]
  EngineUser:
-    Type: AWS::IAM::User
-    Properties:
-      Policies: [ { Ref: EngineAccessPolicy } ]
-  EngineKey:
-    Type: AWS::IAM::AccessKey
-    Properties:
-      UserName:
-        Ref: EngineUser
-  ApiAccessPolicy:
-    Type: OS::Heat::AccessPolicy
-    Properties:
-      AllowedResources: [ HeatAPILaunch ]
+    Type: AWS::CloudFormation::Stack
+    TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]}
+    Parameters:
+      AccessList: [ HeatEngine ]
  ApiUser:
-    Type: AWS::IAM::User
-    Properties:
-      Policies: [ { Ref: ApiAccessPolicy } ]
-  ApiKey:
-    Type: AWS::IAM::AccessKey
-    Properties:
-      UserName:
-        Ref: ApiUser
+    Type: AWS::CloudFormation::Stack
+    TemplateURL: {Fn::Join: [ {Ref: TemplateURL} , 'generic-user.yaml' ]}
+    Parameters:
+      AccessList: [ HeatAPI, HeatAPILaunch ]
  HeatAPILaunch:
    Type: AWS::AutoScaling::LaunchConfiguration
    Metadata:
@ -67,9 +54,9 @@ Resources:
          host: {Ref: RabbitMQHost}
          password: {Ref: RabbitMQPassword}
        access_key_id:
-          Ref: ApiKey
+          Fn::GetAtt: [ ApiUser, AccessKeyId ]
        secret_key:
-          Fn::GetAtt: [ ApiKey, SecretAccessKey ]
+          Fn::GetAtt: [ ApiUser, SecretAccessKey ]
        stack:
          name: {Ref: 'AWS::StackName'}
          region: {Ref: 'AWS::Region'}
@ -99,9 +86,9 @@ Resources:
          host: {Ref: RabbitMQHost}
          password: {Ref: RabbitMQPassword}
        access_key_id:
-          Ref: EngineKey
+          Fn::GetAtt: [ EngineUser, AccessKeyId ]
        secret_key:
-          Fn::GetAtt: [ EngineKey, SecretAccessKey ]
+          Fn::GetAtt: [ EngineUser, SecretAccessKey ]
        stack:
          name: {Ref: 'AWS::StackName'}
          region: {Ref: 'AWS::Region'}