heat-keystone-setup : change role to heat_stack_user

Change heat_instance role name to heat_stack_user after discussions

Change-Id: I14e95df0e02d82566f4758510ae38f6b26ccb532
Signed-off-by: Steven Hardy <shardy@redhat.com>

diff --git a/bin/heat-keystone-setup b/bin/heat-keystone-setup
index 7fb740069cf5c058bcbba8708b365ad584b6c974..9c8669b63c80f91ffb250633326f58fb9d305573 100755 (executable)
--- a/bin/heat-keystone-setup
+++ b/bin/heat-keystone-setup
@@ -207,9 +207,12 @@ HEAT_USERID=$(get_user $HEAT_USERNAME)
 echo HEAT_USERID $HEAT_USERID
 add_role $HEAT_USERID $SERVICE_TENANT $ADMIN_ROLE $HEAT_USERNAME
 
-# Create a special role which "instance users" are assigned to
-INSTANCE_ROLE="heat_instance"
-create_role $INSTANCE_ROLE
+# Create a special role which template-defined "stack users" are
+# assigned to in the engine when they are created, this allows them
+# to be more easily differentiated from other users (e.g so we can
+# lock down these implicitly untrusted users via RBAC policy)
+STACK_USER_ROLE="heat_stack_user"
+create_role $STACK_USER_ROLE
 
 HEAT_CFN_SERVICE=$(get_service heat-cfn cloudformation \
                    "Heat CloudFormation API")