heat loadbalancer : make LB nested template create credentials

Create User/AccessKey resources correctly in the LB nested template
so we can create a cfn-credentials file which will allow cfn-hup
to access the CFN API

fixes bug 1131663

Change-Id: I11b6640dbc5689de8f6103f4c1e841f42acbba54

diff --git a/heat/engine/resources/loadbalancer.py b/heat/engine/resources/loadbalancer.py
index 5c7267c491b6a3c2d55bd9edfdb8e1ae67cac0d5..0bdaa5050f62480e68aa0f7d23408f47c9822b38 100644 (file)
--- a/heat/engine/resources/loadbalancer.py
+++ b/heat/engine/resources/loadbalancer.py
@@ -45,6 +45,15 @@ lb_template = '''
         "ComparisonOperator": "GreaterThanThreshold"
       }
     },
+    "CfnLBUser" : {
+      "Type" : "AWS::IAM::User"
+    },
+    "CfnLBAccessKey" : {
+      "Type" : "AWS::IAM::AccessKey",
+      "Properties" : {
+        "UserName" : {"Ref": "CfnLBUser"}
+      }
+    },
     "LB_instance": {
       "Type": "AWS::EC2::Instance",
       "Metadata": {
@@ -65,6 +74,16 @@ lb_template = '''
               }
             },
             "files": {
+              "/etc/cfn/cfn-credentials" : {
+                "content" : { "Fn::Join" : ["", [
+                  "AWSAccessKeyId=", { "Ref" : "CfnLBAccessKey" }, "\\n",
+                  "AWSSecretKey=", {"Fn::GetAtt": ["CfnLBAccessKey",
+                                    "SecretAccessKey"]}, "\\n"
+                ]]},
+                "mode"    : "000400",
+                "owner"   : "root",
+                "group"   : "root"
+              },
               "/etc/cfn/cfn-hup.conf" : {
                 "content" : { "Fn::Join" : ["", [
                   "[main]\\n",
@@ -130,7 +149,6 @@ lb_template = '''
           { "Ref": "AWS::StackName" },
           "    -r LB_instance ",
           "    --region ", { "Ref": "AWS::Region" }, "\\n",
-          "touch /etc/cfn/cfn-credentials\\n",
           "# install cfn-hup crontab\\n",
           "crontab /tmp/cfn-hup-crontab.txt\\n"
         ]]}}

diff --git a/heat/tests/test_loadbalancer.py b/heat/tests/test_loadbalancer.py
index d15cd5078f9c1d13a8ed759d6e8c6889e07f9bb0..33a76b854ee184bf62b99e136ec7cd72f151adaf 100644 (file)
--- a/heat/tests/test_loadbalancer.py
+++ b/heat/tests/test_loadbalancer.py
@@ -26,10 +26,12 @@ from heat.common import context
 from heat.common import template_format
 from heat.engine import parser
 from heat.engine.resources import instance
+from heat.engine.resources import user
 from heat.engine.resources import loadbalancer as lb
 from heat.engine.resource import Metadata
 from heat.engine.resources import stack
 from heat.tests.v1_1 import fakes
+from heat.tests import fakes as test_fakes
 
 
 def create_context(mocks, user='lb_test_user',
@@ -52,6 +54,8 @@ class LoadBalancerTest(unittest.TestCase):
         self.m.StubOutWithMock(instance.Instance, 'nova')
         self.m.StubOutWithMock(self.fc.servers, 'create')
         self.m.StubOutWithMock(Metadata, '__set__')
+        self.fkc = test_fakes.FakeKeystoneClient(
+            username='test_stack.CfnLBUser')
 
     def tearDown(self):
         self.m.UnsetStubs()
@@ -84,6 +88,11 @@ class LoadBalancerTest(unittest.TestCase):
         return resource
 
     def test_loadbalancer(self):
+        self.m.StubOutWithMock(user.User, 'keystone')
+        user.User.keystone().MultipleTimes().AndReturn(self.fkc)
+        self.m.StubOutWithMock(user.AccessKey, 'keystone')
+        user.AccessKey.keystone().MultipleTimes().AndReturn(self.fkc)
+
         lb.LoadBalancer.nova().AndReturn(self.fc)
         instance.Instance.nova().MultipleTimes().AndReturn(self.fc)
         self.fc.servers.create(