From: Steven Hardy <shardy@redhat.com>
Date: Thu, 25 Oct 2012 13:04:49 +0000 (+0100)
Subject: heat-keystone-setup : change role to heat_stack_user
X-Git-Tag: 2014.1~1268
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=70b609567d72fa22d645df0665308af98418e4fd;p=openstack-build%2Fheat-build.git

heat-keystone-setup : change role to heat_stack_user

Change heat_instance role name to heat_stack_user after discussions

Change-Id: I14e95df0e02d82566f4758510ae38f6b26ccb532
Signed-off-by: Steven Hardy <shardy@redhat.com>
---

diff --git a/bin/heat-keystone-setup b/bin/heat-keystone-setup
index 7fb74006..9c8669b6 100755
--- a/bin/heat-keystone-setup
+++ b/bin/heat-keystone-setup
@@ -207,9 +207,12 @@ HEAT_USERID=$(get_user $HEAT_USERNAME)
 echo HEAT_USERID $HEAT_USERID
 add_role $HEAT_USERID $SERVICE_TENANT $ADMIN_ROLE $HEAT_USERNAME
 
-# Create a special role which "instance users" are assigned to
-INSTANCE_ROLE="heat_instance"
-create_role $INSTANCE_ROLE
+# Create a special role which template-defined "stack users" are
+# assigned to in the engine when they are created, this allows them
+# to be more easily differentiated from other users (e.g so we can
+# lock down these implicitly untrusted users via RBAC policy)
+STACK_USER_ROLE="heat_stack_user"
+create_role $STACK_USER_ROLE
 
 HEAT_CFN_SERVICE=$(get_service heat-cfn cloudformation \
                    "Heat CloudFormation API")