78 lines
2.4 KiB
YAML
78 lines
2.4 KiB
YAML
################################################################################
|
|
# Copyright (c) 2013-2015 Wind River Systems, Inc.
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
################################################################################
|
|
#
|
|
# Objective:
|
|
# Demonstrate constructing the heat resource OS::Heat::AccessPolicy
|
|
# This creates an accesspolicy which can be set for a User
|
|
#
|
|
# Pre-Reqs:
|
|
# Normal Lab Setup (networks, host interfaces)
|
|
# A network named private-net0 with permission to create ports
|
|
#
|
|
# Mandatory Template Parameters:
|
|
# None
|
|
#
|
|
# Tenant Considerations:
|
|
# Cannot be run as tenant.
|
|
#
|
|
# Sample CLI syntax:
|
|
# heat stack-create -f OS_Heat_AccessPolicy.yaml STACK
|
|
#
|
|
# Expected Outcome:
|
|
# A newly created neutron port
|
|
# neutron port-list
|
|
# A new (v3) User with access to the port
|
|
# The user will not be visible using the CLI (v2) list commands
|
|
# heat resource-list STACK
|
|
# openstack user show <UUID of user>
|
|
#
|
|
################################################################################
|
|
|
|
heat_template_version: 2015-04-30
|
|
|
|
description: >
|
|
Demonstrate the OS::Heat::AccessPolicy heat resource
|
|
|
|
parameters:
|
|
|
|
NETWORK:
|
|
description: Network used by the access policy (neutron net-list)
|
|
type: string
|
|
default: private-net0
|
|
constraints:
|
|
- custom_constraint: neutron.network
|
|
|
|
|
|
resources:
|
|
|
|
# AccessPolicy grants access to resources created as part of the stack
|
|
OS_Heat_AccessPolicy:
|
|
type: OS::Heat::AccessPolicy
|
|
properties:
|
|
#################################################
|
|
# Required properties
|
|
#################################################
|
|
# AllowedResources: {
|
|
# description: Resources that users are allowed to access by the
|
|
# DescribeStackResource API., required: true, type: list}
|
|
# Note: that this is a list of names and not references
|
|
AllowedResources: [ some_port, ]
|
|
|
|
#################################################
|
|
# Optional properties: None
|
|
#################################################
|
|
|
|
some_user:
|
|
type: AWS::IAM::User
|
|
properties:
|
|
Policies: [ { get_resource: OS_Heat_AccessPolicy } ]
|
|
|
|
some_port:
|
|
type: OS::Neutron::Port
|
|
properties:
|
|
network: { get_param: NETWORK }
|