heat-keystone-setup : change role to heat_stack_user

Change heat_instance role name to heat_stack_user after discussions Change-Id: I14e95df0e02d82566f4758510ae38f6b26ccb532 Signed-off-by: Steven Hardy <shardy@redhat.com>
author: Steven Hardy <shardy@redhat.com> 2012-10-25 14:04:49 +0100
committer: Steven Hardy <shardy@redhat.com> 2012-10-25 14:04:49 +0100
commit: 70b609567d72fa22d645df0665308af98418e4fd (patch)
tree: 9beba1d65379bf874ce2d2093e55627606009f7c /bin/heat-keystone-setup
parent: cd9a3a7c95f560551214c10784590111537ff3f1 (diff)
download: heat-70b609567d72fa22d645df0665308af98418e4fd.tar.gz
1 files changed, 6 insertions, 3 deletions
diff --git a/bin/heat-keystone-setup b/bin/heat-keystone-setup
index 7fb740069..9c8669b63 100755
--- a/bin/heat-keystone-setup
+++ b/bin/heat-keystone-setup
@@ -207,9 +207,12 @@ HEAT_USERID=$(get_user $HEAT_USERNAME)
 echo HEAT_USERID $HEAT_USERID
 add_role $HEAT_USERID $SERVICE_TENANT $ADMIN_ROLE $HEAT_USERNAME
 
-# Create a special role which "instance users" are assigned to
-INSTANCE_ROLE="heat_instance"
-create_role $INSTANCE_ROLE
+# Create a special role which template-defined "stack users" are
+# assigned to in the engine when they are created, this allows them
+# to be more easily differentiated from other users (e.g so we can
+# lock down these implicitly untrusted users via RBAC policy)
+STACK_USER_ROLE="heat_stack_user"
+create_role $STACK_USER_ROLE
 
 HEAT_CFN_SERVICE=$(get_service heat-cfn cloudformation \
                    "Heat CloudFormation API")
author	Steven Hardy <shardy@redhat.com>	2012-10-25 14:04:49 +0100
committer	Steven Hardy <shardy@redhat.com>	2012-10-25 14:04:49 +0100
commit	70b609567d72fa22d645df0665308af98418e4fd (patch)
tree	9beba1d65379bf874ce2d2093e55627606009f7c /bin/heat-keystone-setup
parent	cd9a3a7c95f560551214c10784590111537ff3f1 (diff)
download	heat-70b609567d72fa22d645df0665308af98418e4fd.tar.gz