Hi, Heat creates a keystone user for every resource which uses a CFN_SIGNAL. Heat also stores their AWS credentials in the heat.resource_data table.
These credentials/users are restricted to operate only on limited (1?) resource, with very limited operations (3?). Normally these resource users are member of only a special heat domain and tenant. Looks like heat has everything to have CFN/hashmac working without touching the keystone service. Why heat needs to store anything in keystone regarding to the CFN_SIGNALS ? Is these credentials supposed to be used anywhere else than on heat? Best Regards, Attila __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
