From 2f0412e6715e5a64d97d6a8c58f6e14abdb6d477 Mon Sep 17 00:00:00 2001
From: Jay Pipes <jaypipes@gmail.com>
Date: Tue, 18 Dec 2012 17:45:23 -0500
Subject: [PATCH] Adds way to configure what sections of secret databag are
 called

* Also adds two convenience routines for db_password and service_password
---
 README.md             |  6 ++++--
 attributes/default.rb | 10 ++++++++++
 libraries/default.rb  | 18 ++++++++++++++++++
 spec/default_spec.rb  | 38 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 70 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index ba99fd0d..f2c8ea1d 100644
--- a/README.md
+++ b/README.md
@@ -28,6 +28,8 @@ This cookbook exposes a set of default library routines:
  * `db_uri` -- Returns the SQLAlchemy RFC-1738 DB URI (see: http://rfc.net/rfc1738.html) for a named OpenStack database
  * `db_create_with_user` -- Creates a database and database user for a named OpenStack database
  * `secret` -- Returns the value of an encrypted data bag for a named OpenStack secret key and key-section
+  * `db_password` -- Ease-of-use helper that returns the decrypted database password for a named OpenStack database
+  * `service_password` -- Ease-of-use helper that returns the decrypted service password for named OpenStack service
 
 Usage
 -----
@@ -56,10 +58,10 @@ require "uri"
 puts ::URI.decode nova_api_ap.to_s
 ```
 
-Example of using the `secret` and `db\_uri` routine:
+Example of using the `db_password` and `db_uri` routine:
 
 ```ruby
-db_pass = secret "passwords", "cinder"
+db_pass = db_password "cinder"
 db_user = node["cinder"]["db"]["user"]
 sql_connection = db_uri "volume", db_user, db_pass
 
diff --git a/attributes/default.rb b/attributes/default.rb
index e3c91d15..6a38e250 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -35,6 +35,16 @@ default["openstack"]["developer_mode"] = false
 # values in the data bag.
 default["openstack"]["secret"]["key_path"] = "/etc/chef/openstack_data_bag_secret"
 
+# The section name in the encrypted data bag that stores DB passwords, with
+# each key in the section corresponding to a named OpenStack database, like
+# "compute", "image", "identity", etc.
+default["openstack"]["secret"]["service_passwords_section"] = "service_passwords"
+
+# The section name in the encrypted data bag that stores DB passwords, with
+# each key in the section corresponding to a named OpenStack database, like
+# "nova", "cinder", etc.
+default["openstack"]["secret"]["db_passwords_section"] = "db_passwords"
+
 # ========================= Package and Repository Setup ======================
 #
 # Various Linux distributions provide OpenStack packages and repositories.
diff --git a/libraries/default.rb b/libraries/default.rb
index 43175410..4e375129 100644
--- a/libraries/default.rb
+++ b/libraries/default.rb
@@ -174,6 +174,24 @@ module ::Openstack
     ::Chef::EncryptedDataBagItem.load(section, index, key_path)
   end
 
+  # Ease-of-use/standardization routine that returns a service password
+  # for a named OpenStack service. Not that databases are named
+  # after the OpeNStack project nickname, like "nova" or "glance", but services
+  # are typically named after the official API, like "compute", "image", or "identity"
+  def service_password service
+    section = node["openstack"]["secret"]["service_passwords_section"]
+    secret section, service
+  end
+
+  # Ease-of-use/standardization routine that returns a database password
+  # for a named OpenStack database. Note that databases are named
+  # after the OpeNStack project nickname, like "nova" or "glance", but services
+  # are typically named after the official API, like "compute", "image", or "identity"
+  def db_password service
+    section = node["openstack"]["secret"]["db_passwords_section"]
+    secret section, service
+  end
+
 private
   # Instead of specifying the verbose node["openstack"]["endpoints"][name],
   # this shortcut allows the simpler and shorter endpoint(name)
diff --git a/spec/default_spec.rb b/spec/default_spec.rb
index f9f0fc58..e08626f6 100644
--- a/spec/default_spec.rb
+++ b/spec/default_spec.rb
@@ -192,4 +192,42 @@ describe ::Openstack do
       result.should eq value
     end
   end
+
+  describe "#service_password" do
+    it "returns index param when developer_mode is true" do
+      @chef_run = ::ChefSpec::ChefRunner.new do |n|
+        n.set["openstack"]["developer_mode"] = true
+      end
+      @chef_run.converge "openstack-common::default"
+      @subject.stub(:node).and_return @chef_run.node
+      result = @subject.service_password("nova")
+      result.should eq "nova"
+    end
+    it "returns databag when developer_mode is false" do
+      value = "this"
+      ::Chef::EncryptedDataBagItem.stub(:load).with("service_passwords", "nova", "/etc/chef/openstack_data_bag_secret").and_return value
+      @subject.stub(:node).and_return @chef_run.node
+      result = @subject.service_password("nova")
+      result.should eq value
+    end
+  end
+
+  describe "#db_password" do
+    it "returns index param when developer_mode is true" do
+      @chef_run = ::ChefSpec::ChefRunner.new do |n|
+        n.set["openstack"]["developer_mode"] = true
+      end
+      @chef_run.converge "openstack-common::default"
+      @subject.stub(:node).and_return @chef_run.node
+      result = @subject.db_password("nova")
+      result.should eq "nova"
+    end
+    it "returns databag when developer_mode is false" do
+      value = "this"
+      ::Chef::EncryptedDataBagItem.stub(:load).with("db_passwords", "nova", "/etc/chef/openstack_data_bag_secret").and_return value
+      @subject.stub(:node).and_return @chef_run.node
+      result = @subject.db_password("nova")
+      result.should eq value
+    end
+  end
 end