openstack/cookbook-openstack-common
Code Issues Proposed changes

Adds way to configure what sections of secret databag are called

Browse Source 
* Also adds two convenience routines for db_password and service_password
This commit is contained in:
Jay Pipes
2012-12-18 17:45:23 -05:00
parent b535a64db3
commit 2f0412e671
4 changed files with 70 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -28,6 +28,8 @@ This cookbook exposes a set of default library routines:
* `db_uri` -- Returns the SQLAlchemy RFC-1738 DB URI (see: http://rfc.net/rfc1738.html) for a named OpenStack database * `db_uri` -- Returns the SQLAlchemy RFC-1738 DB URI (see: http://rfc.net/rfc1738.html) for a named OpenStack database
* `db_create_with_user` -- Creates a database and database user for a named OpenStack database * `db_create_with_user` -- Creates a database and database user for a named OpenStack database
* `secret` -- Returns the value of an encrypted data bag for a named OpenStack secret key and key-section * `secret` -- Returns the value of an encrypted data bag for a named OpenStack secret key and key-section
* `db_password` -- Ease-of-use helper that returns the decrypted database password for a named OpenStack database
* `service_password` -- Ease-of-use helper that returns the decrypted service password for named OpenStack service
Usage Usage
----- -----
@@ -56,10 +58,10 @@ require "uri"
puts ::URI.decode nova_api_ap.to_s puts ::URI.decode nova_api_ap.to_s
``` ```
Example of using the `secret` and `db\_uri` routine: Example of using the `db_password` and `db_uri` routine:
```ruby ```ruby
db_pass = secret "passwords", "cinder" db_pass = db_password "cinder"
db_user = node["cinder"]["db"]["user"] db_user = node["cinder"]["db"]["user"]
sql_connection = db_uri "volume", db_user, db_pass sql_connection = db_uri "volume", db_user, db_pass

10
attributes/default.rb
View File

@@ -35,6 +35,16 @@ default["openstack"]["developer_mode"] = false
# values in the data bag. # values in the data bag.
default["openstack"]["secret"]["key_path"] = "/etc/chef/openstack_data_bag_secret" default["openstack"]["secret"]["key_path"] = "/etc/chef/openstack_data_bag_secret"
# The section name in the encrypted data bag that stores DB passwords, with
# each key in the section corresponding to a named OpenStack database, like
# "compute", "image", "identity", etc.
default["openstack"]["secret"]["service_passwords_section"] = "service_passwords"
# The section name in the encrypted data bag that stores DB passwords, with
# each key in the section corresponding to a named OpenStack database, like
# "nova", "cinder", etc.
default["openstack"]["secret"]["db_passwords_section"] = "db_passwords"
# ========================= Package and Repository Setup ====================== # ========================= Package and Repository Setup ======================
# #
# Various Linux distributions provide OpenStack packages and repositories. # Various Linux distributions provide OpenStack packages and repositories.

18
libraries/default.rb
View File

@@ -174,6 +174,24 @@ module ::Openstack
::Chef::EncryptedDataBagItem.load(section, index, key_path) ::Chef::EncryptedDataBagItem.load(section, index, key_path)
end end
# Ease-of-use/standardization routine that returns a service password
# for a named OpenStack service. Not that databases are named
# after the OpeNStack project nickname, like "nova" or "glance", but services
# are typically named after the official API, like "compute", "image", or "identity"
def service_password service
section = node["openstack"]["secret"]["service_passwords_section"]
secret section, service
end
# Ease-of-use/standardization routine that returns a database password
# for a named OpenStack database. Note that databases are named
# after the OpeNStack project nickname, like "nova" or "glance", but services
# are typically named after the official API, like "compute", "image", or "identity"
def db_password service
section = node["openstack"]["secret"]["db_passwords_section"]
secret section, service
end
private private
# Instead of specifying the verbose node["openstack"]["endpoints"][name], # Instead of specifying the verbose node["openstack"]["endpoints"][name],
# this shortcut allows the simpler and shorter endpoint(name) # this shortcut allows the simpler and shorter endpoint(name)

38
spec/default_spec.rb
View File

@@ -192,4 +192,42 @@ describe ::Openstack do
result.should eq value result.should eq value
end end
end end
describe "#service_password" do
it "returns index param when developer_mode is true" do
@chef_run = ::ChefSpec::ChefRunner.new do |n|
n.set["openstack"]["developer_mode"] = true
end
@chef_run.converge "openstack-common::default"
@subject.stub(:node).and_return @chef_run.node
result = @subject.service_password("nova")
result.should eq "nova"
end
it "returns databag when developer_mode is false" do
value = "this"
::Chef::EncryptedDataBagItem.stub(:load).with("service_passwords", "nova", "/etc/chef/openstack_data_bag_secret").and_return value
@subject.stub(:node).and_return @chef_run.node
result = @subject.service_password("nova")
result.should eq value
end
end
describe "#db_password" do
it "returns index param when developer_mode is true" do
@chef_run = ::ChefSpec::ChefRunner.new do |n|
n.set["openstack"]["developer_mode"] = true
end
@chef_run.converge "openstack-common::default"
@subject.stub(:node).and_return @chef_run.node
result = @subject.db_password("nova")
result.should eq "nova"
end
it "returns databag when developer_mode is false" do
value = "this"
::Chef::EncryptedDataBagItem.stub(:load).with("db_passwords", "nova", "/etc/chef/openstack_data_bag_secret").and_return value
@subject.stub(:node).and_return @chef_run.node
result = @subject.db_password("nova")
result.should eq value
end
end
end end