Adds way to configure what sections of secret databag are called

* Also adds two convenience routines for db_password and service_password
2012-12-18 17:45:23 -05:00
parent b535a64db3
commit 2f0412e671
4 changed files with 70 additions and 2 deletions
--- a/README.md
+++ b/README.md
@@ -28,6 +28,8 @@ This cookbook exposes a set of default library routines:
 * `db_uri` -- Returns the SQLAlchemy RFC-1738 DB URI (see: http://rfc.net/rfc1738.html) for a named OpenStack database
 * `db_create_with_user` -- Creates a database and database user for a named OpenStack database
 * `secret` -- Returns the value of an encrypted data bag for a named OpenStack secret key and key-section
+  * `db_password` -- Ease-of-use helper that returns the decrypted database password for a named OpenStack database
+  * `service_password` -- Ease-of-use helper that returns the decrypted service password for named OpenStack service

 Usage
 -----
@@ -56,10 +58,10 @@ require "uri"
 puts ::URI.decode nova_api_ap.to_s
 ```

-Example of using the `secret` and `db\_uri` routine:
+Example of using the `db_password` and `db_uri` routine:

 ```ruby
-db_pass = secret "passwords", "cinder"
+db_pass = db_password "cinder"
 db_user = node["cinder"]["db"]["user"]
 sql_connection = db_uri "volume", db_user, db_pass

--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -35,6 +35,16 @@ default["openstack"]["developer_mode"] = false
 # values in the data bag.
 default["openstack"]["secret"]["key_path"] = "/etc/chef/openstack_data_bag_secret"

+# The section name in the encrypted data bag that stores DB passwords, with
+# each key in the section corresponding to a named OpenStack database, like
+# "compute", "image", "identity", etc.
+default["openstack"]["secret"]["service_passwords_section"] = "service_passwords"
+
+# The section name in the encrypted data bag that stores DB passwords, with
+# each key in the section corresponding to a named OpenStack database, like
+# "nova", "cinder", etc.
+default["openstack"]["secret"]["db_passwords_section"] = "db_passwords"
+
 # ========================= Package and Repository Setup ======================
 #
 # Various Linux distributions provide OpenStack packages and repositories.
--- a/libraries/default.rb
+++ b/libraries/default.rb
@@ -174,6 +174,24 @@ module ::Openstack
    ::Chef::EncryptedDataBagItem.load(section, index, key_path)
  end

+  # Ease-of-use/standardization routine that returns a service password
+  # for a named OpenStack service. Not that databases are named
+  # after the OpeNStack project nickname, like "nova" or "glance", but services
+  # are typically named after the official API, like "compute", "image", or "identity"
+  def service_password service
+    section = node["openstack"]["secret"]["service_passwords_section"]
+    secret section, service
+  end
+
+  # Ease-of-use/standardization routine that returns a database password
+  # for a named OpenStack database. Note that databases are named
+  # after the OpeNStack project nickname, like "nova" or "glance", but services
+  # are typically named after the official API, like "compute", "image", or "identity"
+  def db_password service
+    section = node["openstack"]["secret"]["db_passwords_section"]
+    secret section, service
+  end
+
 private
  # Instead of specifying the verbose node["openstack"]["endpoints"][name],
  # this shortcut allows the simpler and shorter endpoint(name)
--- a/spec/default_spec.rb
+++ b/spec/default_spec.rb
@@ -192,4 +192,42 @@ describe ::Openstack do
      result.should eq value
    end
  end
+
+  describe "#service_password" do
+    it "returns index param when developer_mode is true" do
+      @chef_run = ::ChefSpec::ChefRunner.new do |n|
+        n.set["openstack"]["developer_mode"] = true
+      end
+      @chef_run.converge "openstack-common::default"
+      @subject.stub(:node).and_return @chef_run.node
+      result = @subject.service_password("nova")
+      result.should eq "nova"
+    end
+    it "returns databag when developer_mode is false" do
+      value = "this"
+      ::Chef::EncryptedDataBagItem.stub(:load).with("service_passwords", "nova", "/etc/chef/openstack_data_bag_secret").and_return value
+      @subject.stub(:node).and_return @chef_run.node
+      result = @subject.service_password("nova")
+      result.should eq value
+    end
+  end
+
+  describe "#db_password" do
+    it "returns index param when developer_mode is true" do
+      @chef_run = ::ChefSpec::ChefRunner.new do |n|
+        n.set["openstack"]["developer_mode"] = true
+      end
+      @chef_run.converge "openstack-common::default"
+      @subject.stub(:node).and_return @chef_run.node
+      result = @subject.db_password("nova")
+      result.should eq "nova"
+    end
+    it "returns databag when developer_mode is false" do
+      value = "this"
+      ::Chef::EncryptedDataBagItem.stub(:load).with("db_passwords", "nova", "/etc/chef/openstack_data_bag_secret").and_return value
+      @subject.stub(:node).and_return @chef_run.node
+      result = @subject.db_password("nova")
+      result.should eq value
+    end
+  end
 end