Allow to provide default password when invoke get_secret for develop mode

We need provide an option to specify a password when invoke the get_secret instead of to return the value of index directly. We can use the attribute node['openstack']['secret'][index] to save the password. Implements: blueprint vmware-password-databag Change-Id: Ie9421b60f8a6b38a976941c1fe9c33c2962f091e
2014-05-06 09:51:21 +08:00
parent 6fc8e58bab
commit 3a9695366b
4 changed files with 25 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,9 @@
 # CHANGELOG for cookbook-openstack-common

 This file is used to list changes made in each version of cookbook-openstack-common.
+## 9.3.0
+* Provide an option to specify the password when dev mode equals true
+
 ## 9.2.2
 * Fixed openrc failure on role search

--- a/libraries/passwords.rb
+++ b/libraries/passwords.rb
@@ -38,8 +38,16 @@ module ::Openstack # rubocop:disable Documentation
  # nova_password = secret 'passwords', 'nova'
  #
  # That means nova_password will == 'nova'.
+  #
+  # You also can provide a default password value in developer mode,
+  # like following:
+  #
+  # node.set['openstack']['secret']['nova'] = 'nova_password'
+  # nova_password = secret 'passwords', 'nova'
+  #
+  # The nova_password will == 'nova_password'
  def secret(bag_name, index)
-    return index if node['openstack']['developer_mode']
+    return (node['openstack']['secret'][index] || index) if node['openstack']['developer_mode']
    key_path = node['openstack']['secret']['key_path']
    ::Chef::Log.info "Loading encrypted databag #{bag_name}.#{index} using key at #{key_path}"
    secret = ::Chef::EncryptedDataBagItem.load_secret key_path
--- a/metadata.rb
+++ b/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email 'cookbooks@lists.tfoundry.com'
 license          'Apache 2.0'
 description      'Common OpenStack attributes, libraries and recipes.'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '9.2.2'
+version          '9.3.0'

 recipe           'openstack-common', 'Installs/Configures common recipes'
 recipe           'openstack-common::set_endpoints_by_interface', 'Set endpoints by interface'
--- a/spec/password_spec.rb
+++ b/spec/password_spec.rb
@@ -17,6 +17,12 @@ describe 'openstack-common::default' do
        expect(subject.secret('passwords', 'nova')).to eq('nova')
      end

+      it 'returns the specified password when developer_mode is true' do
+        node.set['openstack']['developer_mode'] = true
+        node.override['openstack']['secret']['nova'] = '12345'
+        expect(subject.secret('passwords', 'nova')).to eq('12345')
+      end
+
      it 'returns databag when developer_mode is false' do
        value = { 'nova' => 'this' }
        ::Chef::EncryptedDataBagItem.stub(:load_secret).with('/etc/chef/openstack_data_bag_secret').and_return('secret')
@@ -31,6 +37,12 @@ describe 'openstack-common::default' do
        expect(subject.get_secret('nova')).to eq('nova')
      end

+      it 'returns the specified password when developer_mode is true' do
+        node.set['openstack']['developer_mode'] = true
+        node.override['openstack']['secret']['nova'] = '67890'
+        expect(subject.get_secret('nova')).to eq('67890')
+      end
+
      it 'returns databag when developer_mode is false' do
        value = { 'nova' => 'this' }
        ::Chef::EncryptedDataBagItem.stub(:load_secret).with('/etc/chef/openstack_data_bag_secret').and_return('secret')