From 3a9695366baec27de0633c23580bdbc639dedd64 Mon Sep 17 00:00:00 2001 From: gengjh Date: Tue, 6 May 2014 09:51:21 +0800 Subject: [PATCH] Allow to provide default password when invoke get_secret for develop mode We need provide an option to specify a password when invoke the get_secret instead of to return the value of index directly. We can use the attribute node['openstack']['secret'][index] to save the password. Implements: blueprint vmware-password-databag Change-Id: Ie9421b60f8a6b38a976941c1fe9c33c2962f091e --- CHANGELOG.md | 3 +++ libraries/passwords.rb | 10 +++++++++- metadata.rb | 2 +- spec/password_spec.rb | 12 ++++++++++++ 4 files changed, 25 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b3e735e6..7d6f6a61 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,9 @@ # CHANGELOG for cookbook-openstack-common This file is used to list changes made in each version of cookbook-openstack-common. +## 9.3.0 +* Provide an option to specify the password when dev mode equals true + ## 9.2.2 * Fixed openrc failure on role search diff --git a/libraries/passwords.rb b/libraries/passwords.rb index ecd5b666..26ebb161 100644 --- a/libraries/passwords.rb +++ b/libraries/passwords.rb @@ -38,8 +38,16 @@ module ::Openstack # rubocop:disable Documentation # nova_password = secret 'passwords', 'nova' # # That means nova_password will == 'nova'. + # + # You also can provide a default password value in developer mode, + # like following: + # + # node.set['openstack']['secret']['nova'] = 'nova_password' + # nova_password = secret 'passwords', 'nova' + # + # The nova_password will == 'nova_password' def secret(bag_name, index) - return index if node['openstack']['developer_mode'] + return (node['openstack']['secret'][index] || index) if node['openstack']['developer_mode'] key_path = node['openstack']['secret']['key_path'] ::Chef::Log.info "Loading encrypted databag #{bag_name}.#{index} using key at #{key_path}" secret = ::Chef::EncryptedDataBagItem.load_secret key_path diff --git a/metadata.rb b/metadata.rb index 2447c677..70e4f8d9 100755 --- a/metadata.rb +++ b/metadata.rb @@ -4,7 +4,7 @@ maintainer_email 'cookbooks@lists.tfoundry.com' license 'Apache 2.0' description 'Common OpenStack attributes, libraries and recipes.' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '9.2.2' +version '9.3.0' recipe 'openstack-common', 'Installs/Configures common recipes' recipe 'openstack-common::set_endpoints_by_interface', 'Set endpoints by interface' diff --git a/spec/password_spec.rb b/spec/password_spec.rb index 8fed83f5..ffeee17a 100644 --- a/spec/password_spec.rb +++ b/spec/password_spec.rb @@ -17,6 +17,12 @@ describe 'openstack-common::default' do expect(subject.secret('passwords', 'nova')).to eq('nova') end + it 'returns the specified password when developer_mode is true' do + node.set['openstack']['developer_mode'] = true + node.override['openstack']['secret']['nova'] = '12345' + expect(subject.secret('passwords', 'nova')).to eq('12345') + end + it 'returns databag when developer_mode is false' do value = { 'nova' => 'this' } ::Chef::EncryptedDataBagItem.stub(:load_secret).with('/etc/chef/openstack_data_bag_secret').and_return('secret') @@ -31,6 +37,12 @@ describe 'openstack-common::default' do expect(subject.get_secret('nova')).to eq('nova') end + it 'returns the specified password when developer_mode is true' do + node.set['openstack']['developer_mode'] = true + node.override['openstack']['secret']['nova'] = '67890' + expect(subject.get_secret('nova')).to eq('67890') + end + it 'returns databag when developer_mode is false' do value = { 'nova' => 'this' } ::Chef::EncryptedDataBagItem.stub(:load_secret).with('/etc/chef/openstack_data_bag_secret').and_return('secret')