Move to use "get_password" instead of "{user,service,db}_password"

The user_password, service_password and db_password functions are redundant since they simply call "secret". Creates a get_password function that will accept a "type" of db, service or user. All instances of these calls have been changed to call get_password. Interim commit that keeps the service,db and user functions in order to merge other changes. Change-Id: Iba4a611b387d0975e8a23cc758d2ac7dec8210ad Partial-Bug: #1195915
2014-01-15 12:06:51 +00:00
parent 77dadb3e05
commit 5e7592dc18
5 changed files with 25 additions and 17 deletions
--- a/README.md
+++ b/README.md
@@ -87,9 +87,7 @@ This cookbook exposes a set of default library routines:
 * `db_uri` -- Returns the SQLAlchemy RFC-1738 DB URI (see: http://rfc.net/rfc1738.html) for a named OpenStack database
 * `db_create_with_user` -- Creates a database and database user for a named OpenStack database
 * `secret` -- Returns the value of an encrypted data bag for a named OpenStack secret key and key-section
-* `db_password` -- Ease-of-use helper that returns the decrypted database password for a named OpenStack database
-* `service_password` -- Ease-of-use helper that returns the decrypted service password for named OpenStack service
-* `user_password` -- Ease-of-use helper that returns the decrypted password for a Keystone user
+* `get_password` -- Ease-of-use helper that returns the decrypted password for a named database, service or keystone user.

 Usage
 -----
@@ -118,10 +116,10 @@ require "uri"
 puts ::URI.decode nova_api_ap.to_s
 ```

-Example of using the `db_password` and `db_uri` routine:
+Example of using the `get_password` and `db_uri` routine:

 ```ruby
-db_pass = db_password "cinder"
+db_pass = get_password "db" "cinder"
 db_user = node["cinder"]["db"]["user"]
 sql_connection = db_uri "volume", db_user, db_pass

--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -363,7 +363,7 @@ default['openstack']['db']['orchestration']['db_name'] = 'heat'
 default['openstack']['db']['root_user_use_databag'] = false

 # If above root_user_use_databag is true, the below string
-# will be passed to the user_password library routine.
+# will be passed to the get_password library routine.
 default['openstack']['db']['root_user_key'] = 'mysqlroot'

 # logging.conf list keypairs module_name => log level to write
--- a/libraries/database.rb
+++ b/libraries/database.rb
@@ -42,7 +42,7 @@ module ::Openstack
        super_user = "postgres"
        if root_user_use_databag
          user_key = node['openstack']['db']['root_user_key']
-          super_password = user_password user_key
+          super_password = get_password "user", user_key
        else
          super_password = node['postgresql']['password']['postgres']
        end
@@ -55,7 +55,7 @@ module ::Openstack

        if root_user_use_databag
          user_key = node['openstack']['db']['root_user_key']
-          super_password = user_password user_key
+          super_password = get_password "user", user_key
        else
          super_password = node['mysql']['server_root_password']
        end
--- a/libraries/passwords.rb
+++ b/libraries/passwords.rb
@@ -46,6 +46,16 @@ module ::Openstack
    ::Chef::EncryptedDataBagItem.load(bag_name, index, secret)[index]
  end

+  def get_password type, key
+    if ["db", "user", "service"].include?(type)
+      secret node["openstack"]["secret"]["#{type}_passwords_data_bag"], key
+    else
+      ::Chef::Log.error("Unsupported type for get_password: #{type}")
+    end
+  end
+
+  # TODO(andymccr): Remove these once other changes have merged to use get_password
+
  # Ease-of-use/standardization routine that returns a service password
  # for a named OpenStack service. Note that databases are named
  # after the OpenStack project nickname, like "nova" or "glance"
--- a/spec/password_spec.rb
+++ b/spec/password_spec.rb
@@ -28,14 +28,14 @@ describe ::Openstack do
    end
  end

-  describe "#service_password" do
+  describe "#get_password_service_password" do
    it "returns index param when developer_mode is true" do
      @chef_run = ::ChefSpec::Runner.new(::CHEFSPEC_OPTS) do |n|
        n.set["openstack"]["developer_mode"] = true
      end
      @chef_run.converge "openstack-common::default"
      @subject.stub(:node).and_return @chef_run.node
-      result = @subject.service_password("nova")
+      result = @subject.get_password("service", "nova")
      result.should == "nova"
    end
    it "returns databag when developer_mode is false" do
@@ -43,19 +43,19 @@ describe ::Openstack do
      ::Chef::EncryptedDataBagItem.stub(:load_secret).with("/etc/chef/openstack_data_bag_secret").and_return "secret"
      ::Chef::EncryptedDataBagItem.stub(:load).with("service_passwords", "nova", "secret").and_return value
      @subject.stub(:node).and_return @chef_run.node
-      result = @subject.service_password("nova")
+      result = @subject.get_password("service", "nova")
      result.should == "this"
    end
  end

-  describe "#db_password" do
+  describe "#get_password_db_password" do
    it "returns index param when developer_mode is true" do
      @chef_run = ::ChefSpec::Runner.new(::CHEFSPEC_OPTS) do |n|
        n.set["openstack"]["developer_mode"] = true
      end
      @chef_run.converge "openstack-common::default"
      @subject.stub(:node).and_return @chef_run.node
-      result = @subject.db_password("nova")
+      result = @subject.get_password("db", "nova")
      result.should == "nova"
    end
    it "returns databag when developer_mode is false" do
@@ -63,19 +63,19 @@ describe ::Openstack do
      ::Chef::EncryptedDataBagItem.stub(:load_secret).with("/etc/chef/openstack_data_bag_secret").and_return "secret"
      ::Chef::EncryptedDataBagItem.stub(:load).with("db_passwords", "nova", "secret").and_return value
      @subject.stub(:node).and_return @chef_run.node
-      result = @subject.db_password("nova")
+      result = @subject.get_password("db", "nova")
      result.should == "this"
    end
  end

-  describe "#user_password" do
+  describe "#get_password_user_password" do
    it "returns index param when developer_mode is true" do
      @chef_run = ::ChefSpec::Runner.new(::CHEFSPEC_OPTS) do |n|
        n.set["openstack"]["developer_mode"] = true
      end
      @chef_run.converge "openstack-common::default"
      @subject.stub(:node).and_return @chef_run.node
-      result = @subject.user_password("nova")
+      result = @subject.get_password("user", "nova")
      result.should == "nova"
    end
    it "returns databag when developer_mode is false" do
@@ -83,7 +83,7 @@ describe ::Openstack do
      ::Chef::EncryptedDataBagItem.stub(:load_secret).with("/etc/chef/openstack_data_bag_secret").and_return "secret"
      ::Chef::EncryptedDataBagItem.stub(:load).with("user_passwords", "nova", "secret").and_return value
      @subject.stub(:node).and_return @chef_run.node
-      result = @subject.user_password("nova")
+      result = @subject.get_password("user", "nova")
      result.should == "this"
    end
  end