From 75b531e70ecd61cb75b8311e876fb2fa28b9e9c1 Mon Sep 17 00:00:00 2001
From: Darren Birkett <darren.birkett@gmail.com>
Date: Fri, 18 May 2012 11:07:40 +0100
Subject: [PATCH] use secure password unless 'developer_mode' flag is set in
 environment

---
 attributes/default.rb  | 3 ++-
 recipes/nova-common.rb | 9 +++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/attributes/default.rb b/attributes/default.rb
index bc244775..c9c03879 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -1,6 +1,7 @@
 default["nova"]["db"]["name"] = "nova"
 default["nova"]["db"]["username"] = "nova"
-default["nova"]["db"]["password"] = "nova"
+# Replacing with OpenSSL::Password in recipes/nova-common.rb
+#default["nova"]["db"]["password"] = "nova"
 
 default["nova"]["service_tenant_name"] = "service"
 default["nova"]["service_user"] = "nova"
diff --git a/recipes/nova-common.rb b/recipes/nova-common.rb
index 081f1875..87d446f0 100644
--- a/recipes/nova-common.rb
+++ b/recipes/nova-common.rb
@@ -17,6 +17,15 @@
 # limitations under the License.
 #
 
+::Chef::Recipe.send(:include, Opscode::OpenSSL::Password)
+
+# Allow for using a well known db password
+if node["developer_mode"]
+  node.set_unless["nova"]["db"]["password"] = "nova"
+else
+  node.set_unless["nova"]["db"]["password"] = secure_password
+end
+
 # Distribution specific settings go here
 if platform?(%w{fedora})
   # Fedora