Merge "Don't create empty secret_key_path file"

2014-02-28 16:37:12 +00:00 · 2014-02-28 16:37:12 +00:00 · 1351ce60c2
parent da87debeba 113823a6c2
commit 1351ce60c2
4 changed files with 31 additions and 23 deletions
--- a/recipes/server.rb
+++ b/recipes/server.rb
@ -156,7 +156,12 @@ file node['openstack']['dashboard']['secret_key_path'] do
  owner node['openstack']['dashboard']['horizon_user']
  group node['openstack']['dashboard']['horizon_group']
  mode 00600
-  unless node['openstack']['dashboard']['secret_key_content'].nil?
+  # the only time the file should be created is if we have secret_key_content
+  # set, otherwise let apache create it when someone first accesses the
+  # dashboard
+  if node['openstack']['dashboard']['secret_key_content'].nil?
+    only_if { ::File.exists?(node['openstack']['dashboard']['secret_key_path']) }
+  else
    content node['openstack']['dashboard']['secret_key_content']
    notifies :restart, 'service[apache2]'
  end
--- a/spec/server-redhat_spec.rb
+++ b/spec/server-redhat_spec.rb
@ -99,7 +99,7 @@ describe 'openstack-dashboard::server' do
      expect(chef_run).to render_file(file.name).with_content('WSGIDaemonProcess dashboard user=apache')
    end

-    it 'has group write mode on file with attribute defaults' do
+    it 'has correct ownership on file with attribute defaults' do
      file = chef_run.file('/usr/share/openstack-dashboard/openstack_dashboard/local/.secret_key_store')
      expect(file.owner).to eq('apache')
      expect(file.group).to eq('apache')
--- a/spec/server-suse_spec.rb
+++ b/spec/server-suse_spec.rb
@ -58,7 +58,7 @@ describe 'openstack-dashboard::server' do
      end
    end

-    it 'has group write mode on file with attribute defaults' do
+    it 'has correct ownership on file with attribute defaults' do
      file = chef_run.file('/srv/www/openstack-dashboard/openstack_dashboard/local/.secret_key_store')
      expect(file.owner).to eq('wwwrun')
      expect(file.group).to eq('www')
--- a/spec/server_spec.rb
+++ b/spec/server_spec.rb
@ -290,16 +290,24 @@ describe 'openstack-dashboard::server' do
      end
    end

-    describe 'secret key file' do
+    describe 'secret_key_path file' do
      secret_key_path = '/var/lib/openstack-dashboard/secret_key'
+      let(:file) { chef_run.file(secret_key_path) }

-      it 'has group write mode on file with attribute defaults' do
-        file = chef_run.file(secret_key_path)
+      it 'has correct ownership' do
        expect(file.owner).to eq('horizon')
        expect(file.group).to eq('horizon')
      end

-      it 'has group write mode on file' do
+      it 'has correct mode' do
+        expect(file.mode).to eq(00600)
+      end
+
+      it 'does not notify apache2 restart' do
+        expect(file).not_to notify('service[apache2]').to(:restart)
+      end
+
+      it 'has configurable path and ownership settings' do
        node.set['openstack']['dashboard']['secret_key_path'] = 'somerandompath'
        node.set['openstack']['dashboard']['horizon_user'] = 'somerandomuser'
        node.set['openstack']['dashboard']['horizon_group'] = 'somerandomgroup'
@ -308,16 +316,18 @@ describe 'openstack-dashboard::server' do
        expect(file.group).to eq('somerandomgroup')
      end

-      it 'has configurable secret_key_content setting' do
-        node.set['openstack']['dashboard']['secret_key_content'] = 'somerandomcontent'
-        file = chef_run.file(secret_key_path)
-        expect(chef_run).to render_file(file.name).with_content('somerandomcontent')
-      end
+      describe 'secret_key_content set' do
+        before do
+          node.set['openstack']['dashboard']['secret_key_content'] = 'somerandomcontent'
+        end

-      it 'notifies apache2 restart when secret_key_content set' do
-        node.set['openstack']['dashboard']['secret_key_content'] = 'somerandomcontent'
-        file = chef_run.file(secret_key_path)
-        expect(file).to notify('service[apache2]').to(:restart)
+        it 'has configurable secret_key_content setting' do
+          expect(chef_run).to render_file(file.name).with_content('somerandomcontent')
+        end
+
+        it 'notifies apache2 restart when secret_key_content set' do
+          expect(file).to notify('service[apache2]').to(:restart)
+        end
      end
    end

@ -373,12 +383,5 @@ describe 'openstack-dashboard::server' do
      expect(path.mode).to eq(02770)
      expect(path.group).to eq(chef_run.node['openstack']['dashboard']['horizon_group'])
    end
-
-    it 'has correct permission on file' do
-      file = chef_run.file("#{chef_run.node['openstack']['dashboard']['secret_key_path']}")
-      expect(file.owner).to eq(chef_run.node['openstack']['dashboard']['horizon_user'])
-      expect(file.group).to eq(chef_run.node['openstack']['dashboard']['horizon_group'])
-      expect(file.mode).to eq(00600)
-    end
  end
 end