From 96ce97d543f94dc57baf4116fbde9f9cb1adc5c5 Mon Sep 17 00:00:00 2001
From: Jay Pipes <jaypipes@gmail.com>
Date: Tue, 8 Jan 2013 23:43:05 -0500
Subject: [PATCH] Changes to make sure the signing_dir is written properly

The auth_token middleware barfs if signing_dir is empty,
so only write the line into the paste ini section for the
auth_token middleware if the attribute is present and has
some value...
---
 README.md                                       | 12 ++----------
 attributes/default.rb                           |  2 ++
 templates/default/glance-api-paste.ini.erb      |  3 +++
 templates/default/glance-registry-paste.ini.erb |  4 ++++
 4 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index bb4461e..2bcd0d7 100644
--- a/README.md
+++ b/README.md
@@ -111,22 +111,14 @@ Attributes
 * `glance["user"] - User glance runs as
 * `glance["group"] - Group glance runs as
 * `glance["glance_api_chef_role"]` - The name of the Chef role that installs the Glance API service
-* `glance["db"]["name"]` - Name of glance database
-* `glance["db"]["user"]` - Username for glance database access
-* `glance["db"]["password"]` - Password for glance database access
-* `glance["api"]["ip_address"]` - IP address to use for communicating with the glance API
-* `glance["api"]["bind_address"]` - IP address for the glance API to bind to
-* `glance["api"]["port"]` - Port for the glance API to bind to
+* `glance["db"]["username"]` - Username for glance database access
 * `glance["api"]["adminURL"]` - Used when registering image endpoint with keystone
 * `glance["api"]["internalURL"]` - Used when registering image endpoint with keystone
 * `glance["api"]["publicURL"]` - Used when registering image endpoint with keystone
-* `glance["registry"]["ip_address"]` - IP address to use for communicating with the glance registry
-* `glance["registry"]["bind_address"]` - IP address for the glance registry to bind to
-* `glance["registry"]["port"]` - IP address for the glance port to bind to
 * `glance["service_tenant_name"]` - Tenant name used by glance when interacting with keystone - used in the API and registry paste.ini files
 * `glance["service_user"]` - User name used by glance when interacting with keystone - used in the API and registry paste.ini files
-* `glance["service_pass"]` - User password used by glance when interacting with keystone - used in the API and registry paste.ini files
 * `glance["service_role"]` - User role used by glance when interacting with keystone - used in the API and registry paste.ini files
+* `glance["signing_dir"]` - Directory that the `auth_token` middleware writes to if using PKI
 * `glance["image_upload"]` - Toggles whether to automatically upload images in the `glance["images"]` array
 * `glance["images"]` - Default list of images to upload to the glance repository as part of the install
 * `glance["image]["<imagename>"]` - URL location of the `<imagename>` image. There can be multiple instances of this line to define multiple imagess (eg natty, maverick, fedora17 etc)
diff --git a/attributes/default.rb b/attributes/default.rb
index 55c6595..796b1d4 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -44,6 +44,8 @@ default["glance"]["db"]["username"] = "glance" # node_attribute
 default["glance"]["service_tenant_name"] = "service"                        # node_attribute
 default["glance"]["service_user"] = "glance"                                # node_attribute
 default["glance"]["service_role"] = "admin"                                 # node_attribute
+default["glance"]["signing_dir"] = "/tmp/glance-signing-dir"
+
 default["glance"]["api"]["default_store"] = "file"                          # node_attribute
 default["glance"]["api"]["swift"]["container"] = "glance"             # node_attribute
 default["glance"]["api"]["swift"]["large_object_size"] = "200"        # node_attribute
diff --git a/templates/default/glance-api-paste.ini.erb b/templates/default/glance-api-paste.ini.erb
index 0461ee9..05fcc6c 100644
--- a/templates/default/glance-api-paste.ini.erb
+++ b/templates/default/glance-api-paste.ini.erb
@@ -63,3 +63,6 @@ admin_tenant_name = <%= node["glance"]["service_tenant_name"] %>
 admin_user = <%= node["glance"]["service_user"] %>
 admin_password = <%= @service_pass %>
 delay_auth_decision = true
+<% if node["glance"]["signing_dir"] %>
+signing_dir = <%= node["glance"]["signing_dir"] %>
+<% end %>
diff --git a/templates/default/glance-registry-paste.ini.erb b/templates/default/glance-registry-paste.ini.erb
index 10ece8f..70f7178 100644
--- a/templates/default/glance-registry-paste.ini.erb
+++ b/templates/default/glance-registry-paste.ini.erb
@@ -27,3 +27,7 @@ auth_protocol = <%= @identity_endpoint.scheme %>
 admin_tenant_name = <%= node["glance"]["service_tenant_name"] %>
 admin_user = <%= node["glance"]["service_user"] %>
 admin_password = <%= @service_pass %>
+delay_auth_decision = true
+<% if node["glance"]["signing_dir"] %>
+signing_dir = <%= node["glance"]["signing_dir"] %>
+<% end %>