use variable fernet-key data bag
instead of hard coded vault name the attribute ['openstack']['secret']['secrets_data_bag'] is used. Change-Id: I286fbfe89395544d1f8d0139acca0d689e4737fa Closes-Bug: #1714523
This commit is contained in:
parent
275c12c3a6
commit
79e57bd799
|
@ -33,7 +33,8 @@ directory key_repository do
|
|||
end
|
||||
|
||||
node['openstack']['identity']['fernet']['keys'].each do |key_index|
|
||||
key = secret('keystone', "fernet_key#{key_index}")
|
||||
key = secret(node['openstack']['secret']['secrets_data_bag'],
|
||||
"fernet_key#{key_index}")
|
||||
file File.join(key_repository, key_index.to_s) do
|
||||
content key
|
||||
owner node['openstack']['identity']['user']
|
||||
|
|
|
@ -65,10 +65,10 @@ shared_context 'identity_stubs' do
|
|||
.with('user', 'admin')
|
||||
.and_return('admin')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||
.with('keystone', 'fernet_key0')
|
||||
.with('secrets', 'fernet_key0')
|
||||
.and_return('thisisfernetkey0')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:secret)
|
||||
.with('keystone', 'fernet_key1')
|
||||
.with('secrets', 'fernet_key1')
|
||||
.and_return('thisisfernetkey1')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:rabbit_transport_url)
|
||||
.with('identity')
|
||||
|
|
Loading…
Reference in New Issue