use variable fernet-key data bag

instead of hard coded vault name the attribute
['openstack']['secret']['secrets_data_bag'] is used.

Change-Id: I286fbfe89395544d1f8d0139acca0d689e4737fa
Closes-Bug: #1714523
This commit is contained in:
Stefan Hoffmann 2017-09-06 10:59:38 +02:00
parent 275c12c3a6
commit 79e57bd799
2 changed files with 4 additions and 3 deletions

View File

@ -33,7 +33,8 @@ directory key_repository do
end
node['openstack']['identity']['fernet']['keys'].each do |key_index|
key = secret('keystone', "fernet_key#{key_index}")
key = secret(node['openstack']['secret']['secrets_data_bag'],
"fernet_key#{key_index}")
file File.join(key_repository, key_index.to_s) do
content key
owner node['openstack']['identity']['user']

View File

@ -65,10 +65,10 @@ shared_context 'identity_stubs' do
.with('user', 'admin')
.and_return('admin')
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('keystone', 'fernet_key0')
.with('secrets', 'fernet_key0')
.and_return('thisisfernetkey0')
allow_any_instance_of(Chef::Recipe).to receive(:secret)
.with('keystone', 'fernet_key1')
.with('secrets', 'fernet_key1')
.and_return('thisisfernetkey1')
allow_any_instance_of(Chef::Recipe).to receive(:rabbit_transport_url)
.with('identity')