From 9d943b688207f21c38f528b332f0a1548df18761 Mon Sep 17 00:00:00 2001
From: Yolanda Robla <yolanda.robla-mota@hp.com>
Date: Thu, 4 Jun 2015 11:46:40 +0200
Subject: [PATCH] Add creation of secure.conf file

This will be a new file that will store all the secrets needed
by nodepool at this stage: mysql password, and jenkins masters
credentials.
Following there will be a patch in nodepool, to use that file
to retrieve mysql and jenkins settings. By this way,
nodepool.yaml can be a plain file, and not a template, and can
be created into project-config.

Change-Id: Ie9381740e3644feaee1f1b201499e3a253677f39
---
 README.md                 | 21 +++++++++++++++++++++
 manifests/init.pp         | 15 +++++++++++++++
 templates/secure.conf.erb | 12 ++++++++++++
 3 files changed, 48 insertions(+)
 create mode 100644 templates/secure.conf.erb

diff --git a/README.md b/README.md
index 4aee92a..a678c91 100644
--- a/README.md
+++ b/README.md
@@ -3,3 +3,24 @@
 ## Overview
 
 Configures Nodepool node.
+
+```puppet
+class { '::nodepool':
+  mysql_root_password      => 'xxx',
+  mysql_password           => 'xxx',
+  nodepool_ssh_private_key => 'optional_key_content',
+  environment => {
+    optional_setting_1 => 'optional_value_1',
+    optional_setting_2 => 'optional_value_2',
+  },
+  jenkins_masters     => [
+    {
+      name        => 'jenkins_name'
+      user        => 'jenkins_user',
+      apikey      => 'jenkins_pass',
+      credentials => 'jenkins_credentials_id',
+      url         => 'jenkins_url',
+    }
+  ]
+}
+```
diff --git a/manifests/init.pp b/manifests/init.pp
index eb4c387..6eac993 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -33,6 +33,7 @@ class nodepool (
   $scripts_dir = '',
   $elements_dir = '',
   $logging_conf_template = 'nodepool/nodepool.logging.conf.erb',
+  $jenkins_masters = [],
 ) {
 
 
@@ -237,6 +238,19 @@ class nodepool (
     content => template($logging_conf_template),
   }
 
+  validate_array($jenkins_masters)
+  file { '/etc/nodepool/secure.conf':
+    ensure  => present,
+    owner   => 'nodepool',
+    group   => 'root',
+    mode    => '0400',
+    content => template('nodepool/secure.conf.erb'),
+    require => [
+      File['/etc/nodepool'],
+      User['nodepool'],
+    ],
+  }
+
   file { '/etc/init.d/nodepool':
     ensure => present,
     mode   => '0555',
@@ -290,4 +304,5 @@ class nodepool (
     group  => 'root',
     mode   => '0440',
   }
+
 }
diff --git a/templates/secure.conf.erb b/templates/secure.conf.erb
new file mode 100644
index 0000000..d45e55c
--- /dev/null
+++ b/templates/secure.conf.erb
@@ -0,0 +1,12 @@
+[database]
+dburi=mysql+pymysql://nodepool:<%= @mysql_password %>@localhost/nodepool
+
+<% @jenkins_masters.each do |master| -%>
+[jenkins "<%= master['name'] -%>"]
+user=<%= master['user'] %>
+apikey=<%= master['apikey'] %>
+<% if master.has_key?('credentials') -%>
+credentials=<%= master['credentials'] %>
+<% end -%>
+url=<%= master['url'] %>
+<% end %>