From afbbf2eca6acd4fafcd3410b7466324faf5f2a84 Mon Sep 17 00:00:00 2001
From: Monty Taylor <mordred@inaugust.com>
Date: Wed, 12 Jul 2017 07:12:10 -0500
Subject: [PATCH] Add support for a parallel set of secrets for connections

github and mysql connections both contain secret data that is not
appropriate for public hiera. Create a second list of data that can go
into private hiera. If it's found, it will be added to the connection
config.

Change-Id: I265b445cfbf4b6d4555621e3663e71e9a0f85813
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
---
 manifests/init.pp         | 1 +
 templates/zuulv3.conf.erb | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/manifests/init.pp b/manifests/init.pp
index 99a63b1..d70f819 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -67,6 +67,7 @@ class zuul (
   $sites = [],
   $nodes = [],
   $connections = [],
+  $connection_secrets = [],
   $trusted_ro_dirs = [],
   $trusted_rw_dirs = [],
   $untrusted_ro_dirs = [],
diff --git a/templates/zuulv3.conf.erb b/templates/zuulv3.conf.erb
index 0fc861e..626a7df 100644
--- a/templates/zuulv3.conf.erb
+++ b/templates/zuulv3.conf.erb
@@ -70,5 +70,14 @@ listen_port=<%= @web_listen_port %>
 <% connection.each do |key,value| -%>
 <%= key %>=<%= value %>
 <% end -%>
+<% @connection_secrets.each do |connection_secret| -%>
+<% if connection_secret['name'] == connection['name'] -%>
+<% connection_secret.each do |key,value| -%>
+<% if key != 'name' -%>
+<%= key %>=<%= value %>
+<% end -%>
+<% end -%>
+<% end -%>
+<% end -%>
 
 <% end -%>