From 1a7152c2d9f15445bc4f808f0193afd86691fa3a Mon Sep 17 00:00:00 2001
From: lqslan <lqslan@cn.ibm.com>
Date: Wed, 25 Mar 2015 11:04:37 +0800
Subject: [PATCH] Raise an error when san private key is missing

Currently, if san private key is missing, cookbook will create an
empty one which cause cinder can't work properly.

This patch will check whether san private key is exist or not, if
not, raise an error to remind user to provide one.

Change-Id: Ia1e0a60dec9ef463a908756fffa5f5274ebc0fb7
---
 README.md             |  1 +
 attributes/default.rb |  3 +++
 recipes/volume.rb     | 14 ++++++++++----
 spec/volume_spec.rb   | 11 ++++++-----
 4 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 8f543be..a1a295b 100644
--- a/README.md
+++ b/README.md
@@ -147,6 +147,7 @@ Cinder attributes
 * `openstack['block-storage']['san']['san_ip'] - IP address of SAN controller
 * `openstack['block-storage']['san']['san_login'] - Username for SAN controller
 * `openstack['block-storage']['san']['san_private_key'] - Filename of private key to use for SSH authentication
+* `openstack['block-storage']['san']['san_private_key_url'] - Source url of private key to use for SSH authentication
 * `openstack['block-storage']['storwize']['storwize_svc_volpool_name'] - Storage system storage pool for volumes
 * `openstack['block-storage']['storwize']['storwize_svc_vol_rsize'] - Storage system space-efficiency parameter for volumes
 * `openstack['block-storage']['storwize']['storwize_svc_vol_warning'] - Storage system threshold for volume capacity warnings
diff --git a/attributes/default.rb b/attributes/default.rb
index e59163b..7fa11e1 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -135,6 +135,8 @@ default['openstack']['block-storage']['service_role'] = 'admin'
 default['openstack']['block-storage']['san']['san_ip'] = '127.0.0.1'
 default['openstack']['block-storage']['san']['san_login'] = 'admin'
 default['openstack']['block-storage']['san']['san_private_key'] = '/v7000_rsa'
+# The location(URL) of the san_private_key. This value may also specify HTTP(http://), FTP("ftp://"), or local(file://), if the san private key is in the local, you should also specify this attribute using(file://)
+default['openstack']['block-storage']['san']['san_private_key_url'] = nil
 
 # NFS support
 default['openstack']['block-storage']['nfs']['nas_ip'] = '127.0.0.1'
@@ -166,6 +168,7 @@ default['openstack']['block-storage']['storwize']['san_ip'] = node['openstack'][
 default['openstack']['block-storage']['storwize']['san_login'] = node['openstack']['block-storage']['san']['san_login']
 # If the key is set to nil, the san_login and san_password will be used.
 default['openstack']['block-storage']['storwize']['san_private_key'] = node['openstack']['block-storage']['san']['san_private_key']
+default['openstack']['block-storage']['storwize']['san_private_key_url'] = node['openstack']['block-storage']['san']['san_private_key_url']
 default['openstack']['block-storage']['storwize']['storwize_svc_volpool_name'] = 'volpool'
 default['openstack']['block-storage']['storwize']['storwize_svc_vol_rsize'] = 2
 default['openstack']['block-storage']['storwize']['storwize_svc_vol_warning'] = 0
diff --git a/recipes/volume.rb b/recipes/volume.rb
index 46b9e0d..d99d4e9 100644
--- a/recipes/volume.rb
+++ b/recipes/volume.rb
@@ -106,10 +106,16 @@ when 'cinder.volume.drivers.netapp.nfs.NetAppDirect7modeNfsDriver'
   end
 
 when 'cinder.volume.drivers.ibm.storwize_svc.StorwizeSVCDriver'
-  file node['openstack']['block-storage']['san']['san_private_key'] do
-    mode '0400'
-    owner node['openstack']['block-storage']['user']
-    group node['openstack']['block-storage']['group']
+  san_private_key = node['openstack']['block-storage']['storwize']['san_private_key']
+  san_private_key_url = node['openstack']['block-storage']['storwize']['san_private_key_url']
+
+  if san_private_key && san_private_key_url
+    remote_file san_private_key do
+      source san_private_key_url
+      mode '0400'
+      owner node['openstack']['block-storage']['user']
+      group node['openstack']['block-storage']['group']
+    end
   end
 
   platform_options['cinder_svc_packages'].each do |pkg|
diff --git a/spec/volume_spec.rb b/spec/volume_spec.rb
index 1fc98f9..28d6c3c 100644
--- a/spec/volume_spec.rb
+++ b/spec/volume_spec.rb
@@ -165,12 +165,13 @@ describe 'openstack-block-storage::volume' do
         node.set['openstack']['block-storage']['volume']['driver'] = 'cinder.volume.drivers.ibm.storwize_svc.StorwizeSVCDriver'
       end
 
-      it 'configures storewize private key' do
-        san_key = chef_run.file chef_run.node['openstack']['block-storage']['san']['san_private_key']
-        expect(san_key.mode).to eq('0400')
-        expect(chef_run).to create_file('/v7000_rsa').with(
+      it 'download san private key if needed' do
+        node.set['openstack']['block-storage']['storwize']['san_private_key_url'] = 'http://server/key'
+        expect(chef_run).to create_remote_file('/v7000_rsa').with(
+          source: 'http://server/key',
           user: 'cinder',
-          group: 'cinder'
+          group: 'cinder',
+          mode: '0400'
         )
       end