Get the vCenter password from databag for glance

1. Add new attribute openstack_vmware_secret_name to indicate the
databag secret key
2. Get the password from databag if dev mode is false
3. Update the test cases

Implements: blueprint vmware-password-databag

Change-Id: I72f538a16d77cba9c1be9f32e0b37d1ee68e3bbc

CHANGELOG.md

@@ -1,6 +1,10 @@
 # CHANGELOG for cookbook-openstack-image
 
 This file is used to list changes made in each version of cookbook-openstack-image.
+## 9.1.0
+### Blue print
+* Get VMware vCenter password from databag
+
 ## 9.0.3
 * Fix package reference, need keystone client not keystone
 

README.md

@@ -133,6 +133,18 @@ Attributes for the Image service are in the ['openstack']['image'] namespace.
 TODO: Add DB2 support on other platforms
 * `openstack['image']['platform']['db2_python_packages']` - Array of DB2 python packages, only available on redhat platform
 
+VMWare attributes
+-----------------
+
+* `openstack['image']['api']['vmware']['secret_name']` - VMware databag secret name
+* `openstack['image']['api']['vmware']['vmware_server_host']` - ESX/ESXi or vCenter Server target system. e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com
+* `openstack['image']['api']['vmware']['vmware_server_username']` - Server username (string value)
+* `openstack['image']['api']['vmware']['vmware_datacenter_path']` - Inventory path to a datacenter (string value)
+* `openstack['image']['api']['vmware']['vmware_datastore_name']` - Datastore associated with the datacenter (string value)
+* `openstack['image']['api']['vmware']['vmware_api_retry_count']` - The number of times we retry on failures (integer value)
+* `openstack['image']['api']['vmware']['vmware_task_poll_interval']` - The interval used for polling remote tasks invoked on VMware ESX/VC server in seconds (integer value)
+* `openstack['image']['api']['vmware']['vmware_store_image_dir']` - Absolute path of the folder containing the images in the datastore (string value)
+* `openstack['image']['api']['vmware']['vmware_api_insecure']` - Allow to perform insecure SSL requests to the target system (boolean value)
 
 MQ attributes
 -------------
@@ -198,6 +210,7 @@ Author:: Mark Vanderwiel (<vanderwl@us.ibm.com>)
 Author:: Salman Baset (<sabaset@us.ibm.com>)
 Author:: Chen Zhiwei (zhiwchen@cn.ibm.com)
 Author:: Eric Zhou (zyouzhou@cn.ibm.com)
+Author:: Jian Hua Geng (gengjh@cn.ibm.com)
 
 Copyright 2012, Rackspace US, Inc.
 Copyright 2012-2013, Opscode, Inc.

attributes/default.rb

@@ -109,9 +109,9 @@ default['openstack']['image']['syslog']['facility'] = 'LOG_LOCAL2'
 default['openstack']['image']['syslog']['config_facility'] = 'local2'
 
 # vmware attributes
+default['openstack']['image']['api']['vmware']['secret_name'] = 'openstack_vmware_secret_name'
 default['openstack']['image']['api']['vmware']['vmware_server_host'] = ''
 default['openstack']['image']['api']['vmware']['vmware_server_username'] = ''
-default['openstack']['image']['api']['vmware']['vmware_server_password'] = ''
 default['openstack']['image']['api']['vmware']['vmware_datacenter_path'] = ''
 default['openstack']['image']['api']['vmware']['vmware_datastore_name'] = ''
 default['openstack']['image']['api']['vmware']['vmware_api_retry_count'] = 10

metadata.rb

@@ -3,7 +3,7 @@ maintainer        'Opscode, Inc.'
 license           'Apache 2.0'
 description       'Installs and configures the Glance Image Registry and Delivery Service'
 long_description  IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version           '9.0.3'
+version           '9.1.0'
 recipe            'openstack-image::api', 'Installs packages required for a glance api server'
 recipe            'openstack-image::client', 'Install packages required for glance client'
 recipe            'openstack-image::registry', 'Installs packages required for a glance registry server'

recipes/api.rb

@@ -159,6 +159,8 @@ elsif glance['api']['caching']
   glance_flavor += '+caching'
 end
 
+vmware_server_password = get_secret node['openstack']['image']['api']['vmware']['secret_name']
+
 template '/etc/glance/glance-api.conf' do
   source 'glance-api.conf.erb'
   owner node['openstack']['image']['user']
@@ -181,7 +183,8 @@ template '/etc/glance/glance-api.conf' do
     swift_store_auth_version: swift_store_auth_version,
     notification_driver: node['openstack']['image']['notification_driver'],
     mq_service_type: mq_service_type,
-    mq_password: mq_password
+    mq_password: mq_password,
+    vmware_server_password: vmware_server_password
   )
 
   notifies :restart, 'service[glance-api]', :immediately
@@ -203,7 +206,8 @@ template '/etc/glance/glance-cache.conf' do
   mode   00644
   variables(
     registry_ip_address: registry_endpoint.host,
-    registry_port: registry_endpoint.port
+    registry_port: registry_endpoint.port,
+    vmware_server_password: vmware_server_password
   )
 
   notifies :restart, 'service[glance-api]', :immediately

spec/api_spec.rb

@@ -221,7 +221,7 @@ describe 'openstack-image::api' do
         [
           /^vmware_server_host = $/,
           /^vmware_server_username = $/,
-          /^vmware_server_password = $/,
+          /^vmware_server_password = vmware_secret_name$/,
           /^vmware_datacenter_path = $/,
           /^vmware_datastore_name = $/,
           /^vmware_api_retry_count = 10/,
@@ -395,7 +395,7 @@ describe 'openstack-image::api' do
         [
           'vmware_server_host = ',
           'vmware_server_username = ',
-          'vmware_server_password = ',
+          'vmware_server_password = vmware_secret_name',
           'vmware_datacenter_path = ',
           'vmware_datastore_name = ',
           'vmware_api_retry_count = 10',

spec/spec_helper.rb

@@ -33,6 +33,9 @@ shared_context 'image-stubs' do
     Chef::Recipe.any_instance.stub(:get_secret)
       .with('openstack_identity_bootstrap_token')
       .and_return('bootstrap-token')
+    Chef::Recipe.any_instance.stub(:get_secret)
+      .with('openstack_vmware_secret_name')
+      .and_return 'vmware_secret_name'
 
     Chef::Recipe.any_instance.stub(:get_password)
     .with('db', anything)

templates/default/glance-api.conf.erb

@@ -257,7 +257,7 @@ vmware_server_host = <%= node['openstack']['image']['api']['vmware']['vmware_ser
 vmware_server_username = <%= node['openstack']['image']['api']['vmware']['vmware_server_username'] %>
 
 # Server password (string value)
-vmware_server_password = <%= node['openstack']['image']['api']['vmware']['vmware_server_password'] %>
+vmware_server_password = <%= @vmware_server_password %>
 
 # Inventory path to a datacenter (string value)
 # Value optional when vmware_server_ip is an ESX/ESXi host: if specified

templates/default/glance-cache.conf.erb

@@ -62,7 +62,7 @@ vmware_server_host = <%= node['openstack']['image']['api']['vmware']['vmware_ser
 vmware_server_username = <%= node['openstack']['image']['api']['vmware']['vmware_server_username'] %>
 
 # Server password (string value)
-vmware_server_password = <%= node['openstack']['image']['api']['vmware']['vmware_server_password'] %>
+vmware_server_password = <%= @vmware_server_password %>
 
 # Inventory path to a datacenter (string value)
 # Value optional when vmware_server_ip is an ESX/ESXi host: if specified