From 354161295fefae519f19935b67183b4701797c6b Mon Sep 17 00:00:00 2001
From: Paul Belanger <pabelanger@redhat.com>
Date: Mon, 5 Sep 2016 13:24:20 -0400
Subject: [PATCH] Stop templating secure.conf options

Simplify things by only passing the secure.conf file, not a
template.

If users need more dynamic options, they are free to template the file
first then use us to copy the file in place.

Also tests file mode for nodepool.yaml

Change-Id: I4d2eba3292b2657ef9a607497056fa94cdd1bec8
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
---
 defaults/main.yaml                                | 12 ++++++------
 .../etc/nodepool/secure.conf                      |  4 +---
 tasks/config.yaml                                 | 15 +++++++++------
 tests/test.yaml                                   | 15 +++++++++++++++
 4 files changed, 31 insertions(+), 15 deletions(-)
 rename templates/etc/nodepool/secure.conf.j2 => files/etc/nodepool/secure.conf (56%)

diff --git a/defaults/main.yaml b/defaults/main.yaml
index 248c5da..692ccec 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -30,25 +30,25 @@ nodepool_file_nodepool_yaml_mode: 0644
 nodepool_file_nodepool_yaml_owner: "{{ nodepool_user_name }}"
 nodepool_file_nodepool_yaml_src: etc/nodepool/nodepool.yaml
 
+nodepool_file_secure_conf_dest: /etc/nodepool/secure.conf
+nodepool_file_secure_conf_group: "{{ nodepool_user_group }}"
+nodepool_file_secure_conf_mode: 0600
+nodepool_file_secure_conf_owner: "{{ nodepool_user_name }}"
+nodepool_file_secure_conf_src: etc/nodepool/secure.conf
+
 nodepool_elements_dir: ""
 nodepool_elements_dir_dest: /etc/nodepool/elements
 
 nodepool_scripts_dir: ""
 nodepool_scripts_dir_dest: /etc/nodepool/scripts
 
-nodepool_config_database_dburi: "sqlite:///{{ nodepool_user_home }}/nodepool.db"
 nodepool_config_elements_dir: "{{ nodepool_elements_dir_dest }}"
 nodepool_config_images_dir: /opt/nodepool/images
 nodepool_config_log_config: /etc/nodepool/logging.conf
-nodepool_config_secure_config: /etc/nodepool/secure.conf
 nodepool_config_scripts_dir: "{{ nodepool_scripts_dir_dest }}"
 
 nodepool_file_logging_conf: etc/nodepool/logging.conf
 
-nodepool_template_secure_conf_contents: ""
-nodepool_template_secure_conf_dest: /etc/nodepool/secure.conf
-nodepool_template_secure_conf_src: etc/nodepool/secure.conf.j2
-
 # tasks/install.yaml
 nodepool_git_dest: /opt/ansible-role-nodepool/git/openstack-infra/nodepool
 nodepool_git_uri: https://git.openstack.org/openstack-infra/nodepool
diff --git a/templates/etc/nodepool/secure.conf.j2 b/files/etc/nodepool/secure.conf
similarity index 56%
rename from templates/etc/nodepool/secure.conf.j2
rename to files/etc/nodepool/secure.conf
index cffbcd6..1c93aef 100644
--- a/templates/etc/nodepool/secure.conf.j2
+++ b/files/etc/nodepool/secure.conf
@@ -2,6 +2,4 @@
 #  DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
 #
 [database]
-dburi = {{ nodepool_config_database_dburi }}
-
-{{ nodepool_template_secure_conf_contents }}
+dburi = sqlite:////var/lib/nodepool/nodepool.db
diff --git a/tasks/config.yaml b/tasks/config.yaml
index 4965aed..8292507 100644
--- a/tasks/config.yaml
+++ b/tasks/config.yaml
@@ -25,12 +25,6 @@
     - "{{ nodepool_user_home }}/.config/openstack"
     - /var/log/nodepool
 
-- name: Template secure configuration file.
-  become: yes
-  template:
-    dest: "{{ nodepool_template_secure_conf_dest }}"
-    src: "{{ nodepool_template_secure_conf_src }}"
-
 - name: Copy nodepool configuration.
   become: yes
   copy:
@@ -40,6 +34,15 @@
     owner: "{{nodepool_file_nodepool_yaml_owner }}"
     src: "{{ nodepool_file_nodepool_yaml_src }}"
 
+- name: Copy nodepool secure configuration.
+  become: yes
+  copy:
+    dest: "{{ nodepool_file_secure_conf_dest }}"
+    group: "{{ nodepool_file_secure_conf_group }}"
+    mode: "{{ nodepool_file_secure_conf_mode }}"
+    owner: "{{nodepool_file_secure_conf_owner }}"
+    src: "{{ nodepool_file_secure_conf_src }}"
+
 - name: Copy logging configuration file.
   become: yes
   copy:
diff --git a/tests/test.yaml b/tests/test.yaml
index 83a2813..ddb4311 100644
--- a/tests/test.yaml
+++ b/tests/test.yaml
@@ -57,6 +57,21 @@
           - nodepool_yaml_stat.stat.isreg
           - nodepool_yaml_stat.stat.pw_name == 'nodepool'
           - nodepool_yaml_stat.stat.gr_name == 'nodepool'
+          - nodepool_yaml_stat.stat.mode == '0644'
+
+    - name: Register /etc/nodepool/secure.conf
+      stat:
+        path: /etc/nodepool/secure.conf
+      register: secure_conf_stat
+
+    - name: Assert secure_conf_stat tests.
+      assert:
+        that:
+          - secure_conf_stat.stat.exists
+          - secure_conf_stat.stat.isreg
+          - secure_conf_stat.stat.pw_name == 'nodepool'
+          - secure_conf_stat.stat.gr_name == 'nodepool'
+          - secure_conf_stat.stat.mode == '0600'
 
     - name: Register nodepool_elements_dir_dest_stat.
       stat: