From 458012e39b65cc4e0d9351bce4538fe301eb8cbe Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Wed, 13 Apr 2016 16:07:56 -0400
Subject: [PATCH] ceph: add ceph_secret option

ceph_secret option has been added to Gnocchi Ceph backend, so we don't
need the keyring file anymore, we can directly set the password.

Change-Id: Iac761fc799292db4adb4a1fd4c12001f9775789f
---
 manifests/storage/ceph.pp                     | 15 ++++++++++--
 .../notes/ceph_secret-8e8fbccd416b0883.yaml   |  5 ++++
 spec/classes/gnocchi_storage_ceph_spec.rb     | 23 +++++++++++++++++++
 3 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 releasenotes/notes/ceph_secret-8e8fbccd416b0883.yaml

diff --git a/manifests/storage/ceph.pp b/manifests/storage/ceph.pp
index d41646de..8d6848d0 100644
--- a/manifests/storage/ceph.pp
+++ b/manifests/storage/ceph.pp
@@ -29,7 +29,12 @@
 #   (required) Ceph username to use.
 #
 # [*ceph_keyring*]
-#   (required) Ceph keyring path.
+#   (optional) Ceph keyring path.
+#   Defaults to $::os_service_default
+#
+# [*ceph_secret*]
+#   (optional) Ceph secret.
+#   Defaults to $::os_service_default
 #
 # [*ceph_conffile*]
 #   (optional) Ceph configuration file.
@@ -37,15 +42,21 @@
 #
 class gnocchi::storage::ceph(
   $ceph_username,
-  $ceph_keyring,
+  $ceph_keyring  = $::os_service_default,
+  $ceph_secret   = $::os_service_default,
   $ceph_pool     = 'gnocchi',
   $ceph_conffile = '/etc/ceph/ceph.conf',
 ) {
 
+  if (is_service_default($ceph_keyring) and is_service_default($ceph_secret)) or (! $ceph_keyring and ! $ceph_secret) {
+    fail('You need to specify either gnocchi::storage::ceph::ceph_keyring or gnocchi::storage::ceph::ceph_secret.')
+  }
+
   gnocchi_config {
     'storage/driver':        value => 'ceph';
     'storage/ceph_username': value => $ceph_username;
     'storage/ceph_keyring':  value => $ceph_keyring;
+    'storage/ceph_secret':   value => $ceph_secret;
     'storage/ceph_pool':     value => $ceph_pool;
     'storage/ceph_conffile': value => $ceph_conffile;
   }
diff --git a/releasenotes/notes/ceph_secret-8e8fbccd416b0883.yaml b/releasenotes/notes/ceph_secret-8e8fbccd416b0883.yaml
new file mode 100644
index 00000000..ee82dd34
--- /dev/null
+++ b/releasenotes/notes/ceph_secret-8e8fbccd416b0883.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - Allow to configure ceph_secret parameter.
+    This change makes ceph_keyring not required anymore
+    but either ceph_secret or ceph_keyring have to be set.
diff --git a/spec/classes/gnocchi_storage_ceph_spec.rb b/spec/classes/gnocchi_storage_ceph_spec.rb
index d2f5a8dd..1823be93 100644
--- a/spec/classes/gnocchi_storage_ceph_spec.rb
+++ b/spec/classes/gnocchi_storage_ceph_spec.rb
@@ -23,6 +23,29 @@ describe 'gnocchi::storage::ceph' do
         is_expected.to contain_gnocchi_config('storage/ceph_conffile').with_value('/etc/ceph/ceph.conf')
       end
     end
+
+    context 'with ceph_secret parameter' do
+      before do
+        params.merge!({
+          :ceph_secret => 'secrete'})
+      end
+      it { is_expected.to contain_gnocchi_config('storage/ceph_secret').with_value('secrete') }
+    end
+
+    context 'without required parameters' do
+      before { params.delete(:ceph_keyring) }
+      it { expect { is_expected.to raise_error(Puppet::Error) } }
+    end
+
+    context 'with both required parameters set to false' do
+      before do
+        params.merge!({
+          :ceph_secret  => false,
+          :ceph_keyring => false,
+        })
+      end
+      it { expect { is_expected.to raise_error(Puppet::Error) } }
+    end
   end
 
   on_supported_os({