Allow foswiki_configure values to come from Chef Vault

a8f66abe · André Kerkhoff · af28448c · a8f66abe · a8f66abe · a8f66abe
Commit a8f66abe authored Aug 26, 2020 by André Kerkhoff
--- a/README.md
+++ b/README.md
@@ -24,7 +24,7 @@ end

 ## Configuration

-The default wiki installation can be configured with attributes under `['foswiki']['config']`. For example `['foswiki']['config']['DataDir']` or `['foswiki']['config']['ScriptUrlPath']`. Values for xDir attributes can contain the substring "{install}" which will be replaced with `['foswiki']['install_dir']`. Also there is a `foswiki_configure` resource.
+The default wiki installation can be configured with attributes under `['foswiki']['config']`. For example `['foswiki']['config']['DataDir']` or `['foswiki']['config']['ScriptUrlPath']`. Values for xDir attributes can contain the substring "{install}" which will be replaced with `['foswiki']['install_dir']`. Also there is a `foswiki_configure` resource. Values can be retrieved from Chef Vault. Just use the the format `{vault:#{vault}:#{item}:#{value}}` in values.

 ```ruby
 foswiki_configure "{Path}{To}{Parameter}" do

--- a/libraries/config.rb
+++ b/libraries/config.rb
@@ -50,6 +50,7 @@ module Foswiki
          key = "{#{key}}" unless key =~ /^{.*}$/
          value = 0 if value == false
          value = 1 if value == true
+          value = Foswiki::Helper.foswiki_secret(value)
          flattened["#{prefix}#{key}"] = value
        end
      end

--- a/libraries/helper.rb
+++ b/libraries/helper.rb
@@ -26,6 +26,19 @@ module Foswiki
      "#{conf['DefaultUrlHost']}#{conf['PubUrlPath']}#{suffix}"
    end

+    # Retrieve values from Chef Vault
+    def foswiki_secret(str)
+      return str unless str.is_a? String
+      return str unless str =~ /{vault:[^:]+:[^:]+:[^:]+}/
+
+      require 'chef-vault'
+      str.sub(/{vault:[^:]+:[^:]+:[^:]+}/) do |secret|
+        values = secret[1..-2].split(':')
+        vault = ChefVault::Item.load(values[1], values[2])
+        vault.nil? ? nil : vault[values[3]]
+      end
+    end
+
    # Return the canonical URL to view topics
    def foswiki_view_url(suffix = '', conf = nil)
      conf ||= node['foswiki']['config']

--- a/metadata.rb
+++ b/metadata.rb
@@ -3,7 +3,7 @@ maintainer       'HPC'
 maintainer_email 'hpc@gsi.de'
 license          'All rights reserved'
 description      'Installs/Configures Foswiki'
-version          '2.0.3'
+version          '2.0.4'
 depends          'apache2', '< 6.0'
 supports         'debian'
 supports         'ubuntu'
--- a/recipes/_cache.rb
+++ b/recipes/_cache.rb
@@ -20,9 +20,9 @@ when 'Foswiki::PageCache::DBI::MySQL'
  if hostname.eql?('localhost') || hostname.eql?('127.0.0.1')
    package 'default-mysql-server'

-    username = node['foswiki']['config']['Cache']['DBI']['MySQL']['Username']
-    password = node['foswiki']['config']['Cache']['DBI']['MySQL']['Password']
-    database = node['foswiki']['config']['Cache']['DBI']['MySQL']['Database']
+    username = foswiki_secret(node['foswiki']['config']['Cache']['DBI']['MySQL']['Username'])
+    password = foswiki_secret(node['foswiki']['config']['Cache']['DBI']['MySQL']['Password'])
+    database = foswiki_secret(node['foswiki']['config']['Cache']['DBI']['MySQL']['Database'])

    password.gsub!('$', '\\$')
    password.gsub!('`', '\\`')