support storing configuration of uchiwa settings inside data bag

.gitattributes

@@ -0,0 +1,15 @@
+# Set the default behavior, in case people don't have core.autocrlf set.
+* text=auto
+
+# Explicitly declare text files you want to always be normalized and converted
+# to native line endings on checkout.
+#*.c text
+#*.h text
+encrypted_data_bag_secret text eol=lf
+
+# Declare files that will always have CRLF line endings on checkout.
+#*.sln text eol=crlf
+
+# Denote all files that are truly binary and should not be modified.
+#*.png binary
+#*.jpg binary

.kitchen.yml

@@ -4,6 +4,8 @@ driver:
 
 provisioner:
   name: chef_zero
+  encrypted_data_bag_secret_key_path: test/fixtures/encrypted_data_bag_secret
+  data_bags_path: test/fixtures/data_bags
   attributes:
     uchiwa:
       api: [

attributes/default.rb

@@ -32,3 +32,7 @@
     'timeout' => 5
   }
 ]
+
+# data bag
+default['uchiwa']['data_bag']['name'] = 'uchiwa'
+default['uchiwa']['data_bag']['config_item'] = 'config'

libraries/uchiwa_helpers.rb

@@ -0,0 +1,15 @@
+module Uchiwa
+  module Helpers
+
+    def self.data_bag_item(data_bag_name, data_bag_item, missing_ok=false)
+
+      Chef::EncryptedDataBagItem.load(data_bag_name, data_bag_item).to_hash.delete_if { |key, value| key == 'id' }
+
+    rescue Chef::Exceptions::ValidationFailed,
+        Chef::Exceptions::InvalidDataBagPath,
+        Net::HTTPServerException => error
+      missing_ok ? nil : raise(error)
+    end
+
+  end
+end

recipes/default.rb

@@ -23,7 +23,29 @@
 node['uchiwa']['settings'].each do |k, v|
   settings[k] = v
 end
-config = { 'uchiwa' => settings, 'sensu' => node['uchiwa']['api'] }
+
+api_settings = node['uchiwa']['api']
+
+# Retrieve the data bag config
+data_bag_name = node['uchiwa']['data_bag']['name']
+config_item = node['uchiwa']['data_bag']['config_item']
+
+uchiwa_config = Uchiwa::Helpers.data_bag_item(data_bag_name, config_item, true)
+
+if uchiwa_config
+  # If any data bag settings exists, merge them with the node attribute settings
+  if uchiwa_config['settings']
+    merged_settings = Chef::Mixin::DeepMerge.merge(uchiwa_config['settings'], settings.to_hash)
+    settings = merged_settings
+  end
+
+  # If the data bag is used for api settings, override the node attributes
+  if uchiwa_config['api']
+    api_settings = uchiwa_config['api']
+  end
+end
+
+config = {'uchiwa' => settings, 'sensu' => api_settings}
 
 template "#{node['uchiwa']['sensu_homedir']}/uchiwa.json" do
   user node['uchiwa']['owner']

test/fixtures/ReadMe.md

@@ -0,0 +1,5 @@
+Randomly generated encryption key.
+Created with the following command
+openssl rand -base64 512 -out test/fixtures/encrypted_data_bag_secret
+
+Purpose: Use encrypted data bags in kitchen tests

test/fixtures/data_bags/uchiwa/config.json

@@ -0,0 +1,15 @@
+{
+  "settings": {
+    "encrypted_data": "X38NtwomNjMc0TZ69e9F3liakDtQcoQa1G9ckgG4YOkyAnPlh1KKUTSmL82i\nmgVuhodC5CkqpL9YJLQdP27cVZCtrCFQPE5FArnNvykZ7/zbdHmivu9UVHUb\nuwX5awAweVRL86trjgf2mS+zgJyZpR/h4vTcupYk6Uu8HhGxRDM=\n",
+    "iv": "5Ls8fW9duziCa4nRbsBLgw==\n",
+    "version": 1,
+    "cipher": "aes-256-cbc"
+  },
+  "api": {
+    "encrypted_data": "WK9Qw2QWiUzf9mfWIRB9hDp9Mxx/dvpUqqvrF65tNyQMp7djdIAgM7ugDYv4\n5WWfNp1wYWLRXqM61sicV5/yEiHSaT+J/pvH0uD6+yQtR/PpAChoLYzabxSu\n5WrGZP1RhPjIvOH+5oYTMZMOCgXuWIpQywhbaL1Qo/Gx9VH3L06p7x3NWD7B\nxZ4yLjFzPWf2A1abgO5X39s8lv39vZhpWIt6PNiDuIYZxmyRsr+KsLwizCDv\n3rCsgm+O3z4n3oZ8AT3RY3s7WGsisu32Ab8MtA==\n",
+    "iv": "vvy3UhWFpV4VgwLMHAwDOA==\n",
+    "version": 1,
+    "cipher": "aes-256-cbc"
+  },
+  "id": "config"
+}

test/fixtures/encrypted_data_bag_secret

@@ -0,0 +1,11 @@
+VwD9kqvyXtFeuGwP+SQ5+k5DdUyGl4+pdfhgkstbtJF9yNAW1YW18h1XZQ7Yz2Lw
+7K+9gAGwXGJFnjrssgOU2RbACyrYHp5cM2t33vegj3IqBems1nrVyL10q4t4qwY3
+IjSgIliR2Qc7gt5rZ/YzMRf8ydXvB/Qx6Ks4DQNVa56o6sjeauI9voVYAKXbZLpG
+tyyDd08Qezy4yoX9XONWK8OQPzmgKTtDCGOBnpmH8C+vLp8CjsKDMey6k0Om+4a/
+W4d2G4jiAI6fn5l/7TuNwylOBVUzrOdhthlVyDCvvKkms63Bki7pPLFNklZ7YFdd
+wC++DZ/v+n/3JOC+/RuS1oOXOI/26/bzo9aQZAy+pJkKT2/Z2eoWzH8BLWNS3E3s
+T0snaZISMJZmC6s3vkTVJLiIWzQFqyrozRxhrpZ6mKGBicNuq0QuKasTKmFjaWf7
+PROnR6QuYILvHhL37JEtcXSeYPPgKiVlLhc21Dqs2uHv0i4H+I7XuBAIOD7vzlxy
+06u2LqDZzq281mkZP+vIKTs57L8M/0kF6P0HsOyTa0SM9t52h2hrROATe6anjL4i
+9jLIsPPRvlTBab40w7gPKJvygLO+XPDJmC+9OPcC4QwypZ+DCimkNhOYJVTPKnCr
+aKjWfmxEgPD6LWvVgGpfStG5MMVRgVkXMmCF/B+LfaI=

test/fixtures/unencrypted.json

@@ -0,0 +1,30 @@
+{
+  "settings": {
+    "users": [
+      {
+        "username": "kitchen_user",
+        "password": "kitchen_password",
+        "role": {
+          "readonly": false
+        }
+      }
+    ]
+  },
+  "api": [
+    {
+      "name": "sensu_kitchen1",
+      "host": "api1.example.com",
+      "port": 4567,
+      "ssl": false,
+      "timeout": 5000
+    },
+    {
+      "name": "sensu_kitchen2",
+      "host": "api2.example.com",
+      "port": 4567,
+      "ssl": false,
+      "timeout": 5000
+    }
+  ],
+  "id": "config"
+}

test/integration/helpers/serverspec/spec_helper.rb

@@ -29,4 +29,14 @@
     expect(file '/etc/sensu/uchiwa.json').to be_owned_by 'uchiwa'
     expect(file '/etc/sensu/uchiwa.json').to be_grouped_into 'uchiwa'
   end
+  # Make sure we wrote the config files to disk
+  describe file('/etc/sensu/uchiwa.json') do
+    its(:content) { should contain 'name' }
+    its(:content) { should contain 'host' }
+    its(:content) { should contain 'port' }
+    its(:content) { should contain 'ssl' }
+    its(:content) { should contain 'timeout' }
+  end
+
+
 end