From 204a5820995dd694fcd58d61fc6cf34a8955da92 Mon Sep 17 00:00:00 2001
From: Ben Nemec <bnemec@redhat.com>
Date: Tue, 16 May 2017 16:06:41 -0500
Subject: Add nested sample environments for inject-trust-anchor

Fix a bug that prevented these working.  A unit test and
documentation for the nested environment functionality is also
included.

Change-Id: I2d4aeb584eb624178d601cfd6bc0a6473cb5289f
---
 sample-env-generator/README.rst | 11 +++++++++++
 sample-env-generator/ssl.yaml   | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+)

(limited to 'sample-env-generator')

diff --git a/sample-env-generator/README.rst b/sample-env-generator/README.rst
index 55f3bacf..32e94f98 100644
--- a/sample-env-generator/README.rst
+++ b/sample-env-generator/README.rst
@@ -23,6 +23,11 @@ appropriate file in the ``sample-env-generator/`` directory.  The existing
 entries in the files can be used as examples, and a more detailed
 explanation of the different available keys is below:
 
+Top-level:
+- **environments**: This is the top-level key in the file.  All other keys
+  below should appear in a list of dictionaries that define environments.
+
+Environment-specific:
 - **name**: the output file will be this name + .yaml, in the
   ``environments`` directory.
 - **title**: a human-readable title for the environment.
@@ -52,6 +57,12 @@ explanation of the different available keys is below:
 - **resource_registry**: Many environments also need to pass
   resource_registry entries when they are used.  This can be used
   to specify that in the configuration file.
+- **children**: For environments that share a lot of common values but may
+  need minor variations for different use cases, sample environment entries
+  can be nested.  ``children`` takes a list of environments with the same
+  structure as the top-level ``environments`` key.  The main difference is
+  that all keys are optional, and any that are omitted will be inherited from
+  the parent environment definition.
 
 Some behavioral notes:
 
diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml
index 2f379f30..6963e842 100644
--- a/sample-env-generator/ssl.yaml
+++ b/sample-env-generator/ssl.yaml
@@ -22,6 +22,39 @@ environments:
             The contents of the private key go here
     resource_registry:
       OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
+  - name: ssl/inject-trust-anchor
+    title: Inject SSL Trust Anchor on Overcloud Nodes
+    description: |
+      When using an SSL certificate signed by a CA that is not in the default
+      list of CAs, this environment allows adding a custom CA certificate to
+      the overcloud nodes.
+    files:
+      puppet/extraconfig/tls/ca-inject.yaml:
+        parameters:
+          - SSLRootCertificate
+    sample_values:
+      SSLRootCertificate: |-
+        |
+            The contents of your certificate go here
+    resource_registry:
+      OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml
+    children:
+      - name: ssl/inject-trust-anchor-hiera
+        files:
+          puppet/services/ca-certs.yaml:
+            parameters:
+              - CAMap
+        # Need to clear this so we don't inherit the parent registry
+        resource_registry: {}
+        sample_values:
+          CAMap:  |-2
+
+                first-ca-name:
+                  content: |
+                    The content of the CA cert goes here
+                second-ca-name:
+                  content: |
+                    The content of the CA cert goes here
   -
     name: ssl/tls-endpoints-public-ip
     title: Deploy Public SSL Endpoints as IP Addresses
-- 
cgit 1.2.3-korg