Move hiera calls into site.pp.

Secret info should be parameters to modules. It makes for easier testing.

Change-Id: I66034387094b2a24c6fae57fec3af1dae3dd1d3a

manifests/site.pp

@@ -11,17 +11,28 @@ node default {
 #
 node "review.openstack.org" {
   include openstack_project::remove_cron
-  include openstack_project::review
+  class { 'openstack_project::review':
+    github_oauth_token => hiera('gerrit_github_token'),
+    mysql_password => hiera('gerrit_mysql_password'),
+    email_private_key => hiera('gerrit_email_private_key'),
+    gerritbot_password => hiera('gerrit_gerritbot_password'),
+  }
 }
 
 node "gerrit-dev.openstack.org", "review-dev.openstack.org" {
   include openstack_project::remove_cron
-  include openstack_project::review_dev
+  class { 'openstack_project::review_dev':
+    github_oauth_token => hiera('gerrit_dev_github_token'),
+    mysql_password => hiera('gerrit_dev_mysql_password'),
+    email_private_key => hiera('gerrit_dev_email_private_key')
+  }
 }
 
 node "jenkins.openstack.org" {
   include openstack_project::remove_cron
-  include openstack_project::jenkins
+  class { 'openstack_project::jenkins':
+    jenkins_jobs_password => hiera('jenkins_jobs_password'),
+  }
 }
 
 node "jenkins-dev.openstack.org" {
@@ -41,7 +52,9 @@ node "ci-puppetmaster.openstack.org" {
 
 node "lists.openstack.org" {
   include openstack_project::remove_cron
-  include openstack_project::lists
+  class { 'openstack_project::lists':
+    listadmins => hiera('listadmins'),
+  }
 }
 
 node "paste.openstack.org" {
@@ -56,7 +69,9 @@ node "planet.openstack.org" {
 
 node "eavesdrop.openstack.org" {
   include openstack_project::remove_cron
-  include openstack_project::eavesdrop
+  class { 'openstack_project::eavesdrop':
+    nickpass => hiera('openstack_meetbot_password'),
+  }
 }
 
 node "pypi.openstack.org" {
@@ -66,7 +81,11 @@ node "pypi.openstack.org" {
 
 node 'etherpad.openstack.org' {
   include openstack_project::remove_cron
-  include openstack_project::etherpad
+  class { 'openstack_project::etherpad':
+    etherpad_crt => hiera('etherpad_crt'),
+    etherpad_key => hiera('etherpad_key'),
+    database_password => hiera('etherpad_db_password'),
+  }
 }
 
 node 'wiki.openstack.org' {

modules/openstack_project/manifests/eavesdrop.pp

@@ -1,4 +1,4 @@
-class openstack_project::eavesdrop {
+class openstack_project::eavesdrop($nickpass) {
   class { 'openstack_project::server':
 
     iptables_public_tcp_ports => [80]
@@ -7,7 +7,7 @@ class openstack_project::eavesdrop {
 
   meetbot::site { "openstack":
     nick => "openstack",
-    nickpass => hiera('openstack_meetbot_password'),
+    nickpass => $nickpass,
     network => "FreeNode",
     server => "chat.us.freenode.net:7000",
     channels => "#openstack #openstack-dev #openstack-meeting",

modules/openstack_project/manifests/etherpad.pp

@@ -1,18 +1,21 @@
-class openstack_project::etherpad {
+class openstack_project::etherpad(
+  $etherpad_crt,
+  $etherpad_key,
+  $database_password) {
   class { 'openstack_project::server':
     iptables_public_tcp_ports => [22, 80, 443]
   }
 
   include etherpad_lite
   class { 'etherpad_lite::nginx':
-    etherpad_crt => hiera('etherpad_crt'),
-    etherpad_key => hiera('etherpad_key')
+    etherpad_crt => $etherpad_crt,
+    etherpad_key => $etherpad_key,
   }
   class { 'etherpad_lite::site':
-    database_password => hiera('etherpad_db_password'),
+    database_password => $database_password,
   }
   class { 'etherpad_lite::mysql':
-    database_password => hiera('etherpad_db_password'),
+    database_password => $database_password,
   }
   include etherpad_lite::backup
 }

modules/openstack_project/manifests/jenkins.pp

@@ -1,4 +1,4 @@
-class openstack_project::jenkins {
+class openstack_project::jenkins($jenkins_jobs_password) {
   include openstack_project::zuul_config
 
   class { 'openstack_project::server':
@@ -15,7 +15,7 @@ class openstack_project::jenkins {
   class { "jenkins_jobs":
     url => "https://jenkins.openstack.org/",
     username => "gerrig",
-    password => hiera('jenkins_jobs_password'),
+    password => $jenkins_jobs_password,
     site => "openstack",
   }
   file { "/etc/default/jenkins":

modules/openstack_project/manifests/lists.pp

@@ -1,4 +1,4 @@
-class openstack_project::lists {
+class openstack_project::lists($listadmins) {
   # Using openstack_project::template instead of openstack_project::server
   # because the exim config on this machine is almost certainly
   # going to be more complicated than normal.
@@ -7,7 +7,7 @@ class openstack_project::lists {
   }
 
   class { 'exim':
-    sysadmin => hiera('listadmins'),
+    sysadmin => $listadmins,
     mailman_domains => ['lists.openstack.org'],
   }
 

modules/openstack_project/manifests/review.pp

@@ -24,7 +24,11 @@
 # 12:08 <@spearce> to a method that accepts milliseconds
 # 12:09 <@spearce> so. you get 5 milliseconds before aborting
 # thus, set it to 5000minutes until the bug is fixed.
-class openstack_project::review {
+class openstack_project::review(
+  $github_auth_token,
+  $mysql_password,
+  $email_private_key,
+  $gerritbot_password) {
   include openstack_project
   class { 'openstack_project::gerrit':
     ssl_cert_file => '/etc/ssl/certs/review.openstack.org.pem',
@@ -43,13 +47,13 @@ class openstack_project::review {
     script_key_file => '/home/gerrit2/.ssh/launchpadsync_rsa',
     github_projects => $openstack_project::project_list,
     github_username => 'openstack-gerrit',
-    github_oauth_token => hiera('gerrit_github_token'),
-    mysql_password => hiera('gerrit_mysql_password'),
-    email_private_key => hiera('gerrit_email_private_key'),
+    github_oauth_token => $github_oauth_token,
+    mysql_password => $mysql_password,
+    email_private_key => $email_private_key,
   }
   class { 'gerritbot':
     nick => 'openstackgerrit',
-    password => hiera('gerrit_gerritbot_password'),
+    password => $gerritbot_password,
     server => 'irc.freenode.net',
     user => 'gerritbot',
     virtual_hostname => $fqdn

modules/openstack_project/manifests/review_dev.pp

@@ -1,4 +1,7 @@
-class openstack_project::review_dev {
+class openstack_project::review_dev(
+  $github_auth_token,
+  $mysql_password,
+  $email_private_key) {
   class { 'openstack_project::gerrit':
     virtual_hostname => 'review-dev.openstack.org',
     canonicalweburl => "https://review-dev.openstack.org/",
@@ -14,8 +17,8 @@ class openstack_project::review_dev {
                          close_pull => 'true'
                          } ],
     github_username => 'openstack-gerrit-dev',
-    github_oauth_token => hiera('gerrit_dev_github_token'),
-    mysql_password => hiera('gerrit_dev_mysql_password'),
-    email_private_key => hiera('gerrit_dev_email_private_key')
+    github_oauth_token => $github_oauth_token,
+    mysql_password => $mysql_password,
+    email_private_key => $email_private_key,
   }
 }