[WIP] Use rails credentials instead of secrets

config/secrets.defaults.yml

@@ -1,18 +1,12 @@
 ---
-test:
-  vmware_cloud_defaults: &vmware_cloud_defaults
-    host: vmwarecloudhost
-    userid: VMWARE_CLOUD_USERID
-    password: VMWARE_CLOUD_PASSWORD
-  vmware_cloud:
-    <<: *vmware_cloud_defaults
-  vmware_infra_defaults: &vmware_infra_defaults
-    hostname: HOSTNAME
-  vmware_infra:
-    <<: *vmware_infra_defaults
-  vmware_tanzu_defaults: &vmware_tanzu_defaults
-    hostname: vmware-tanzu-hostname
-    userid: VMWARE_TANZU_USERID
-    password: VMWARE_TANZU_PASSWORD
-  vmware_tanzu:
-    <<: *vmware_tanzu_defaults
+:vmware_cloud:
+  :host: vmwarecloudhost
+  :userid: VMWARE_CLOUD_USERID
+  :password: VMWARE_CLOUD_PASSWORD
+:vmware_infra:
+  :hostname: HOSTNAME
+:vmware_tanzu:
+  :hostname: vmware-tanzu-hostname
+  :userid: VMWARE_TANZU_USERID
+  :password: VMWARE_TANZU_PASSWORD
+

lib/manageiq/providers/vmware/engine.rb

@@ -6,11 +6,6 @@ class Engine < ::Rails::Engine
 
         config.autoload_paths << root.join('lib').to_s
 
-        initializer :append_secrets do |app|
-          app.config.paths["config/secrets"] << root.join("config", "secrets.defaults.yml").to_s
-          app.config.paths["config/secrets"] << root.join("config", "secrets.yml").to_s
-        end
-
         def self.vmdb_plugin?
           true
         end

spec/factories/ext_management_system.rb

@@ -3,12 +3,12 @@
     zone { EvmSpecHelper.local_miq_server.zone }
 
     after(:build) do |ems|
-      ems.hostname = Rails.application.secrets.vmware_cloud[:host]
+      ems.hostname = vcr_secret_by_key_path(:vmware_cloud, :host)
     end
 
     after(:create) do |ems|
-      userid   = Rails.application.secrets.vmware_cloud[:userid]
-      password = Rails.application.secrets.vmware_cloud[:password]
+      userid   = vcr_secret_by_key_path(:vmware_cloud, :userid)
+      password = vcr_secret_by_key_path(:vmware_cloud, :password)
 
       cred = {
         :userid   => userid,
@@ -30,11 +30,11 @@
 
   factory :ems_vmware_tanzu_with_vcr_authentication, :parent => :ems_vmware_tanzu do
     after(:create) do |ems|
-      userid   = Rails.application.secrets.vmware_tanzu[:userid]
-      password = Rails.application.secrets.vmware_tanzu[:password]
+      userid   = vcr_secret_by_key_path(:vmware_tanzu, :userid)
+      password = vcr_secret_by_key_path(:vmware_tanzu, :password)
 
       ems.default_endpoint.update!(
-        :hostname   => Rails.application.secrets.vmware_tanzu[:hostname],
+        :hostname   => vcr_secret_by_key_path(:vmware_tanzu, :hostname),
         :verify_ssl => OpenSSL::SSL::VERIFY_NONE
       )
 

spec/models/manageiq/providers/vmware/cloud_manager/refresher_spec.rb

@@ -1,6 +1,6 @@
 describe ManageIQ::Providers::Vmware::CloudManager::Refresher do
   before do
-    @host = Rails.application.secrets.vmware_cloud[:host]
+    @host = vcr_secret_by_key_path(:vmware_cloud, :host)
     host_uri = URI.parse("https://#{@host}")
 
     @hostname = host_uri.host
@@ -15,8 +15,8 @@
       :api_version => '5.5'
     )
 
-    @userid = Rails.application.secrets.vmware_cloud[:userid]
-    @password = Rails.application.secrets.vmware_cloud[:password]
+    @userid = vcr_secret_by_key_path(:vmware_cloud, :userid)
+    @password = vcr_secret_by_key_path(:vmware_cloud, :password)
 
     cred = {
       :userid   => @userid,

spec/models/manageiq/providers/vmware/cloud_manager_spec.rb

@@ -1,13 +1,13 @@
 describe ManageIQ::Providers::Vmware::CloudManager do
   before(:context) do
-    @host = Rails.application.secrets.vmware_cloud[:host]
+    @host = vcr_secret_by_key_path(:vmware_cloud, :host)
     host_uri = URI.parse("https://#{@host}")
 
     @hostname = host_uri.host
     @port = host_uri.port == 443 ? nil : host_uri.port
 
-    @userid = Rails.application.secrets.vmware_cloud[:userid]
-    @password = Rails.application.secrets.vmware_cloud[:password]
+    @userid = vcr_secret_by_key_path(:vmware_cloud, :userid)
+    @password = vcr_secret_by_key_path(:vmware_cloud, :password)
   end
 
   before(:example) do

spec/models/manageiq/providers/vmware/infra_manager/refresher_spec.rb

@@ -5,7 +5,7 @@
 
   let!(:ems) do
     zone = EvmSpecHelper.local_miq_server.zone
-    hostname = Rails.application.secrets.vmware_infra[:hostname]
+    hostname = vcr_secret_by_key_path(:vmware_infra, :hostname)
     FactoryBot.create(:ems_vmware_with_authentication, :hostname => hostname, :zone => zone).tap do |ems|
       # NOTE: VCR filter_sensitive_data was replacing rootFolder with VMWARE_USERNAME and
       # vmware_soap_string_abcdef with VMWARE_PASSWORD_string_abcdef, given these are the

spec/spec_helper.rb

@@ -14,24 +14,27 @@
   end
 end
 
+Object.include Spec::Shared::CassetteSecretsHelper
 VCR.configure do |config|
+  # config.default_cassette_options = { :record => :all }
+
   config.ignore_hosts 'codeclimate.com' if ENV['CI']
   config.cassette_library_dir = File.join(ManageIQ::Providers::Vmware::Engine.root, 'spec/vcr_cassettes')
 
-  secrets = Rails.application.secrets
-  config.define_cassette_placeholder(Rails.application.secrets.vmware_infra_defaults[:hostname]) do
-    Rails.application.secrets.vmware_infra[:hostname]
+  config.define_cassette_placeholder(default_vcr_secret_by_key_path(:vmware_infra, :hostname)) do
+    vcr_secret_by_key_path(:vmware_infra, :hostname)
   end
-  config.define_cassette_placeholder(Rails.application.secrets.vmware_cloud_defaults[:host]) do
-    Rails.application.secrets.vmware_cloud[:host]
+  config.define_cassette_placeholder(default_vcr_secret_by_key_path(:vmware_cloud, :host)) do
+    vcr_secret_by_key_path(:vmware_cloud, :host)
   end
   config.define_cassette_placeholder("VMWARE_CLOUD_AUTHORIZATION") do
-    Base64.encode64("#{Rails.application.secrets.vmware_cloud[:userid]}:#{Rails.application.secrets.vmware_cloud[:password]}").chomp
+    Base64.encode64("#{vcr_secret_by_key_path(:vmware_cloud, :userid)}:#{vcr_secret_by_key_path(:vmware_cloud, :password)}").chomp
   end
   config.define_cassette_placeholder("VMWARE_CLOUD_INVALIDAUTHORIZATION") do
-    Base64.encode64("#{Rails.application.secrets.vmware_cloud[:userid]}:invalid").chomp
-  end
-  secrets.vmware_tanzu.each do |key, val|
-    config.define_cassette_placeholder(secrets.vmware_tanzu_defaults[key]) { val }
+    Base64.encode64("#{vcr_secret_by_key_path(:vmware_cloud, :userid)}:invalid").chomp
   end
+
+  config.define_cassette_placeholder(default_vcr_secret_by_key_path(:vmware_tanzu, :hostname)) { vcr_secret_by_key_path(:vmware_tanzu, :hostname) }
+  config.define_cassette_placeholder(default_vcr_secret_by_key_path(:vmware_tanzu, :userid))   { vcr_secret_by_key_path(:vmware_tanzu, :userid) }
+  config.define_cassette_placeholder(default_vcr_secret_by_key_path(:vmware_tanzu, :password)) { vcr_secret_by_key_path(:vmware_tanzu, :password) }
 end