Comment 1 for bug 1399076

After looking around the cookbooks, I see that the messaging and san_login passwords would be a great place to start for this work.

For messaging, they are handled like this:

cookbook-openstack-orchestration/recipes/common.rb: mq_password = get_password 'user', node['openstack']['mq']['orchestration']['rabbit']['userid']
cookbook-openstack-orchestration/recipes/common.rb: mq_password = get_password 'user', node['openstack']['mq']['orchestration']['qpid']['username']

That could be reduced to:

cookbook-openstack-orchestration/recipes/common.rb: mq_password = get_password 'user', 'mq_password'

This would effect the following cookbooks:
Common - for doc updates
Image, Network, Orchestration, Database, Compute, Block-Storag, Ops-Messaging, Telemetry

For the san_login, that is used like this today:

cookbook-openstack-block-storage/recipes/cinder-common.rb: storwize_pass = get_password 'user', node['openstack']['block-storage']['storwize']['san_login']
cookbook-openstack-block-storage/recipes/cinder-common.rb: solidfire_pass = get_password 'user', node['openstack']['block-storage']['solidfire']['san_login']
cookbook-openstack-block-storage/recipes/cinder-common.rb: ibmnas_pass = get_password 'user', node['openstack']['block-storage']['ibmnas']['nas_login']

That would be changed to something like:

cookbook-openstack-block-storage/recipes/cinder-common.rb: san_login_pass = get_password 'user', 'san_login'

This would effect the Common cookbook for maybe some doc and the Block-Storage cookbook.

So the net is that this should probably be broken down in to at least 3 groups of changes, one for messaging password, one for san_login password, and one for possibly doing the component user passwords. Does that sound about right?