From e09e75ee7c5e9084afe46c623e492292019fbd2d Mon Sep 17 00:00:00 2001
From: Grant Slater <github@firefishy.com>
Date: Thu, 6 Nov 2025 23:28:54 +0000
Subject: [PATCH] tilelog: Use aws databag

---
 cookbooks/tilelog/recipes/default.rb            | 8 ++------
 cookbooks/tilelog/templates/default/tilelog.erb | 4 ++--
 test/data_bags/tilelog/aws.json                 | 5 +++++
 test/data_bags/tilelog/passwords.json           | 5 -----
 4 files changed, 9 insertions(+), 13 deletions(-)
 create mode 100644 test/data_bags/tilelog/aws.json
 delete mode 100644 test/data_bags/tilelog/passwords.json

diff --git a/cookbooks/tilelog/recipes/default.rb b/cookbooks/tilelog/recipes/default.rb
index bb7b1c0a4..9b628c0fe 100644
--- a/cookbooks/tilelog/recipes/default.rb
+++ b/cookbooks/tilelog/recipes/default.rb
@@ -21,7 +21,7 @@ include_recipe "accounts"
 include_recipe "planet::aws"
 include_recipe "python"
 
-passwords = data_bag_item("tilelog", "passwords")
+aws_credentials = data_bag_item("tilelog", "aws")
 
 tilelog_directory = "/opt/tilelog"
 tilelog_output_directory = node[:tilelog][:output_directory]
@@ -43,17 +43,13 @@ directory tilelog_output_directory do
   recursive true
 end
 
-aws_access_key_id = passwords["aws_access_key_id"]
-aws_secret_access_key = passwords["aws_secret_access_key"]
-
 template "/usr/local/bin/tilelog" do
   source "tilelog.erb"
   owner "root"
   group "root"
   mode "755"
   variables :output_dir => tilelog_output_directory,
-            :aws_access_key_id => aws_access_key_id,
-            :aws_secret_access_key => aws_secret_access_key
+            :aws_credentials => aws_credentials
 end
 
 systemd_service "tilelog" do
diff --git a/cookbooks/tilelog/templates/default/tilelog.erb b/cookbooks/tilelog/templates/default/tilelog.erb
index 16d461f65..029a1d91d 100644
--- a/cookbooks/tilelog/templates/default/tilelog.erb
+++ b/cookbooks/tilelog/templates/default/tilelog.erb
@@ -12,8 +12,8 @@ TMPDIR=$(mktemp -d -t tilelog.XXXXXXXXX)
 
 cd "$TMPDIR"
 
-export AWS_ACCESS_KEY_ID="<%= @aws_access_key_id %>"
-export AWS_SECRET_ACCESS_KEY="<%= @aws_secret_access_key %>"
+export AWS_ACCESS_KEY_ID="<%= @aws_credentials["tilelog_access_key_id"] %>"
+export AWS_SECRET_ACCESS_KEY="<%= @aws_credentials["tilelog_secret_access_key"] %>"
 export AWS_REGION="eu-west-1"
 
 TILEFILE="tiles-${DATE}.txt.xz"
diff --git a/test/data_bags/tilelog/aws.json b/test/data_bags/tilelog/aws.json
new file mode 100644
index 000000000..219290bc3
--- /dev/null
+++ b/test/data_bags/tilelog/aws.json
@@ -0,0 +1,5 @@
+{
+  "id": "aws",
+  "aws_access_key_id": "TILE_LOG_ACCESS_KEY_ID",
+  "aws_secret_access_key": "TILE_LOG_SECRET_ACCESS_KEY"
+}
diff --git a/test/data_bags/tilelog/passwords.json b/test/data_bags/tilelog/passwords.json
deleted file mode 100644
index bc6a2f20e..000000000
--- a/test/data_bags/tilelog/passwords.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "id": "passwords",
-  "aws_access_key_id": "ACCESS_KEY_ID",
-  "aws_secret_access_key": "SECRET_ACCESS_KEY"
-}
-- 
2.39.5