Merge "feat: add command to view passwords"

doc/source/usage.rst

@@ -48,6 +48,16 @@ Environment variable: ``ANSIBLE_VAULT_PASSWORD_FILE``
     password from a (plain text) file, with the path to that file being read
     from the environment.
 
+Whilst the kolla passwords file ``kolla/passwords.yml`` should remain encrypted
+at all times it can be useful to view the contents of this file to acquire a
+password for a given service.
+This can be done with ``ansible-vault view`` however if an absolute path is not
+provided it will cause the command to fail.
+Therefore, to make reading the contents of this file easier for administrators
+it is possible to use ``kayobe overcloud passwords view`` which will
+temporarily decrypt and display the contents of ``kolla/passwords.yml`` for the
+active kayobe environment.
+
 Limiting Hosts
 --------------
 

kayobe/cli/commands.py

@@ -1579,6 +1579,14 @@ class OvercloudServicePrechecks(KollaAnsibleMixin, KayobeAnsibleMixin,
         self.run_kolla_ansible_overcloud(parsed_args, "prechecks")
 
 
+class OvercloudServicePasswordsView(KayobeAnsibleMixin, VaultMixin, Command):
+    """View Passwords."""
+
+    def take_action(self, parsed_args):
+        self.app.LOG.debug("Displaying Passwords")
+        vault.view_passwords(parsed_args)
+
+
 class OvercloudServiceReconfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
                                   VaultMixin, Command):
     """Reconfigure the overcloud services.

kayobe/vault.py

@@ -172,3 +172,22 @@ def update_environment(parsed_args, env):
 
     if vault_password is not None:
         env[VAULT_PASSWORD_ENV] = vault_password
+
+
+def view_passwords(parsed_args):
+    """View passwords stored in the Ansible Vault.
+
+    :param parsed_args: Parsed command line arguments.
+    """
+    env_path = utils.get_kayobe_environment_path(
+        parsed_args.config_path, parsed_args.environment)
+    path = env_path if env_path else parsed_args.config_path
+    passwords_path = os.path.join(path, 'kolla', 'passwords.yml')
+    cmd = ["ansible-vault", "view", passwords_path]
+    cmd += ["--vault-password-file", _get_vault_password_helper()]
+    try:
+        utils.run_command(cmd)
+    except subprocess.CalledProcessError as e:
+        LOG.error("Failed to view passwords via ansible-vault "
+                  "returncode %d", e.returncode)
+        sys.exit(e.returncode)

releasenotes/notes/add-passwords-view-command-2f55d83dca037e3d.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Add support for easily viewing the content of ``kolla/passwords.yml`` with
+    the new command ``kayobe overcloud passwords view``.

setup.cfg

@@ -75,6 +75,7 @@ kayobe.cli=
     overcloud_service_deploy = kayobe.cli.commands:OvercloudServiceDeploy
     overcloud_service_deploy_containers = kayobe.cli.commands:OvercloudServiceDeployContainers
     overcloud_service_destroy = kayobe.cli.commands:OvercloudServiceDestroy
+    overcloud_service_passwords_view = kayobe.cli.commands:OvercloudServicePasswordsView
     overcloud_service_prechecks = kayobe.cli.commands:OvercloudServicePrechecks
     overcloud_service_reconfigure = kayobe.cli.commands:OvercloudServiceReconfigure
     overcloud_service_stop = kayobe.cli.commands:OvercloudServiceStop
@@ -193,6 +194,8 @@ kayobe.cli.overcloud_service_upgrade =
     hooks = kayobe.cli.commands:HookDispatcher
 kayobe.cli.overcloud_swift_rings_generate =
     hooks = kayobe.cli.commands:HookDispatcher
+kayobe.cli.overcloud_passwords_view =
+    hooks = kayobe.cli.commands:HookDispatcher
 kayobe.cli.physical_network_configure =
     hooks = kayobe.cli.commands:HookDispatcher
 kayobe.cli.playbook_run =