add empty password check on deploy

(Bug) 24667619 Jira-Issue: OPENSTACK-1068 Change-Id: I20f3a7b10b2c75eb6e14d2e186d6c933de723bf9
2016-09-16 17:03:47 +02:00 · 2016-09-16 17:03:47 +02:00 · b6b2018323
parent 894f8e7d6b
commit b6b2018323
3 changed files with 70 additions and 15 deletions
--- a/kollacli/common/ansible/actions.py
+++ b/kollacli/common/ansible/actions.py
@ -21,6 +21,7 @@ from kollacli.api.exceptions import InvalidConfiguration
 from kollacli.api.exceptions import NotInInventory
 from kollacli.common.ansible.playbook import AnsiblePlaybook
 from kollacli.common.inventory import Inventory
+from kollacli.common.passwords import get_empty_password_values
 from kollacli.common import properties
 from kollacli.common.properties import AnsibleProperties
 from kollacli.common.utils import get_kolla_etc
@ -119,6 +120,16 @@ def _run_deploy_rules(playbook):
    properties = AnsibleProperties()
    inventory = Inventory.load()

+    # check that password file has no empty password values
+    empty_keys = get_empty_password_values()
+    if empty_keys:
+        raise InvalidConfiguration(
+            u._('Deploy failed. There are empty password values '
+                'in {etc}passwords.yml. '
+                'Please run kolla-genpwd or '
+                'use the cli to correct them. \nEmpty passwords: '
+                '{keys}').format(etc=get_kolla_etc(), keys=empty_keys))
+
    # if we are doing a targeted host deploy make sure we are doing it
    # to only compute nodes
    if playbook.hosts:
--- a/kollacli/common/passwords.py
+++ b/kollacli/common/passwords.py
@ -59,6 +59,21 @@ def get_password_names():
    return pwd_names


+def get_empty_password_values():
+    cmd = '%s -e' % (_get_cmd_prefix())
+    err_msg, output = utils.run_cmd(cmd, print_output=False)
+    # output of this command is a comma separated string of password keys
+    # that have empty values.
+    if err_msg:
+        raise FailedOperation('%s %s' % (err_msg, output))
+
+    empty_keys = []
+    if output:
+        # password keys exist that have no values
+        empty_keys = output.strip().split(',')
+    return empty_keys
+
+
 def _get_cmd_prefix():
    actions_path = utils.get_kolla_actions_path()
    pwd_file_path = os.path.join(utils.get_kolla_etc(),
--- a/tools/kolla_actions.py
+++ b/tools/kolla_actions.py
@ -16,25 +16,48 @@ import getopt
 import os
 import signal
 import sys
+import yaml

 from kollacli.common.utils import change_property
-from kollacli.common.utils import sync_read_file
+
+
+def _get_empty_keys(path):
+    """get empty keys
+
+    print string with keys that have empty pwd values
+    """
+    ok_empty = ['docker_registry_password']
+    empty_keys = ''
+    with open(path, 'r') as f:
+        pwd_data = f.read()
+    pwds = yaml.safe_load(pwd_data)
+    comma = ''
+    for pwd_key, pwd_val in pwds.items():
+        is_empty = False
+        if not pwd_val and pwd_key not in ok_empty:
+            is_empty = True
+        elif isinstance(pwd_val, dict):
+            if not pwd_val.get('private_key', None):
+                is_empty = True
+            elif not pwd_val.get('public_key', None):
+                is_empty = True
+        if is_empty:
+            empty_keys = ''.join([empty_keys, comma, pwd_key])
+            comma = ','
+    if empty_keys:
+        print(empty_keys)


 def _print_pwd_keys(path):
-    pwd_keys = ''
+    keys_str = ''
    prefix = ''
-    pwd_data = sync_read_file(path)
-    for line in pwd_data.split('\n'):
-        if line.startswith('#'):
-            # skip commented lines
-            continue
-        if ':' in line:
-            pwd_key = line.split(':')[0]
-            pwd_keys = ''.join([pwd_keys, prefix, pwd_key])
-            prefix = ','
-
-    print(pwd_keys)
+    with open(path, 'r') as f:
+        pwd_data = f.read()
+    pwds = yaml.safe_load(pwd_data)
+    for pwd_key in pwds.keys():
+        keys_str = ''.join([keys_str, prefix, pwd_key])
+        prefix = ','
+    print(keys_str)


 def _password_cmd(argv):
@ -46,13 +69,15 @@ def _password_cmd(argv):
      -v value # value of password
      -c       # flag to clear the password
      -l       # print to stdout a csv string of the existing keys
+      -e       # get keys of passwords with empty values
    """
-    opts, _ = getopt.getopt(argv[2:], 'p:k:v:cl')
+    opts, _ = getopt.getopt(argv[2:], 'p:k:v:cle')
    path = ''
    pwd_key = ''
    pwd_value = ''
    clear_flag = False
    list_flag = False
+    empty_flag = False
    for opt, arg in opts:
        if opt == '-p':
            path = arg
@ -64,10 +89,14 @@ def _password_cmd(argv):
            clear_flag = True
        elif opt == '-l':
            list_flag = True
-
+        elif opt == '-e':
+            empty_flag = True
    if list_flag:
        # print the password keys
        _print_pwd_keys(path)
+    elif empty_flag:
+        # get empty passwords
+        _get_empty_keys(path)
    else:
        # edit a password
        property_dict = {}