Restoration of the 'export_passwords' exclusion
The 'tripleoclient.export.export_passwords' function was intended
export passwords selectively, if needed, based on provided rules.
This patch restores that functionality.
Furthermore, tests were adjusted to validate exports with and
without filtering.
Function level documentation was expanded with information about
inputs and outputs.
Per suggestion, the loop was adjusted to iterate over generated passwords
rather than over `tripleo_common_constants.PASSWORD_PARAMETER_NAMES`.
The existing import of tripleo_common.constants was removed, as there
were no more references to it.
Closes-Bug: #1933237
Signed-off-by: Jiri Podivin <jpodivin@redhat.com>
Change-Id: I397caaf314dae17a48d4aeed55f1a5a8e4ae3d41
(cherry picked from commit cc2ac4a855
)
This commit is contained in:
parent
750d68e992
commit
095182c143
|
@ -21,7 +21,6 @@ import yaml
|
|||
|
||||
from osc_lib.i18n import _
|
||||
|
||||
from tripleo_common import constants as tripleo_common_constants
|
||||
from tripleo_common.utils import plan as plan_utils
|
||||
from tripleoclient import constants
|
||||
from tripleoclient import utils as oooutils
|
||||
|
@ -31,23 +30,35 @@ LOG = logging.getLogger(__name__ + ".utils")
|
|||
|
||||
|
||||
def export_passwords(heat, stack, excludes=True):
|
||||
"""For each password, check if it's excluded, then check if there's a user
|
||||
defined value from parameter_defaults, and if not use the value from the
|
||||
generated passwords.
|
||||
:param heat: tht client
|
||||
:type heat: Client
|
||||
:param stack: stack name for password generator
|
||||
:type stack: string
|
||||
:param excludes: filter the passwords or not, defaults to `True`
|
||||
:type excludes: bool
|
||||
:returns: filtered password dictionary
|
||||
:rtype: dict
|
||||
"""
|
||||
|
||||
# For each password, check if it's excluded, then check if there's a user
|
||||
# defined value from parameter_defaults, and if not use the value from the
|
||||
# generated passwords.
|
||||
def exclude_password(password):
|
||||
for pattern in constants.EXPORT_PASSWORD_EXCLUDE_PATTERNS:
|
||||
return re.match(pattern, password, re.I)
|
||||
if re.match(pattern, password, re.I):
|
||||
return True
|
||||
|
||||
generated_passwords = plan_utils.generate_passwords(
|
||||
heat=heat, container=stack)
|
||||
for password in tripleo_common_constants.PASSWORD_PARAMETER_NAMES:
|
||||
if exclude_password(password):
|
||||
continue
|
||||
if password not in generated_passwords:
|
||||
LOG.warning("No password value found for %s", password)
|
||||
|
||||
return generated_passwords
|
||||
filtered_passwords = generated_passwords.copy()
|
||||
|
||||
if excludes:
|
||||
for password in generated_passwords:
|
||||
if exclude_password(password):
|
||||
filtered_passwords.pop(password, None)
|
||||
|
||||
return filtered_passwords
|
||||
|
||||
|
||||
def export_stack(heat, stack, should_filter=False,
|
||||
|
|
|
@ -197,21 +197,9 @@ class TestExport(TestCase):
|
|||
'config-download/overcloud/group_vars/overcloud.json'),
|
||||
'r')
|
||||
|
||||
@mock.patch('tripleoclient.export.LOG')
|
||||
@mock.patch('tripleo_common.utils.plan.generate_passwords')
|
||||
def test_export_passwords(self, mock_gen_pass):
|
||||
heat = mock.Mock()
|
||||
mock_passwords = {
|
||||
'AdminPassword': 'a_user',
|
||||
'RpcPassword': 'B'}
|
||||
mock_gen_pass.return_value = mock_passwords
|
||||
data = export.export_passwords(heat, 'overcloud')
|
||||
|
||||
self.assertEqual(dict(AdminPassword='a_user',
|
||||
RpcPassword='B'),
|
||||
data)
|
||||
|
||||
@mock.patch('tripleo_common.utils.plan.generate_passwords')
|
||||
def test_export_passwords_excludes(self, mock_gen_pass):
|
||||
def test_export_passwords(self, mock_gen_pass, mock_log):
|
||||
heat = mock.Mock()
|
||||
mock_passwords = {
|
||||
'AdminPassword': 'A',
|
||||
|
@ -219,14 +207,36 @@ class TestExport(TestCase):
|
|||
'CephClientKey': 'cephkey',
|
||||
'CephClusterFSID': 'cephkey',
|
||||
'CephRgwKey': 'cephkey'}
|
||||
|
||||
mock_gen_pass.return_value = mock_passwords
|
||||
|
||||
expected_password_export = mock_passwords.copy()
|
||||
data = export.export_passwords(heat, 'overcloud', False)
|
||||
|
||||
self.assertEqual(
|
||||
expected_password_export,
|
||||
data)
|
||||
|
||||
@mock.patch('tripleoclient.export.LOG')
|
||||
@mock.patch('tripleo_common.utils.plan.generate_passwords')
|
||||
def test_export_passwords_excludes(self, mock_gen_pass, mock_log):
|
||||
heat = mock.Mock()
|
||||
mock_passwords = {
|
||||
'AdminPassword': 'A',
|
||||
'RpcPassword': 'B',
|
||||
'CephClientKey': 'cephkey',
|
||||
'CephClusterFSID': 'cephkey',
|
||||
'CephRgwKey': 'cephkey'}
|
||||
|
||||
mock_gen_pass.return_value = mock_passwords
|
||||
|
||||
expected_password_export = {
|
||||
'AdminPassword': 'A',
|
||||
'RpcPassword': 'B'}
|
||||
|
||||
data = export.export_passwords(heat, 'overcloud')
|
||||
|
||||
mock_passwords.pop('CephClientKey')
|
||||
mock_passwords.pop('CephClusterFSID')
|
||||
mock_passwords.pop('CephRgwKey')
|
||||
|
||||
self.assertEqual(mock_passwords, data)
|
||||
self.assertEqual(expected_password_export, data)
|
||||
|
||||
def test_export_ceph_net_key(self):
|
||||
with mock.patch('builtins.open', self.mock_open_ceph_global):
|
||||
|
|
Loading…
Reference in New Issue