From 309eef1005885ba8d90a2d3f7afea572ec57fc82 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Wed, 16 Mar 2016 11:05:17 +0200 Subject: [PATCH] Pass RabbitMQ's password from the client In the tripleo templates the RabbitMQ password is set as the default but can be overriden. It's not a good security pratice to use that default so this change enables the autogeneration of that parameter. Bug: #1557688 Change-Id: I9c2f2b82ab2780ff325f90f5e038f3b7f3b5cf61 --- tripleoclient/tests/test_utils.py | 14 +++++++------ .../overcloud_deploy/test_overcloud_deploy.py | 2 ++ tripleoclient/tests/v1/utils.py | 21 +++---------------- tripleoclient/utils.py | 1 + tripleoclient/v1/overcloud_deploy.py | 1 + 5 files changed, 15 insertions(+), 24 deletions(-) diff --git a/tripleoclient/tests/test_utils.py b/tripleoclient/tests/test_utils.py index 5a089cf2c..ebd803b5d 100644 --- a/tripleoclient/tests/test_utils.py +++ b/tripleoclient/tests/test_utils.py @@ -38,8 +38,7 @@ class TestPasswordsUtil(TestCase): with mock.patch('six.moves.builtins.open', mock_open): passwords = utils.generate_overcloud_passwords( create_password_file=True) - - self.assertEqual(sorted(mock_open().write.mock_calls), [ + mock_calls = [ mock.call('NEUTRON_METADATA_PROXY_SHARED_SECRET=PASSWORD\n'), mock.call('OVERCLOUD_ADMIN_PASSWORD=PASSWORD\n'), mock.call('OVERCLOUD_ADMIN_TOKEN=PASSWORD\n'), @@ -52,14 +51,16 @@ class TestPasswordsUtil(TestCase): mock.call('OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD=PASSWORD\n'), mock.call('OVERCLOUD_NEUTRON_PASSWORD=PASSWORD\n'), mock.call('OVERCLOUD_NOVA_PASSWORD=PASSWORD\n'), + mock.call('OVERCLOUD_RABBITMQ_PASSWORD=PASSWORD\n'), mock.call('OVERCLOUD_REDIS_PASSWORD=PASSWORD\n'), mock.call('OVERCLOUD_SAHARA_PASSWORD=PASSWORD\n'), mock.call('OVERCLOUD_SWIFT_HASH=PASSWORD\n'), mock.call('OVERCLOUD_SWIFT_PASSWORD=PASSWORD\n'), - ]) - self.assertEqual(generate_password_mock.call_count, 16) + ] + self.assertEqual(sorted(mock_open().write.mock_calls), mock_calls) + self.assertEqual(generate_password_mock.call_count, len(mock_calls)) - self.assertEqual(len(passwords), 16) + self.assertEqual(len(passwords), len(mock_calls)) def test_generate_passwords_update(self): @@ -85,6 +86,7 @@ class TestPasswordsUtil(TestCase): 'OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD=PASSWORD\n', 'OVERCLOUD_NEUTRON_PASSWORD=PASSWORD\n', 'OVERCLOUD_NOVA_PASSWORD=PASSWORD\n', + 'OVERCLOUD_RABBITMQ_PASSWORD=PASSWORD\n', 'OVERCLOUD_REDIS_PASSWORD=PASSWORD\n', 'OVERCLOUD_SAHARA_PASSWORD=PASSWORD\n', 'OVERCLOUD_SWIFT_HASH=PASSWORD\n', @@ -100,7 +102,7 @@ class TestPasswordsUtil(TestCase): passwords = utils.generate_overcloud_passwords() generate_password_mock.assert_not_called() - self.assertEqual(len(passwords), 16) + self.assertEqual(len(passwords), len(PASSWORDS)) for name in utils._PASSWORD_NAMES: self.assertEqual('PASSWORD', passwords[name]) diff --git a/tripleoclient/tests/v1/overcloud_deploy/test_overcloud_deploy.py b/tripleoclient/tests/v1/overcloud_deploy/test_overcloud_deploy.py index 5014777f9..b8adaa9d3 100644 --- a/tripleoclient/tests/v1/overcloud_deploy/test_overcloud_deploy.py +++ b/tripleoclient/tests/v1/overcloud_deploy/test_overcloud_deploy.py @@ -163,6 +163,7 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud): 'NeutronPublicInterface': 'nic1', 'NovaPassword': 'password', 'NtpServer': '', + 'RabbitPassword': 'password', 'RedisPassword': 'password', 'SaharaPassword': 'password', 'SnmpdReadonlyUserPassword': 'PASSWORD', @@ -319,6 +320,7 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud): 'NeutronTunnelTypes': 'gre', 'NovaPassword': 'password', 'NtpServer': '', + 'RabbitPassword': 'password', 'RedisPassword': 'password', 'SaharaPassword': 'password', 'SnmpdReadonlyUserPassword': 'PASSWORD', diff --git a/tripleoclient/tests/v1/utils.py b/tripleoclient/tests/v1/utils.py index d0ce529fe..370c08a2a 100644 --- a/tripleoclient/tests/v1/utils.py +++ b/tripleoclient/tests/v1/utils.py @@ -13,25 +13,10 @@ # under the License. # +from tripleoclient import utils + def generate_overcloud_passwords_mock(): - passwords = ( - "OVERCLOUD_ADMIN_PASSWORD", - "OVERCLOUD_ADMIN_TOKEN", - "OVERCLOUD_CEILOMETER_PASSWORD", - "OVERCLOUD_CEILOMETER_SECRET", - "OVERCLOUD_CINDER_PASSWORD", - "OVERCLOUD_DEMO_PASSWORD", - "OVERCLOUD_GLANCE_PASSWORD", - "OVERCLOUD_HEAT_PASSWORD", - "OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD", - "OVERCLOUD_NEUTRON_PASSWORD", - "OVERCLOUD_NOVA_PASSWORD", - "OVERCLOUD_REDIS_PASSWORD", - "OVERCLOUD_SAHARA_PASSWORD", - "OVERCLOUD_SWIFT_HASH", - "OVERCLOUD_SWIFT_PASSWORD", - "NEUTRON_METADATA_PROXY_SHARED_SECRET" - ) + passwords = utils._PASSWORD_NAMES return dict((password, 'password') for password in passwords) diff --git a/tripleoclient/utils.py b/tripleoclient/utils.py index 909063f47..a5a1a75a8 100644 --- a/tripleoclient/utils.py +++ b/tripleoclient/utils.py @@ -47,6 +47,7 @@ _PASSWORD_NAMES = ( "OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD", "OVERCLOUD_NEUTRON_PASSWORD", "OVERCLOUD_NOVA_PASSWORD", + "OVERCLOUD_RABBITMQ_PASSWORD", "OVERCLOUD_REDIS_PASSWORD", "OVERCLOUD_SAHARA_PASSWORD", "OVERCLOUD_SWIFT_HASH", diff --git a/tripleoclient/v1/overcloud_deploy.py b/tripleoclient/v1/overcloud_deploy.py index 593817b4c..79b2a1b8f 100644 --- a/tripleoclient/v1/overcloud_deploy.py +++ b/tripleoclient/v1/overcloud_deploy.py @@ -80,6 +80,7 @@ class DeployOvercloud(command.Command): parameters['NeutronPassword'] = passwords[ 'OVERCLOUD_NEUTRON_PASSWORD'] parameters['NovaPassword'] = passwords['OVERCLOUD_NOVA_PASSWORD'] + parameters['RabbitPassword'] = passwords['OVERCLOUD_RABBITMQ_PASSWORD'] parameters['RedisPassword'] = passwords['OVERCLOUD_REDIS_PASSWORD'] parameters['SaharaPassword'] = ( passwords['OVERCLOUD_SAHARA_PASSWORD'])