Pass RabbitMQ's password from the client
In the tripleo templates the RabbitMQ password is set as the default but can be overriden. It's not a good security pratice to use that default so this change enables the autogeneration of that parameter. Bug: #1557688 Change-Id: I9c2f2b82ab2780ff325f90f5e038f3b7f3b5cf61
This commit is contained in:
parent
a928c34a08
commit
309eef1005
|
@ -38,8 +38,7 @@ class TestPasswordsUtil(TestCase):
|
||||||
with mock.patch('six.moves.builtins.open', mock_open):
|
with mock.patch('six.moves.builtins.open', mock_open):
|
||||||
passwords = utils.generate_overcloud_passwords(
|
passwords = utils.generate_overcloud_passwords(
|
||||||
create_password_file=True)
|
create_password_file=True)
|
||||||
|
mock_calls = [
|
||||||
self.assertEqual(sorted(mock_open().write.mock_calls), [
|
|
||||||
mock.call('NEUTRON_METADATA_PROXY_SHARED_SECRET=PASSWORD\n'),
|
mock.call('NEUTRON_METADATA_PROXY_SHARED_SECRET=PASSWORD\n'),
|
||||||
mock.call('OVERCLOUD_ADMIN_PASSWORD=PASSWORD\n'),
|
mock.call('OVERCLOUD_ADMIN_PASSWORD=PASSWORD\n'),
|
||||||
mock.call('OVERCLOUD_ADMIN_TOKEN=PASSWORD\n'),
|
mock.call('OVERCLOUD_ADMIN_TOKEN=PASSWORD\n'),
|
||||||
|
@ -52,14 +51,16 @@ class TestPasswordsUtil(TestCase):
|
||||||
mock.call('OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD=PASSWORD\n'),
|
mock.call('OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD=PASSWORD\n'),
|
||||||
mock.call('OVERCLOUD_NEUTRON_PASSWORD=PASSWORD\n'),
|
mock.call('OVERCLOUD_NEUTRON_PASSWORD=PASSWORD\n'),
|
||||||
mock.call('OVERCLOUD_NOVA_PASSWORD=PASSWORD\n'),
|
mock.call('OVERCLOUD_NOVA_PASSWORD=PASSWORD\n'),
|
||||||
|
mock.call('OVERCLOUD_RABBITMQ_PASSWORD=PASSWORD\n'),
|
||||||
mock.call('OVERCLOUD_REDIS_PASSWORD=PASSWORD\n'),
|
mock.call('OVERCLOUD_REDIS_PASSWORD=PASSWORD\n'),
|
||||||
mock.call('OVERCLOUD_SAHARA_PASSWORD=PASSWORD\n'),
|
mock.call('OVERCLOUD_SAHARA_PASSWORD=PASSWORD\n'),
|
||||||
mock.call('OVERCLOUD_SWIFT_HASH=PASSWORD\n'),
|
mock.call('OVERCLOUD_SWIFT_HASH=PASSWORD\n'),
|
||||||
mock.call('OVERCLOUD_SWIFT_PASSWORD=PASSWORD\n'),
|
mock.call('OVERCLOUD_SWIFT_PASSWORD=PASSWORD\n'),
|
||||||
])
|
]
|
||||||
self.assertEqual(generate_password_mock.call_count, 16)
|
self.assertEqual(sorted(mock_open().write.mock_calls), mock_calls)
|
||||||
|
self.assertEqual(generate_password_mock.call_count, len(mock_calls))
|
||||||
|
|
||||||
self.assertEqual(len(passwords), 16)
|
self.assertEqual(len(passwords), len(mock_calls))
|
||||||
|
|
||||||
def test_generate_passwords_update(self):
|
def test_generate_passwords_update(self):
|
||||||
|
|
||||||
|
@ -85,6 +86,7 @@ class TestPasswordsUtil(TestCase):
|
||||||
'OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD=PASSWORD\n',
|
'OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD=PASSWORD\n',
|
||||||
'OVERCLOUD_NEUTRON_PASSWORD=PASSWORD\n',
|
'OVERCLOUD_NEUTRON_PASSWORD=PASSWORD\n',
|
||||||
'OVERCLOUD_NOVA_PASSWORD=PASSWORD\n',
|
'OVERCLOUD_NOVA_PASSWORD=PASSWORD\n',
|
||||||
|
'OVERCLOUD_RABBITMQ_PASSWORD=PASSWORD\n',
|
||||||
'OVERCLOUD_REDIS_PASSWORD=PASSWORD\n',
|
'OVERCLOUD_REDIS_PASSWORD=PASSWORD\n',
|
||||||
'OVERCLOUD_SAHARA_PASSWORD=PASSWORD\n',
|
'OVERCLOUD_SAHARA_PASSWORD=PASSWORD\n',
|
||||||
'OVERCLOUD_SWIFT_HASH=PASSWORD\n',
|
'OVERCLOUD_SWIFT_HASH=PASSWORD\n',
|
||||||
|
@ -100,7 +102,7 @@ class TestPasswordsUtil(TestCase):
|
||||||
passwords = utils.generate_overcloud_passwords()
|
passwords = utils.generate_overcloud_passwords()
|
||||||
|
|
||||||
generate_password_mock.assert_not_called()
|
generate_password_mock.assert_not_called()
|
||||||
self.assertEqual(len(passwords), 16)
|
self.assertEqual(len(passwords), len(PASSWORDS))
|
||||||
for name in utils._PASSWORD_NAMES:
|
for name in utils._PASSWORD_NAMES:
|
||||||
self.assertEqual('PASSWORD', passwords[name])
|
self.assertEqual('PASSWORD', passwords[name])
|
||||||
|
|
||||||
|
|
|
@ -163,6 +163,7 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
|
||||||
'NeutronPublicInterface': 'nic1',
|
'NeutronPublicInterface': 'nic1',
|
||||||
'NovaPassword': 'password',
|
'NovaPassword': 'password',
|
||||||
'NtpServer': '',
|
'NtpServer': '',
|
||||||
|
'RabbitPassword': 'password',
|
||||||
'RedisPassword': 'password',
|
'RedisPassword': 'password',
|
||||||
'SaharaPassword': 'password',
|
'SaharaPassword': 'password',
|
||||||
'SnmpdReadonlyUserPassword': 'PASSWORD',
|
'SnmpdReadonlyUserPassword': 'PASSWORD',
|
||||||
|
@ -319,6 +320,7 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
|
||||||
'NeutronTunnelTypes': 'gre',
|
'NeutronTunnelTypes': 'gre',
|
||||||
'NovaPassword': 'password',
|
'NovaPassword': 'password',
|
||||||
'NtpServer': '',
|
'NtpServer': '',
|
||||||
|
'RabbitPassword': 'password',
|
||||||
'RedisPassword': 'password',
|
'RedisPassword': 'password',
|
||||||
'SaharaPassword': 'password',
|
'SaharaPassword': 'password',
|
||||||
'SnmpdReadonlyUserPassword': 'PASSWORD',
|
'SnmpdReadonlyUserPassword': 'PASSWORD',
|
||||||
|
|
|
@ -13,25 +13,10 @@
|
||||||
# under the License.
|
# under the License.
|
||||||
#
|
#
|
||||||
|
|
||||||
|
from tripleoclient import utils
|
||||||
|
|
||||||
|
|
||||||
def generate_overcloud_passwords_mock():
|
def generate_overcloud_passwords_mock():
|
||||||
passwords = (
|
passwords = utils._PASSWORD_NAMES
|
||||||
"OVERCLOUD_ADMIN_PASSWORD",
|
|
||||||
"OVERCLOUD_ADMIN_TOKEN",
|
|
||||||
"OVERCLOUD_CEILOMETER_PASSWORD",
|
|
||||||
"OVERCLOUD_CEILOMETER_SECRET",
|
|
||||||
"OVERCLOUD_CINDER_PASSWORD",
|
|
||||||
"OVERCLOUD_DEMO_PASSWORD",
|
|
||||||
"OVERCLOUD_GLANCE_PASSWORD",
|
|
||||||
"OVERCLOUD_HEAT_PASSWORD",
|
|
||||||
"OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD",
|
|
||||||
"OVERCLOUD_NEUTRON_PASSWORD",
|
|
||||||
"OVERCLOUD_NOVA_PASSWORD",
|
|
||||||
"OVERCLOUD_REDIS_PASSWORD",
|
|
||||||
"OVERCLOUD_SAHARA_PASSWORD",
|
|
||||||
"OVERCLOUD_SWIFT_HASH",
|
|
||||||
"OVERCLOUD_SWIFT_PASSWORD",
|
|
||||||
"NEUTRON_METADATA_PROXY_SHARED_SECRET"
|
|
||||||
)
|
|
||||||
|
|
||||||
return dict((password, 'password') for password in passwords)
|
return dict((password, 'password') for password in passwords)
|
||||||
|
|
|
@ -47,6 +47,7 @@ _PASSWORD_NAMES = (
|
||||||
"OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD",
|
"OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD",
|
||||||
"OVERCLOUD_NEUTRON_PASSWORD",
|
"OVERCLOUD_NEUTRON_PASSWORD",
|
||||||
"OVERCLOUD_NOVA_PASSWORD",
|
"OVERCLOUD_NOVA_PASSWORD",
|
||||||
|
"OVERCLOUD_RABBITMQ_PASSWORD",
|
||||||
"OVERCLOUD_REDIS_PASSWORD",
|
"OVERCLOUD_REDIS_PASSWORD",
|
||||||
"OVERCLOUD_SAHARA_PASSWORD",
|
"OVERCLOUD_SAHARA_PASSWORD",
|
||||||
"OVERCLOUD_SWIFT_HASH",
|
"OVERCLOUD_SWIFT_HASH",
|
||||||
|
|
|
@ -80,6 +80,7 @@ class DeployOvercloud(command.Command):
|
||||||
parameters['NeutronPassword'] = passwords[
|
parameters['NeutronPassword'] = passwords[
|
||||||
'OVERCLOUD_NEUTRON_PASSWORD']
|
'OVERCLOUD_NEUTRON_PASSWORD']
|
||||||
parameters['NovaPassword'] = passwords['OVERCLOUD_NOVA_PASSWORD']
|
parameters['NovaPassword'] = passwords['OVERCLOUD_NOVA_PASSWORD']
|
||||||
|
parameters['RabbitPassword'] = passwords['OVERCLOUD_RABBITMQ_PASSWORD']
|
||||||
parameters['RedisPassword'] = passwords['OVERCLOUD_REDIS_PASSWORD']
|
parameters['RedisPassword'] = passwords['OVERCLOUD_REDIS_PASSWORD']
|
||||||
parameters['SaharaPassword'] = (
|
parameters['SaharaPassword'] = (
|
||||||
passwords['OVERCLOUD_SAHARA_PASSWORD'])
|
passwords['OVERCLOUD_SAHARA_PASSWORD'])
|
||||||
|
|
Loading…
Reference in New Issue