Use user set password values in overcloud export
The overcloud export command needs to look at both the
parameter_defaults and passwords keys from plan-environment.yaml.
passwords contains only the generated password values, while
parameter_defaults contains any user set values. If a value is not set
in parameter_defaults, then passwords can be used.
Change-Id: I6b1b8bd1e7800720f6bbbe418c1f83b2f710fb48
Closes-Bug: #1891388
Signed-off-by: James Slagle <jslagle@redhat.com>
(cherry picked from commit ced221406b
)
This commit is contained in:
parent
f183060b2e
commit
31aeb48e70
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
fixes:
|
||||
- openstack overcloud export now exports user defined password values instead
|
||||
of just always exporting the generated password values.
|
|
@ -23,6 +23,7 @@ import yaml
|
|||
|
||||
from osc_lib.i18n import _
|
||||
|
||||
from tripleo_common import constants as tripleo_common_constants
|
||||
from tripleoclient import constants
|
||||
from tripleoclient import utils as oooutils
|
||||
|
||||
|
@ -41,15 +42,34 @@ def export_passwords(swift, stack, excludes=True):
|
|||
"file from swift: %s", str(e))
|
||||
sys.exit(1)
|
||||
|
||||
data = yaml.safe_load(content)["passwords"]
|
||||
if excludes:
|
||||
excluded_passwords = []
|
||||
for k in data:
|
||||
for pattern in constants.EXPORT_PASSWORD_EXCLUDE_PATTERNS:
|
||||
if re.match(pattern, k, re.I):
|
||||
excluded_passwords.append(k)
|
||||
[data.pop(e) for e in excluded_passwords]
|
||||
return data
|
||||
data = yaml.load(content)
|
||||
# The "passwords" key in plan-environment.yaml are generated passwords,
|
||||
# they are not necessarily the actual password values used during the
|
||||
# deployment.
|
||||
generated_passwords = data["passwords"]
|
||||
# parameter_defaults will contain any user defined password values
|
||||
parameters = data["parameter_defaults"]
|
||||
|
||||
passwords = {}
|
||||
|
||||
# For each password, check if it's excluded, then check if there's a user
|
||||
# defined value from parameter_defaults, and if not use the value from the
|
||||
# generated passwords.
|
||||
def exclude_password(password):
|
||||
for pattern in constants.EXPORT_PASSWORD_EXCLUDE_PATTERNS:
|
||||
return re.match(pattern, password, re.I)
|
||||
|
||||
for password in tripleo_common_constants.PASSWORD_PARAMETER_NAMES:
|
||||
if exclude_password(password):
|
||||
continue
|
||||
if password in parameters:
|
||||
passwords[password] = parameters[password]
|
||||
elif password in generated_passwords:
|
||||
passwords[password] = generated_passwords[password]
|
||||
else:
|
||||
LOG.warning("No password value found for %s", password)
|
||||
|
||||
return passwords
|
||||
|
||||
|
||||
def export_stack(heat, stack, should_filter=False,
|
||||
|
|
|
@ -105,9 +105,12 @@ class TestExport(TestCase):
|
|||
def test_export_passwords(self):
|
||||
swift = mock.Mock()
|
||||
mock_passwords = {
|
||||
'parameter_defaults': {
|
||||
'AdminPassword': 'a_user'
|
||||
},
|
||||
'passwords': {
|
||||
'a': 'A',
|
||||
'b': 'B'
|
||||
'AdminPassword': 'A',
|
||||
'RpcPassword': 'B'
|
||||
}
|
||||
}
|
||||
sio = StringIO()
|
||||
|
@ -119,17 +122,22 @@ class TestExport(TestCase):
|
|||
swift.get_object.assert_called_once_with(
|
||||
'overcloud', 'plan-environment.yaml')
|
||||
|
||||
self.assertEqual(mock_passwords['passwords'], data)
|
||||
self.assertEqual(dict(AdminPassword='a_user',
|
||||
RpcPassword='B'),
|
||||
data)
|
||||
|
||||
def test_export_passwords_excludes(self):
|
||||
swift = mock.Mock()
|
||||
mock_passwords = {
|
||||
'parameter_defaults': {
|
||||
'CephClientKey': 'cephkey'
|
||||
},
|
||||
'passwords': {
|
||||
'a': 'A',
|
||||
'b': 'B',
|
||||
'Cephkey': 'cephkey',
|
||||
'cephkey': 'cephkey',
|
||||
'CEPH': 'cephkey'
|
||||
'AdminPassword': 'A',
|
||||
'RpcPassword': 'B',
|
||||
'CephClientKey': 'cephkey',
|
||||
'CephClusterFSID': 'cephkey',
|
||||
'CephRgwKey': 'cephkey'
|
||||
}
|
||||
}
|
||||
sio = StringIO()
|
||||
|
@ -138,8 +146,8 @@ class TestExport(TestCase):
|
|||
swift.get_object.return_value = ("", sio)
|
||||
data = export.export_passwords(swift, 'overcloud')
|
||||
|
||||
mock_passwords['passwords'].pop('Cephkey')
|
||||
mock_passwords['passwords'].pop('cephkey')
|
||||
mock_passwords['passwords'].pop('CEPH')
|
||||
mock_passwords['passwords'].pop('CephClientKey')
|
||||
mock_passwords['passwords'].pop('CephClusterFSID')
|
||||
mock_passwords['passwords'].pop('CephRgwKey')
|
||||
|
||||
self.assertEqual(mock_passwords['passwords'], data)
|
||||
|
|
Loading…
Reference in New Issue