Use user set password values in overcloud export
The overcloud export command needs to look at both the
parameter_defaults and passwords keys from plan-environment.yaml.
passwords contains only the generated password values, while
parameter_defaults contains any user set values. If a value is not set
in parameter_defaults, then passwords can be used.
Change-Id: I6b1b8bd1e7800720f6bbbe418c1f83b2f710fb48
Closes-Bug: #1891388
Signed-off-by: James Slagle <jslagle@redhat.com>
(cherry picked from commit ced221406b
)
This commit is contained in:
parent
f183060b2e
commit
31aeb48e70
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- openstack overcloud export now exports user defined password values instead
|
||||||
|
of just always exporting the generated password values.
|
@ -23,6 +23,7 @@ import yaml
|
|||||||
|
|
||||||
from osc_lib.i18n import _
|
from osc_lib.i18n import _
|
||||||
|
|
||||||
|
from tripleo_common import constants as tripleo_common_constants
|
||||||
from tripleoclient import constants
|
from tripleoclient import constants
|
||||||
from tripleoclient import utils as oooutils
|
from tripleoclient import utils as oooutils
|
||||||
|
|
||||||
@ -41,15 +42,34 @@ def export_passwords(swift, stack, excludes=True):
|
|||||||
"file from swift: %s", str(e))
|
"file from swift: %s", str(e))
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
data = yaml.safe_load(content)["passwords"]
|
data = yaml.load(content)
|
||||||
if excludes:
|
# The "passwords" key in plan-environment.yaml are generated passwords,
|
||||||
excluded_passwords = []
|
# they are not necessarily the actual password values used during the
|
||||||
for k in data:
|
# deployment.
|
||||||
for pattern in constants.EXPORT_PASSWORD_EXCLUDE_PATTERNS:
|
generated_passwords = data["passwords"]
|
||||||
if re.match(pattern, k, re.I):
|
# parameter_defaults will contain any user defined password values
|
||||||
excluded_passwords.append(k)
|
parameters = data["parameter_defaults"]
|
||||||
[data.pop(e) for e in excluded_passwords]
|
|
||||||
return data
|
passwords = {}
|
||||||
|
|
||||||
|
# For each password, check if it's excluded, then check if there's a user
|
||||||
|
# defined value from parameter_defaults, and if not use the value from the
|
||||||
|
# generated passwords.
|
||||||
|
def exclude_password(password):
|
||||||
|
for pattern in constants.EXPORT_PASSWORD_EXCLUDE_PATTERNS:
|
||||||
|
return re.match(pattern, password, re.I)
|
||||||
|
|
||||||
|
for password in tripleo_common_constants.PASSWORD_PARAMETER_NAMES:
|
||||||
|
if exclude_password(password):
|
||||||
|
continue
|
||||||
|
if password in parameters:
|
||||||
|
passwords[password] = parameters[password]
|
||||||
|
elif password in generated_passwords:
|
||||||
|
passwords[password] = generated_passwords[password]
|
||||||
|
else:
|
||||||
|
LOG.warning("No password value found for %s", password)
|
||||||
|
|
||||||
|
return passwords
|
||||||
|
|
||||||
|
|
||||||
def export_stack(heat, stack, should_filter=False,
|
def export_stack(heat, stack, should_filter=False,
|
||||||
|
@ -105,9 +105,12 @@ class TestExport(TestCase):
|
|||||||
def test_export_passwords(self):
|
def test_export_passwords(self):
|
||||||
swift = mock.Mock()
|
swift = mock.Mock()
|
||||||
mock_passwords = {
|
mock_passwords = {
|
||||||
|
'parameter_defaults': {
|
||||||
|
'AdminPassword': 'a_user'
|
||||||
|
},
|
||||||
'passwords': {
|
'passwords': {
|
||||||
'a': 'A',
|
'AdminPassword': 'A',
|
||||||
'b': 'B'
|
'RpcPassword': 'B'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
sio = StringIO()
|
sio = StringIO()
|
||||||
@ -119,17 +122,22 @@ class TestExport(TestCase):
|
|||||||
swift.get_object.assert_called_once_with(
|
swift.get_object.assert_called_once_with(
|
||||||
'overcloud', 'plan-environment.yaml')
|
'overcloud', 'plan-environment.yaml')
|
||||||
|
|
||||||
self.assertEqual(mock_passwords['passwords'], data)
|
self.assertEqual(dict(AdminPassword='a_user',
|
||||||
|
RpcPassword='B'),
|
||||||
|
data)
|
||||||
|
|
||||||
def test_export_passwords_excludes(self):
|
def test_export_passwords_excludes(self):
|
||||||
swift = mock.Mock()
|
swift = mock.Mock()
|
||||||
mock_passwords = {
|
mock_passwords = {
|
||||||
|
'parameter_defaults': {
|
||||||
|
'CephClientKey': 'cephkey'
|
||||||
|
},
|
||||||
'passwords': {
|
'passwords': {
|
||||||
'a': 'A',
|
'AdminPassword': 'A',
|
||||||
'b': 'B',
|
'RpcPassword': 'B',
|
||||||
'Cephkey': 'cephkey',
|
'CephClientKey': 'cephkey',
|
||||||
'cephkey': 'cephkey',
|
'CephClusterFSID': 'cephkey',
|
||||||
'CEPH': 'cephkey'
|
'CephRgwKey': 'cephkey'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
sio = StringIO()
|
sio = StringIO()
|
||||||
@ -138,8 +146,8 @@ class TestExport(TestCase):
|
|||||||
swift.get_object.return_value = ("", sio)
|
swift.get_object.return_value = ("", sio)
|
||||||
data = export.export_passwords(swift, 'overcloud')
|
data = export.export_passwords(swift, 'overcloud')
|
||||||
|
|
||||||
mock_passwords['passwords'].pop('Cephkey')
|
mock_passwords['passwords'].pop('CephClientKey')
|
||||||
mock_passwords['passwords'].pop('cephkey')
|
mock_passwords['passwords'].pop('CephClusterFSID')
|
||||||
mock_passwords['passwords'].pop('CEPH')
|
mock_passwords['passwords'].pop('CephRgwKey')
|
||||||
|
|
||||||
self.assertEqual(mock_passwords['passwords'], data)
|
self.assertEqual(mock_passwords['passwords'], data)
|
||||||
|
Loading…
Reference in New Issue
Block a user