Validate keystone passwords if keystonepasswordregex is present
Validate keystone passwords if keystonepasswordregex is present as many operator specify a password regex that doesn't match default password generation and deployment breaks later on. Change-Id: I956bbdf9296d324b36737aab1c8b055311e1f928
This commit is contained in:
parent
75c5f4057e
commit
430945c77a
|
@ -1126,6 +1126,24 @@ def check_ceph_fsid_matches_env_files(old_env, environment):
|
|||
stack_ceph_fsid))
|
||||
|
||||
|
||||
def validate_passwords(environment):
|
||||
keystoneregex = environment.get('parameter_defaults',
|
||||
{}).get('KeystonePasswordRegex', False)
|
||||
param_defaults = environment.get('parameter_defaults', {})
|
||||
|
||||
if keystoneregex and keystoneregex != '':
|
||||
for key in param_defaults:
|
||||
if 'Password' in key and key not in ('PcsdPassword',
|
||||
'SnmpdReadonlyUserPassword',
|
||||
'MysqlRootPassword',
|
||||
'MysqlClustercheckPassword',
|
||||
'MysqlRootPassword'):
|
||||
m = re.search(keystoneregex, param_defaults[key]
|
||||
if not m:
|
||||
raise exceptions.InvalidConfiguration('Password does not '
|
||||
'match regex')
|
||||
|
||||
|
||||
def check_swift_and_rgw(old_env, env, stage):
|
||||
"""Check that Swift and RGW aren't both enabled in the overcloud
|
||||
|
||||
|
|
|
@ -339,6 +339,7 @@ class DeployOvercloud(command.Command):
|
|||
'OS::TripleO::Services::CephMon', 'OS::Heat::None')
|
||||
ceph_external = env.get('resource_registry', {}).get(
|
||||
'OS::TripleO::Services::CephExternal', 'OS::Heat::None')
|
||||
utils.validate_password(env)
|
||||
# note (fpantano) if ceph is not TripleO deployed and no
|
||||
# external ceph cluster are present, there's no reason to
|
||||
# make this check and we can simply ignore it
|
||||
|
|
Loading…
Reference in New Issue