openstack
/
python-tripleoclient
Code Issues Proposed changes

Validate keystone passwords if keystonepasswordregex is present 

Validate keystone passwords if keystonepasswordregex is present as
many operator specify a password regex that doesn't match default
password generation and deployment breaks later on.

Change-Id: I956bbdf9296d324b36737aab1c8b055311e1f928
This commit is contained in:
David Hill 2023-05-30 14:25:33 -04:00
parent 75c5f4057e
commit 430945c77a
2 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
tripleoclient/utils.py
View File

@ -1126,6 +1126,24 @@ def check_ceph_fsid_matches_env_files(old_env, environment):
stack_ceph_fsid))
def validate_passwords(environment):
keystoneregex = environment.get('parameter_defaults',
{}).get('KeystonePasswordRegex', False)
param_defaults = environment.get('parameter_defaults', {})
if keystoneregex and keystoneregex != '':
for key in param_defaults:
if 'Password' in key and key not in ('PcsdPassword',
'SnmpdReadonlyUserPassword',
'MysqlRootPassword',
'MysqlClustercheckPassword',
'MysqlRootPassword'):
m = re.search(keystoneregex, param_defaults[key]
if not m:
raise exceptions.InvalidConfiguration('Password does not '
'match regex')
def check_swift_and_rgw(old_env, env, stage):
"""Check that Swift and RGW aren't both enabled in the overcloud

1
tripleoclient/v1/overcloud_deploy.py
View File

@ -339,6 +339,7 @@ class DeployOvercloud(command.Command):
'OS::TripleO::Services::CephMon', 'OS::Heat::None')
ceph_external = env.get('resource_registry', {}).get(
'OS::TripleO::Services::CephExternal', 'OS::Heat::None')
utils.validate_password(env)
# note (fpantano) if ceph is not TripleO deployed and no
# external ceph cluster are present, there's no reason to
# make this check and we can simply ignore it