Pass RabbitMQ's password from the client

In the tripleo templates the RabbitMQ password is set as the default but can be overriden. It's not a good security pratice to use that default so this change enables the autogeneration of that parameter. Conflicts: tripleoclient/tests/test_utils.py tripleoclient/tests/v1/utils.py Bug: #1557688 Change-Id: I9c2f2b82ab2780ff325f90f5e038f3b7f3b5cf61 (cherry picked from commit 309eef1005)
2016-03-16 11:05:17 +02:00 · 2016-03-16 11:05:17 +02:00 · 7a2c7e7b04
parent 90b9be39f4
commit 7a2c7e7b04
5 changed files with 15 additions and 23 deletions
--- a/tripleoclient/tests/test_utils.py
+++ b/tripleoclient/tests/test_utils.py
@ -36,7 +36,7 @@ class TestPasswordsUtil(TestCase):
        with mock.patch('six.moves.builtins.open', mock_open):
            passwords = utils.generate_overcloud_passwords()

-        self.assertEqual(sorted(mock_open().write.mock_calls), [
+        mock_calls = [
            mock.call('NEUTRON_METADATA_PROXY_SHARED_SECRET=PASSWORD\n'),
            mock.call('OVERCLOUD_ADMIN_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_ADMIN_TOKEN=PASSWORD\n'),
@ -49,13 +49,14 @@ class TestPasswordsUtil(TestCase):
            mock.call('OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_NEUTRON_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_NOVA_PASSWORD=PASSWORD\n'),
+            mock.call('OVERCLOUD_RABBITMQ_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_REDIS_PASSWORD=PASSWORD\n'),
            mock.call('OVERCLOUD_SWIFT_HASH=PASSWORD\n'),
            mock.call('OVERCLOUD_SWIFT_PASSWORD=PASSWORD\n'),
-        ])
-        self.assertEqual(generate_password_mock.call_count, 15)
-
-        self.assertEqual(len(passwords), 15)
+        ]
+        self.assertEqual(sorted(mock_open().write.mock_calls), mock_calls)
+        self.assertEqual(generate_password_mock.call_count, len(mock_calls))
+        self.assertEqual(len(passwords), len(mock_calls))

    @mock.patch("os.path.isfile", return_value=True)
    @mock.patch("passlib.utils.generate_password",
@ -74,6 +75,7 @@ class TestPasswordsUtil(TestCase):
            'OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD=PASSWORD\n',
            'OVERCLOUD_NEUTRON_PASSWORD=PASSWORD\n',
            'OVERCLOUD_NOVA_PASSWORD=PASSWORD\n',
+            'OVERCLOUD_RABBITMQ_PASSWORD=PASSWORD\n',
            'OVERCLOUD_REDIS_PASSWORD=PASSWORD\n',
            'OVERCLOUD_SWIFT_HASH=PASSWORD\n',
            'OVERCLOUD_SWIFT_PASSWORD=PASSWORD\n',
@ -87,7 +89,7 @@ class TestPasswordsUtil(TestCase):
            passwords = utils.generate_overcloud_passwords()

        generate_password_mock.assert_not_called()
-        self.assertEqual(len(passwords), 15)
+        self.assertEqual(len(passwords), len(PASSWORDS))
        for name in utils._PASSWORD_NAMES:
            self.assertEqual('PASSWORD', passwords[name])

--- a/tripleoclient/tests/v1/overcloud_deploy/test_overcloud_deploy.py
+++ b/tripleoclient/tests/v1/overcloud_deploy/test_overcloud_deploy.py
@ -161,6 +161,7 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
            'NeutronPublicInterface': 'nic1',
            'NovaPassword': 'password',
            'NtpServer': '',
+            'RabbitPassword': 'password',
            'RedisPassword': 'password',
            'SnmpdReadonlyUserPassword': 'PASSWORD',
            'SwiftHashSuffix': 'password',
@ -315,6 +316,7 @@ class TestDeployOvercloud(fakes.TestDeployOvercloud):
            'NeutronTunnelTypes': 'gre',
            'NovaPassword': 'password',
            'NtpServer': '',
+            'RabbitPassword': 'password',
            'RedisPassword': 'password',
            'SnmpdReadonlyUserPassword': 'PASSWORD',
            'SwiftHashSuffix': 'password',
--- a/tripleoclient/tests/v1/utils.py
+++ b/tripleoclient/tests/v1/utils.py
@ -13,24 +13,10 @@
 #   under the License.
 #

+from tripleoclient import utils
+

 def generate_overcloud_passwords_mock():
-    passwords = (
-        "OVERCLOUD_ADMIN_PASSWORD",
-        "OVERCLOUD_ADMIN_TOKEN",
-        "OVERCLOUD_CEILOMETER_PASSWORD",
-        "OVERCLOUD_CEILOMETER_SECRET",
-        "OVERCLOUD_CINDER_PASSWORD",
-        "OVERCLOUD_DEMO_PASSWORD",
-        "OVERCLOUD_GLANCE_PASSWORD",
-        "OVERCLOUD_HEAT_PASSWORD",
-        "OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD",
-        "OVERCLOUD_NEUTRON_PASSWORD",
-        "OVERCLOUD_NOVA_PASSWORD",
-        "OVERCLOUD_REDIS_PASSWORD",
-        "OVERCLOUD_SWIFT_HASH",
-        "OVERCLOUD_SWIFT_PASSWORD",
-        "NEUTRON_METADATA_PROXY_SHARED_SECRET"
-    )
+    passwords = utils._PASSWORD_NAMES

    return dict((password, 'password') for password in passwords)
--- a/tripleoclient/utils.py
+++ b/tripleoclient/utils.py
@ -45,6 +45,7 @@ _PASSWORD_NAMES = (
    "OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD",
    "OVERCLOUD_NEUTRON_PASSWORD",
    "OVERCLOUD_NOVA_PASSWORD",
+    "OVERCLOUD_RABBITMQ_PASSWORD",
    "OVERCLOUD_REDIS_PASSWORD",
    "OVERCLOUD_SWIFT_HASH",
    "OVERCLOUD_SWIFT_PASSWORD",
--- a/tripleoclient/v1/overcloud_deploy.py
+++ b/tripleoclient/v1/overcloud_deploy.py
@ -76,6 +76,7 @@ class DeployOvercloud(command.Command):
        parameters['NeutronPassword'] = passwords[
            'OVERCLOUD_NEUTRON_PASSWORD']
        parameters['NovaPassword'] = passwords['OVERCLOUD_NOVA_PASSWORD']
+        parameters['RabbitPassword'] = passwords['OVERCLOUD_RABBITMQ_PASSWORD']
        parameters['RedisPassword'] = passwords['OVERCLOUD_REDIS_PASSWORD']
        parameters['SwiftHashSuffix'] = passwords['OVERCLOUD_SWIFT_HASH']
        parameters['SwiftPassword'] = passwords['OVERCLOUD_SWIFT_PASSWORD']