Merge "Remove migration from undercloud-passwords.conf"

tripleoclient/tests/v1/tripleo/test_tripleo_deploy.py

@@ -227,8 +227,6 @@ class TestDeployUndercloud(TestPluginV1):
     def test_update_passwords_env(self, mock_dump, mock_pw, mock_cc,
                                   mock_exists, mock_chmod, mock_user):
         pw_dict = {"GeneratedPassword": 123, "LegacyPass": "override me"}
-        pw_conf_path = os.path.join(self.temp_homedir,
-                                    'undercloud-passwords.conf')
         t_pw_conf_path = os.path.join(
             self.temp_homedir, 'tripleo-undercloud-passwords.yaml')
 
@@ -246,14 +244,7 @@ class TestDeployUndercloud(TestPluginV1):
                        'LegacyPass: pick-me-legacy-tht, '
                        'RpcPassword: pick-me-rpc}\n')
 
-        with open(pw_conf_path, 'w') as t_pw:
+        self.cmd._update_passwords_env(self.temp_homedir, 'stack',
-            t_pw.write('[auth]\nundercloud_db_password = ignore-me-mysql\n'
-                       'undercloud_rabbit_password = ignore-me-rabbit\n'
-                       'undercloud_rpc_password = ignore-me-rpc\n'
-                       'undercloud_legacy_pass = ignore-me-legacy\n')
-
-        self.cmd._update_passwords_env(self.temp_homedir,
-                                       'stack', upgrade=False,
                                        passwords={'ADefault': 456,
                                                   'ExistingKey':
                                                   'dontupdate'})
@@ -267,61 +258,6 @@ class TestDeployUndercloud(TestPluginV1):
                                           mock.ANY,
                                           default_flow_style=False)
 
-    # TODO(bogdando) drop once we have proper oslo.privsep
-    @mock.patch('getpass.getuser', return_value='stack')
-    @mock.patch('os.chmod')
-    @mock.patch('os.path.exists')
-    # TODO(bogdando) drop once we have proper oslo.privsep
-    @mock.patch('subprocess.check_call', autospec=True)
-    @mock.patch('tripleo_common.utils.passwords.generate_passwords')
-    @mock.patch('yaml.safe_dump')
-    def test_update_passwords_env_upgrade(self, mock_dump, mock_pw, mock_cc,
-                                          mock_exists, mock_chmod, mock_user):
-        pw_dict = {"GeneratedPassword": 123, "LegacyPass": "override me"}
-        pw_conf_path = os.path.join(self.temp_homedir,
-                                    'undercloud-passwords.conf')
-        t_pw_conf_path = os.path.join(
-            self.temp_homedir, 'tripleo-undercloud-passwords.yaml')
-
-        mock_pw.return_value = pw_dict
-
-        old_pw_file = os.path.join(constants.CLOUD_HOME_DIR,
-                                   'tripleo-undercloud-passwords.yaml')
-
-        def mock_file_exists(file_name):
-            return not (file_name.startswith('/etc/keystone') or
-                        file_name == old_pw_file)
-        mock_exists.side_effect = mock_file_exists
-        with open(t_pw_conf_path, 'w') as t_pw:
-            t_pw.write('parameter_defaults: {ExistingKey: xyz, '
-                       'LegacyPass: override-me-legacy, '
-                       'RpcPassword: override-me-rpc}\n')
-
-        with open(pw_conf_path, 'w') as t_pw:
-            t_pw.write('[auth]\nundercloud_db_password = pick-me-mysql\n'
-                       'undercloud_rabbit_password = pick-me-rabbit\n'
-                       'undercloud_rpc_password = pick-me-rpc\n'
-                       'undercloud_legacy_pass = pick-me-legacy-instack\n')
-
-        with mock.patch('tripleoclient.constants.CLOUD_HOME_DIR',
-                        self.temp_homedir):
-            self.cmd._update_passwords_env(self.temp_homedir,
-                                           'stack', upgrade=True,
-                                           passwords={'ADefault': 456,
-                                                      'ExistingKey':
-                                                      'dontupdate'})
-        expected_dict = {
-            'parameter_defaults': {'GeneratedPassword': 123,
-                                   'ExistingKey': 'xyz',
-                                   'MysqlRootPassword': 'pick-me-mysql',
-                                   'RpcPassword': 'pick-me-rpc',
-                                   'RabbitPassword': 'pick-me-rabbit',
-                                   'LegacyPass': 'pick-me-legacy-instack',
-                                   'ADefault': 456}}
-        mock_dump.assert_called_once_with(expected_dict,
-                                          mock.ANY,
-                                          default_flow_style=False)
-
     @mock.patch('tripleoclient.utils.fetch_roles_file',
                 return_value={}, autospec=True)
     @mock.patch('heatclient.common.template_utils.'

tripleoclient/v1/tripleo_deploy.py

@@ -14,7 +14,6 @@
 #
 
 import argparse
-import configparser
 import json
 import logging
 import netaddr
@@ -256,14 +255,12 @@ class Deploy(command.Command):
                            constants.PUPPET_MODULES,
                            constants.PUPPET_BASE)
 
-    def _update_passwords_env(self, output_dir, user, upgrade=None,
+    def _update_passwords_env(self, output_dir, user, passwords=None,
-                              passwords=None, stack_name='undercloud'):
+                              stack_name='undercloud'):
         old_pw_file = os.path.join(constants.CLOUD_HOME_DIR,
                                    'tripleo-' + stack_name + '-passwords.yaml')
         pw_file = os.path.join(output_dir,
                                'tripleo-' + stack_name + '-passwords.yaml')
-        undercloud_pw_file = os.path.join(constants.CLOUD_HOME_DIR,
-                                          stack_name + '-passwords.conf')
 
         # Generated passwords take the lowest precedence, allowing
         # custom overrides
@@ -287,75 +284,6 @@ class Deploy(command.Command):
                     yaml.safe_load(pf.read())['parameter_defaults'])
             self.log.warning("Reading passwords from %s" % pw_file)
 
-        if upgrade:
-            # Getting passwords that were managed by instack-undercloud so
-            # we can upgrade to a containerized undercloud and keep old
-            # passwords.
-            legacy_env = {}
-            if os.path.exists(undercloud_pw_file):
-                config = configparser.ConfigParser()
-                config.read(undercloud_pw_file)
-                for k, v in config.items('auth'):
-                    # Manage exceptions
-                    if k == 'undercloud_db_password':
-                        k = 'MysqlRootPassword'
-                    elif k == 'undercloud_rabbit_username':
-                        k = 'RpcUserName'
-                    elif k == 'undercloud_rabbit_password':
-                        try:
-                            # NOTE(aschultz): Only save rabbit password to rpc
-                            # if it's not already defined for the upgrade case.
-                            # The passwords are usually different so we don't
-                            # want to overwrite it if it already exists because
-                            # we'll end up rewriting the passwords later and
-                            # causing problems.
-                            config.get('auth', 'undercloud_rpc_password')
-                        except configparser.Error:
-                            legacy_env['RpcPassword'] = v
-                        k = 'RabbitPassword'
-                    elif k == 'undercloud_rabbit_cookie':
-                        k = 'RabbitCookie'
-                    elif k == 'undercloud_heat_encryption_key':
-                        k = 'HeatAuthEncryptionKey'
-                    elif k == 'undercloud_libvirt_tls_password':
-                        k = 'LibvirtTLSPassword'
-                    elif k == 'undercloud_ha_proxy_stats_password':
-                        k = 'HAProxyStatsPassword'
-                    else:
-                        k = ''.join(i.capitalize() for i in k.split('_')[1:])
-                    legacy_env[k] = v
-                os.remove(undercloud_pw_file)
-
-            # Get the keystone keys before upgrade
-            keystone_fernet_repo = '/etc/keystone/fernet-keys/'
-            keystone_credential_repo = '/etc/keystone/credential-keys/'
-            self._set_data_rights('/etc/keystone', user=user)
-
-            for key_index in range(0, 2):
-                file_name = keystone_credential_repo + str(key_index)
-                key = 'KeystoneCredential' + str(key_index)
-                if os.path.exists(file_name):
-                    with open(file_name, 'r') as file_content:
-                        content = file_content.read()
-                        legacy_env[key] = content
-
-            fernet_keys = {}
-            file_count = 0
-            if os.path.exists(keystone_fernet_repo):
-                file_count = len(os.listdir(keystone_fernet_repo))
-
-            for key_index in range(0, file_count):
-                file_name = keystone_fernet_repo + str(key_index)
-                if os.path.exists(file_name):
-                    with open(file_name, 'r') as file_content:
-                        content = file_content.read()
-                        fernet_keys[file_name] = {'content': content}
-            if fernet_keys:
-                legacy_env['KeystoneFernetKeys'] = fernet_keys
-
-            # Override with picked legacy instack-undercloud values
-            stack_env['parameter_defaults'].update(legacy_env)
-
         if passwords:
             # These passwords are the DefaultPasswords so we only
             # update if they don't already exist in stack_env
@@ -616,7 +544,6 @@ class Deploy(command.Command):
         pw_file = self._update_passwords_env(
             output_dir=self.output_dir,
             user=parsed_args.deployment_user,
-            upgrade=parsed_args.upgrade,
             stack_name=parsed_args.stack.lower(),
         )
         environments.append(pw_file)