From ced221406b70c348453c82247c9274fb11c77dd3 Mon Sep 17 00:00:00 2001
From: James Slagle <jslagle@redhat.com>
Date: Wed, 12 Aug 2020 16:07:03 -0400
Subject: [PATCH] Use user set password values in overcloud export

The overcloud export command needs to look at both the
parameter_defaults and passwords keys from plan-environment.yaml.
passwords contains only the generated password values, while
parameter_defaults contains any user set values. If a value is not set
in parameter_defaults, then passwords can be used.

Change-Id: I6b1b8bd1e7800720f6bbbe418c1f83b2f710fb48
Closes-Bug: #1891388
Signed-off-by: James Slagle <jslagle@redhat.com>
---
 ...oud-export-passwords-bfa698491601a734.yaml |  4 ++
 tripleoclient/export.py                       | 38 ++++++++++++++-----
 tripleoclient/tests/test_export.py            | 30 +++++++++------
 3 files changed, 52 insertions(+), 20 deletions(-)
 create mode 100644 releasenotes/notes/overcloud-export-passwords-bfa698491601a734.yaml

diff --git a/releasenotes/notes/overcloud-export-passwords-bfa698491601a734.yaml b/releasenotes/notes/overcloud-export-passwords-bfa698491601a734.yaml
new file mode 100644
index 000000000..94542f473
--- /dev/null
+++ b/releasenotes/notes/overcloud-export-passwords-bfa698491601a734.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - openstack overcloud export now exports user defined password values instead
+    of just always exporting the generated password values.
diff --git a/tripleoclient/export.py b/tripleoclient/export.py
index e32cc353d..ee64561e4 100644
--- a/tripleoclient/export.py
+++ b/tripleoclient/export.py
@@ -23,6 +23,7 @@ import yaml
 
 from osc_lib.i18n import _
 
+from tripleo_common import constants as tripleo_common_constants
 from tripleoclient import constants
 from tripleoclient import utils as oooutils
 
@@ -41,15 +42,34 @@ def export_passwords(swift, stack, excludes=True):
                   "file from swift: %s", str(e))
         sys.exit(1)
 
-    data = yaml.safe_load(content)["passwords"]
-    if excludes:
-        excluded_passwords = []
-        for k in data:
-            for pattern in constants.EXPORT_PASSWORD_EXCLUDE_PATTERNS:
-                if re.match(pattern, k, re.I):
-                    excluded_passwords.append(k)
-        [data.pop(e) for e in excluded_passwords]
-    return data
+    data = yaml.load(content)
+    # The "passwords" key in plan-environment.yaml are generated passwords,
+    # they are not necessarily the actual password values used during the
+    # deployment.
+    generated_passwords = data["passwords"]
+    # parameter_defaults will contain any user defined password values
+    parameters = data["parameter_defaults"]
+
+    passwords = {}
+
+    # For each password, check if it's excluded, then check if there's a user
+    # defined value from parameter_defaults, and if not use the value from the
+    # generated passwords.
+    def exclude_password(password):
+        for pattern in constants.EXPORT_PASSWORD_EXCLUDE_PATTERNS:
+            return re.match(pattern, password, re.I)
+
+    for password in tripleo_common_constants.PASSWORD_PARAMETER_NAMES:
+        if exclude_password(password):
+            continue
+        if password in parameters:
+            passwords[password] = parameters[password]
+        elif password in generated_passwords:
+            passwords[password] = generated_passwords[password]
+        else:
+            LOG.warning("No password value found for %s", password)
+
+    return passwords
 
 
 def export_stack(heat, stack, should_filter=False,
diff --git a/tripleoclient/tests/test_export.py b/tripleoclient/tests/test_export.py
index 86861e346..b1862f516 100644
--- a/tripleoclient/tests/test_export.py
+++ b/tripleoclient/tests/test_export.py
@@ -105,9 +105,12 @@ class TestExport(TestCase):
     def test_export_passwords(self):
         swift = mock.Mock()
         mock_passwords = {
+            'parameter_defaults': {
+                'AdminPassword': 'a_user'
+            },
             'passwords': {
-                'a': 'A',
-                'b': 'B'
+                'AdminPassword': 'A',
+                'RpcPassword': 'B'
             }
         }
         sio = StringIO()
@@ -119,17 +122,22 @@ class TestExport(TestCase):
         swift.get_object.assert_called_once_with(
             'overcloud', 'plan-environment.yaml')
 
-        self.assertEqual(mock_passwords['passwords'], data)
+        self.assertEqual(dict(AdminPassword='a_user',
+                              RpcPassword='B'),
+                         data)
 
     def test_export_passwords_excludes(self):
         swift = mock.Mock()
         mock_passwords = {
+            'parameter_defaults': {
+                'CephClientKey': 'cephkey'
+            },
             'passwords': {
-                'a': 'A',
-                'b': 'B',
-                'Cephkey': 'cephkey',
-                'cephkey': 'cephkey',
-                'CEPH': 'cephkey'
+                'AdminPassword': 'A',
+                'RpcPassword': 'B',
+                'CephClientKey': 'cephkey',
+                'CephClusterFSID': 'cephkey',
+                'CephRgwKey': 'cephkey'
             }
         }
         sio = StringIO()
@@ -138,8 +146,8 @@ class TestExport(TestCase):
         swift.get_object.return_value = ("", sio)
         data = export.export_passwords(swift, 'overcloud')
 
-        mock_passwords['passwords'].pop('Cephkey')
-        mock_passwords['passwords'].pop('cephkey')
-        mock_passwords['passwords'].pop('CEPH')
+        mock_passwords['passwords'].pop('CephClientKey')
+        mock_passwords['passwords'].pop('CephClusterFSID')
+        mock_passwords['passwords'].pop('CephRgwKey')
 
         self.assertEqual(mock_passwords['passwords'], data)