Use user set password values in overcloud export

The overcloud export command needs to look at both the
parameter_defaults and passwords keys from plan-environment.yaml.
passwords contains only the generated password values, while
parameter_defaults contains any user set values. If a value is not set
in parameter_defaults, then passwords can be used.

Change-Id: I6b1b8bd1e7800720f6bbbe418c1f83b2f710fb48
Closes-Bug: #1891388
Signed-off-by: James Slagle <jslagle@redhat.com>
This commit is contained in:
James Slagle 2020-08-12 16:07:03 -04:00
parent 1761eba808
commit ced221406b
3 changed files with 52 additions and 20 deletions

View File

@ -0,0 +1,4 @@
---
fixes:
- openstack overcloud export now exports user defined password values instead
of just always exporting the generated password values.

View File

@ -23,6 +23,7 @@ import yaml
from osc_lib.i18n import _
from tripleo_common import constants as tripleo_common_constants
from tripleoclient import constants
from tripleoclient import utils as oooutils
@ -41,15 +42,34 @@ def export_passwords(swift, stack, excludes=True):
"file from swift: %s", str(e))
sys.exit(1)
data = yaml.safe_load(content)["passwords"]
if excludes:
excluded_passwords = []
for k in data:
data = yaml.load(content)
# The "passwords" key in plan-environment.yaml are generated passwords,
# they are not necessarily the actual password values used during the
# deployment.
generated_passwords = data["passwords"]
# parameter_defaults will contain any user defined password values
parameters = data["parameter_defaults"]
passwords = {}
# For each password, check if it's excluded, then check if there's a user
# defined value from parameter_defaults, and if not use the value from the
# generated passwords.
def exclude_password(password):
for pattern in constants.EXPORT_PASSWORD_EXCLUDE_PATTERNS:
if re.match(pattern, k, re.I):
excluded_passwords.append(k)
[data.pop(e) for e in excluded_passwords]
return data
return re.match(pattern, password, re.I)
for password in tripleo_common_constants.PASSWORD_PARAMETER_NAMES:
if exclude_password(password):
continue
if password in parameters:
passwords[password] = parameters[password]
elif password in generated_passwords:
passwords[password] = generated_passwords[password]
else:
LOG.warning("No password value found for %s", password)
return passwords
def export_stack(heat, stack, should_filter=False,

View File

@ -105,9 +105,12 @@ class TestExport(TestCase):
def test_export_passwords(self):
swift = mock.Mock()
mock_passwords = {
'parameter_defaults': {
'AdminPassword': 'a_user'
},
'passwords': {
'a': 'A',
'b': 'B'
'AdminPassword': 'A',
'RpcPassword': 'B'
}
}
sio = StringIO()
@ -119,17 +122,22 @@ class TestExport(TestCase):
swift.get_object.assert_called_once_with(
'overcloud', 'plan-environment.yaml')
self.assertEqual(mock_passwords['passwords'], data)
self.assertEqual(dict(AdminPassword='a_user',
RpcPassword='B'),
data)
def test_export_passwords_excludes(self):
swift = mock.Mock()
mock_passwords = {
'parameter_defaults': {
'CephClientKey': 'cephkey'
},
'passwords': {
'a': 'A',
'b': 'B',
'Cephkey': 'cephkey',
'cephkey': 'cephkey',
'CEPH': 'cephkey'
'AdminPassword': 'A',
'RpcPassword': 'B',
'CephClientKey': 'cephkey',
'CephClusterFSID': 'cephkey',
'CephRgwKey': 'cephkey'
}
}
sio = StringIO()
@ -138,8 +146,8 @@ class TestExport(TestCase):
swift.get_object.return_value = ("", sio)
data = export.export_passwords(swift, 'overcloud')
mock_passwords['passwords'].pop('Cephkey')
mock_passwords['passwords'].pop('cephkey')
mock_passwords['passwords'].pop('CEPH')
mock_passwords['passwords'].pop('CephClientKey')
mock_passwords['passwords'].pop('CephClusterFSID')
mock_passwords['passwords'].pop('CephRgwKey')
self.assertEqual(mock_passwords['passwords'], data)