Don't use swift plan when exporting passwords

This changes to use the stack environment instead for
passwords when using ``overcloud export`` or
``overcloud cell export``.

Change-Id: Iae58a6415cc12e2035e0d3b62327e59e038d1b2c
This commit is contained in:
ramishra 2021-02-01 10:05:18 +05:30
parent 1603ed45db
commit d2b8115266
5 changed files with 37 additions and 79 deletions

View File

@ -23,7 +23,7 @@ import yaml
from osc_lib.i18n import _ from osc_lib.i18n import _
from tripleo_common import constants as tripleo_common_constants from tripleo_common import constants as tripleo_common_constants
from tripleo_common.utils import swift as swiftutils from tripleo_common.utils import plan as plan_utils
from tripleoclient import constants from tripleoclient import constants
from tripleoclient import utils as oooutils from tripleoclient import utils as oooutils
@ -31,24 +31,7 @@ from tripleoclient import utils as oooutils
LOG = logging.getLogger(__name__ + ".utils") LOG = logging.getLogger(__name__ + ".utils")
def export_passwords(swift, stack, excludes=True): def export_passwords(heat, stack, excludes=True):
# Export the passwords from swift
obj = 'plan-environment.yaml'
container = stack
content = swiftutils.get_object_string(
swift,
container=container,
object_name=obj
)
data = yaml.safe_load(content)
# The "passwords" key in plan-environment.yaml are generated passwords,
# they are not necessarily the actual password values used during the
# deployment.
generated_passwords = data["passwords"]
# parameter_defaults will contain any user defined password values
parameters = data["parameter_defaults"]
passwords = {}
# For each password, check if it's excluded, then check if there's a user # For each password, check if it's excluded, then check if there's a user
# defined value from parameter_defaults, and if not use the value from the # defined value from parameter_defaults, and if not use the value from the
@ -57,17 +40,15 @@ def export_passwords(swift, stack, excludes=True):
for pattern in constants.EXPORT_PASSWORD_EXCLUDE_PATTERNS: for pattern in constants.EXPORT_PASSWORD_EXCLUDE_PATTERNS:
return re.match(pattern, password, re.I) return re.match(pattern, password, re.I)
generated_passwords = plan_utils.generate_passwords(
heat=heat, container=stack)
for password in tripleo_common_constants.PASSWORD_PARAMETER_NAMES: for password in tripleo_common_constants.PASSWORD_PARAMETER_NAMES:
if exclude_password(password): if exclude_password(password):
continue continue
if password in parameters: if password not in generated_passwords:
passwords[password] = parameters[password]
elif password in generated_passwords:
passwords[password] = generated_passwords[password]
else:
LOG.warning("No password value found for %s", password) LOG.warning("No password value found for %s", password)
return passwords return generated_passwords
def export_stack(heat, stack, should_filter=False, def export_stack(heat, stack, should_filter=False,

View File

@ -14,11 +14,8 @@
# #
import os import os
from io import StringIO
import mock import mock
import six
from unittest import TestCase from unittest import TestCase
import yaml
from tripleoclient import export from tripleoclient import export
@ -127,55 +124,36 @@ class TestExport(TestCase):
export.export_stack(heat, "control") export.export_stack(heat, "control")
mock_get_stack.assert_called_once_with(heat, 'control') mock_get_stack.assert_called_once_with(heat, 'control')
def test_export_passwords(self): @mock.patch('tripleo_common.utils.plan.generate_passwords')
swift = mock.Mock() def test_export_passwords(self, mock_gen_pass):
heat = mock.Mock()
mock_passwords = { mock_passwords = {
'parameter_defaults': { 'AdminPassword': 'a_user',
'AdminPassword': 'a_user' 'RpcPassword': 'B'}
}, mock_gen_pass.return_value = mock_passwords
'passwords': { data = export.export_passwords(heat, 'overcloud')
'AdminPassword': 'A',
'RpcPassword': 'B'
}
}
sio = StringIO()
sio.write(six.text_type(yaml.dump(mock_passwords)))
sio.seek(0)
swift.get_object.return_value = ("", sio)
data = export.export_passwords(swift, 'overcloud')
swift.get_object.assert_called_once_with(
'overcloud', 'plan-environment.yaml')
self.assertEqual(dict(AdminPassword='a_user', self.assertEqual(dict(AdminPassword='a_user',
RpcPassword='B'), RpcPassword='B'),
data) data)
def test_export_passwords_excludes(self): @mock.patch('tripleo_common.utils.plan.generate_passwords')
swift = mock.Mock() def test_export_passwords_excludes(self, mock_gen_pass):
heat = mock.Mock()
mock_passwords = { mock_passwords = {
'parameter_defaults': { 'AdminPassword': 'A',
'CephClientKey': 'cephkey' 'RpcPassword': 'B',
}, 'CephClientKey': 'cephkey',
'passwords': { 'CephClusterFSID': 'cephkey',
'AdminPassword': 'A', 'CephRgwKey': 'cephkey'}
'RpcPassword': 'B', mock_gen_pass.return_value = mock_passwords
'CephClientKey': 'cephkey', data = export.export_passwords(heat, 'overcloud')
'CephClusterFSID': 'cephkey',
'CephRgwKey': 'cephkey'
}
}
sio = StringIO()
sio.write(six.text_type(yaml.dump(mock_passwords)))
sio.seek(0)
swift.get_object.return_value = ("", sio)
data = export.export_passwords(swift, 'overcloud')
mock_passwords['passwords'].pop('CephClientKey') mock_passwords.pop('CephClientKey')
mock_passwords['passwords'].pop('CephClusterFSID') mock_passwords.pop('CephClusterFSID')
mock_passwords['passwords'].pop('CephRgwKey') mock_passwords.pop('CephRgwKey')
self.assertEqual(mock_passwords['passwords'], data) self.assertEqual(mock_passwords, data)
def test_export_storage_ips(self): def test_export_storage_ips(self):
with mock.patch('six.moves.builtins.open', self.mock_open_ceph_inv): with mock.patch('six.moves.builtins.open', self.mock_open_ceph_inv):

View File

@ -49,7 +49,7 @@ class TestOvercloudExport(utils.TestCommand):
with mock.patch('six.moves.builtins.open', self.mock_open): with mock.patch('six.moves.builtins.open', self.mock_open):
self.cmd.take_action(parsed_args) self.cmd.take_action(parsed_args)
mock_export_passwords.assert_called_once_with( mock_export_passwords.assert_called_once_with(
self.app.client_manager.tripleoclient.object_store, self.app.client_manager.orchestration,
'overcloud', True) 'overcloud', True)
path = os.path.join(os.environ.get('HOME'), path = os.path.join(os.environ.get('HOME'),
'config-download') 'config-download')
@ -79,7 +79,7 @@ class TestOvercloudExport(utils.TestCommand):
with mock.patch('six.moves.builtins.open', self.mock_open): with mock.patch('six.moves.builtins.open', self.mock_open):
self.cmd.take_action(parsed_args) self.cmd.take_action(parsed_args)
mock_export_passwords.assert_called_once_with( mock_export_passwords.assert_called_once_with(
self.app.client_manager.tripleoclient.object_store, self.app.client_manager.orchestration,
'foo', True) 'foo', True)
path = os.path.join(os.environ.get('HOME'), path = os.path.join(os.environ.get('HOME'),
'config-download') 'config-download')
@ -105,7 +105,7 @@ class TestOvercloudExport(utils.TestCommand):
with mock.patch('six.moves.builtins.open', self.mock_open): with mock.patch('six.moves.builtins.open', self.mock_open):
self.cmd.take_action(parsed_args) self.cmd.take_action(parsed_args)
mock_export_passwords.assert_called_once_with( mock_export_passwords.assert_called_once_with(
self.app.client_manager.tripleoclient.object_store, self.app.client_manager.orchestration,
'foo', True) 'foo', True)
mock_export_stack.assert_called_once_with( mock_export_stack.assert_called_once_with(
self.app.client_manager.orchestration, self.app.client_manager.orchestration,
@ -131,7 +131,7 @@ class TestOvercloudExport(utils.TestCommand):
with mock.patch('six.moves.builtins.open', self.mock_open): with mock.patch('six.moves.builtins.open', self.mock_open):
self.cmd.take_action(parsed_args) self.cmd.take_action(parsed_args)
mock_export_passwords.assert_called_once_with( mock_export_passwords.assert_called_once_with(
self.app.client_manager.tripleoclient.object_store, self.app.client_manager.orchestration,
'foo', False) 'foo', False)
mock_export_stack.assert_called_once_with( mock_export_stack.assert_called_once_with(
self.app.client_manager.orchestration, self.app.client_manager.orchestration,

View File

@ -80,9 +80,9 @@ class ExportCell(command.Command):
# prepare clients to access the environment # prepare clients to access the environment
clients = self.app.client_manager clients = self.app.client_manager
swift_client = clients.tripleoclient.object_store heat = clients.tripleoclient.orchestration
data = export.export_passwords(swift_client, control_plane_stack) data = export.export_passwords(heat, control_plane_stack)
stack_to_export = control_plane_stack stack_to_export = control_plane_stack
should_filter = True should_filter = True
@ -98,7 +98,7 @@ class ExportCell(command.Command):
config_download_dir = os.path.join(download_dir, stack_to_export) config_download_dir = os.path.join(download_dir, stack_to_export)
data.update(export.export_stack( data.update(export.export_stack(
clients.orchestration, stack_to_export, should_filter, heat, stack_to_export, should_filter,
config_download_dir)) config_download_dir))
data = dict(parameter_defaults=data) data = dict(parameter_defaults=data)

View File

@ -83,12 +83,11 @@ class ExportOvercloud(command.Command):
# prepare clients to access the environment # prepare clients to access the environment
clients = self.app.client_manager clients = self.app.client_manager
swift_client = clients.tripleoclient.object_store heat = clients.orchestration
data = export.export_passwords(heat, stack,
data = export.export_passwords(swift_client, stack,
not parsed_args.no_password_excludes) not parsed_args.no_password_excludes)
data.update(export.export_stack( data.update(export.export_stack(
clients.orchestration, stack, False, config_download_dir)) heat, stack, False, config_download_dir))
# do not add extra host entries for VIPs for stacks deployed off that # do not add extra host entries for VIPs for stacks deployed off that
# exported data, since it already contains those entries # exported data, since it already contains those entries
data.update({'AddVipsToEtcHosts': False}) data.update({'AddVipsToEtcHosts': False})