From bef8cfa55c73f87a37fa23abfdf4ee65b0188a32 Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Sat, 3 Mar 2018 21:39:01 +0000
Subject: [PATCH] uc/deploy: try to keep passwords from
 undercloud-passwords.conf

When upgrading a non-containerized undercloud to a containerized
undercloud, we would like to keep the same passwords that were used
before so our operators don't have to deal with new passwords and the
upgrade is more transparent.

This patch is doing the following:

If undercloud-passwords.conf exists, undercloud-deploy will generate
Heat parameters based on the existing passwords and override what was
generated by the password workflow run by tripleo-common.

Closes-Bug: #1753063
Change-Id: Ib2d944c6ac7433461575ca6e9578e39404258b7b
Co-Authored-By: Thomas Herve <therve@redhat.com>
---
 .../v1/undercloud/test_undercloud_deploy.py   | 17 +++++++-------
 tripleoclient/v1/undercloud_deploy.py         | 23 +++++++++++++++++++
 2 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/tripleoclient/tests/v1/undercloud/test_undercloud_deploy.py b/tripleoclient/tests/v1/undercloud/test_undercloud_deploy.py
index fd623f95c..136a042a7 100644
--- a/tripleoclient/tests/v1/undercloud/test_undercloud_deploy.py
+++ b/tripleoclient/tests/v1/undercloud/test_undercloud_deploy.py
@@ -57,7 +57,6 @@ class TestUndercloudDeploy(TestPluginV1):
         with mock.patch('six.moves.builtins.open', mock_open_context):
             self.cmd._update_passwords_env(self.temp_homedir)
 
-        mock_open_context.assert_called_with(pw_conf_path, 'w')
         mock_open_handle = mock_open_context()
         mock_dump.assert_called_once_with({'parameter_defaults': pw_dict},
                                           mock_open_handle,
@@ -83,16 +82,16 @@ class TestUndercloudDeploy(TestPluginV1):
         with open(t_pw_conf_path, 'w') as t_pw:
             t_pw.write('parameter_defaults: {ExistingKey: xyz}\n')
 
-        mock_open_context = mock.mock_open(
-            read_data='parameter_defaults: {ExistingKey: xyz}\n')
-        with mock.patch('six.moves.builtins.open', mock_open_context):
-            self.cmd._update_passwords_env(self.temp_homedir,
-                                           passwords={'ADefault': 456,
-                                                      'ExistingKey':
-                                                      'dontupdate'})
-        mock_open_context.assert_called_with(pw_conf_path, 'w')
+        with open(pw_conf_path, 'w') as t_pw:
+            t_pw.write('[auth]\nundercloud_db_password = abc\n')
+
+        self.cmd._update_passwords_env(self.temp_homedir,
+                                       passwords={'ADefault': 456,
+                                                  'ExistingKey':
+                                                  'dontupdate'})
         expected_dict = {'parameter_defaults': {'GeneratedPassword': 123,
                                                 'ExistingKey': 'xyz',
+                                                'MysqlRootPassword': 'abc',
                                                 'ADefault': 456}}
         mock_dump.assert_called_once_with(expected_dict,
                                           mock.ANY,
diff --git a/tripleoclient/v1/undercloud_deploy.py b/tripleoclient/v1/undercloud_deploy.py
index c0f252ca9..bca443368 100644
--- a/tripleoclient/v1/undercloud_deploy.py
+++ b/tripleoclient/v1/undercloud_deploy.py
@@ -45,6 +45,7 @@ from heatclient.common import event_utils
 from heatclient.common import template_utils
 from heatclient.common import utils as heat_utils
 from openstackclient.i18n import _
+from six.moves import configparser
 
 from tripleoclient import constants
 from tripleoclient import exceptions
@@ -111,12 +112,34 @@ class DeployUndercloud(command.Command):
         undercloud_pw_file = os.path.join(output_dir,
                                           'undercloud-passwords.conf')
         stack_env = {'parameter_defaults': {}}
+
+        # Getting passwords that were managed by instack-undercloud so
+        # we can upgrade to a containerized undercloud and keep old passwords.
+        legacy_env = {}
+        if os.path.exists(undercloud_pw_file):
+            config = configparser.ConfigParser()
+            config.read(undercloud_pw_file)
+            for k, v in config.items('auth'):
+                # Manage exceptions
+                if k == 'undercloud_db_password':
+                    k = 'MysqlRootPassword'
+                elif k == 'undercloud_rabbit_username':
+                    k = 'RabbitUserName'
+                elif k == 'undercloud_heat_encryption_key':
+                    k = 'HeatAuthEncryptionKey'
+                else:
+                    k = ''.join(i.capitalize() for i in k.split('_')[1:])
+                legacy_env[k] = v
+
         if os.path.exists(pw_file):
             with open(pw_file) as pf:
                 stack_env = yaml.safe_load(pf.read())
 
         pw = password_utils.generate_passwords(stack_env=stack_env)
         stack_env['parameter_defaults'].update(pw)
+        # Override what has been generated by tripleo-common with old passwords
+        # if any.
+        stack_env['parameter_defaults'].update(legacy_env)
 
         if passwords:
             # These passwords are the DefaultPasswords so we only