From 8cc51067d83ad8245ced0a0d62084de8717415d1 Mon Sep 17 00:00:00 2001
From: Kevin Carter <kecarter@redhat.com>
Date: Tue, 26 May 2020 08:34:32 -0500
Subject: [PATCH] Add toggle for sensitive data within keystone

This change will allow deployers to expose sensitive data as needed.

> This change also fixes the tests for keystone. The role test was
  broken because the use of test-deps needed to be updated for the new
  repo layout.

Change-Id: I200efe00b735a17a996fbfe64e3f0f4d4c813f73
Signed-off-by: Kevin Carter <kecarter@redhat.com>
---
 .../roles/test_deps/tasks/main.yml            | 57 ++++++++-----------
 .../roles/test_deps/tasks/tripleo-setup.yml   | 42 --------------
 .../defaults/main.yml                         |  2 +
 .../tasks/admin.yml                           |  2 +-
 .../tasks/endpoints.yml                       |  4 +-
 .../tasks/services.yml                        |  4 +-
 .../tasks/users.yml                           |  4 +-
 7 files changed, 32 insertions(+), 83 deletions(-)
 delete mode 100644 tripleo_ansible/roles/test_deps/tasks/tripleo-setup.yml

diff --git a/tripleo_ansible/roles/test_deps/tasks/main.yml b/tripleo_ansible/roles/test_deps/tasks/main.yml
index a9e4a41cf..03a81be3f 100644
--- a/tripleo_ansible/roles/test_deps/tasks/main.yml
+++ b/tripleo_ansible/roles/test_deps/tasks/main.yml
@@ -36,51 +36,40 @@
     path: "{{ test_deps_mirrors_file_path }}"
   register: mirrors_file
 
-- when: mirrors_file.stat.exists
-  block:
-
-    - name: Discover mirror for RDO if exists
-      shell: |
-        source {{ test_deps_mirrors_file_path }}
-        echo $NODEPOOL_RDO_PROXY
-      register: rdo_mirror_proxy
-      changed_when: false
-
-    - name: Set fact for the mirror with proxy
-      set_fact:
-        rdo_mirror: "{{ rdo_mirror_proxy.stdout|default('https://trunk.rdoproject.org', true) }}"
-
-- name: Set fact for the mirror without proxy
-  set_fact:
-    rdo_mirror: 'https://trunk.rdoproject.org'
-  when: not mirrors_file.stat.exists
-
-- name: Print used mirror
-  debug: var=rdo_mirror
-
-- name: Set test_deps_repo
-  set_fact:
-    test_deps_repo: "{{ test_deps_repo.replace('https://trunk.rdoproject.org', rdo_mirror) }}"
-
 - name: RHEL Block
   become: true
   when:
     - (ansible_os_family | lower) == 'redhat'
+    - mirrors_file.stat.exists | bool
   block:
-    - name: install deplorean repo
-      get_url:
-        url: "{{ rdo_mirror }}/{{ test_deps_repo_version }}/current-tripleo/delorean.repo"
+    - name: Fetch latest repo version
+      uri:
+        url: https://trunk.rdoproject.org/{{ (ansible_distribution | lower) }}{{ ansible_distribution_major_version }}/current/delorean.repo
+        return_content: true
+      register: tripleo_packages
+
+    - name: Create default repo file
+      copy:
+        content: "{{ tripleo_packages.content }}"
         dest: /etc/yum.repos.d/delorean.repo
 
-    - name: install deplorean-deps repo
-      get_url:
-        url: "{{ rdo_mirror }}/{{ test_deps_repo_version }}/delorean-deps.repo"
-        dest: /etc/yum.repos.d/delorean-deps.repo
+- name: Install tripleo-repos package
+  package:
+    name: "python*tripleo-repos"
+    state: present
 
-- include_tasks: tripleo-setup.yml
+- name: Tripleo setup block
   when:
     - (ansible_os_family | lower) == 'redhat'
     - test_deps_setup_tripleo | bool
+  block:
+    - name: Create tripleo repos
+      command: tripleo-repos -b master current-tripleo
+
+    - name: Install tripleo packages
+      package:
+        name: "{{ test_deps_tripleo_packages }}"
+        state: present
 
 - name: Package block
   become: true
diff --git a/tripleo_ansible/roles/test_deps/tasks/tripleo-setup.yml b/tripleo_ansible/roles/test_deps/tasks/tripleo-setup.yml
deleted file mode 100644
index a7672044f..000000000
--- a/tripleo_ansible/roles/test_deps/tasks/tripleo-setup.yml
+++ /dev/null
@@ -1,42 +0,0 @@
----
-# Copyright 2019 Red Hat, Inc.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-- name: fetch latest repo version
-  uri:
-    url: "{{ test_deps_repo }}/"
-    return_content: true
-  register: tripleo_packages
-
-- name: Set package fact
-  set_fact:
-    tripleo_package_fact: "{{ (tripleo_packages.content | regex_search('(\\B\"python.*tripleo-repos.*rpm\\b\")', multiline=True)).strip('\"') }}"
-
-- name: TripleO package block
-  become: true
-  block:
-    - name: install tripleo repository
-      package:
-        name: "{{ test_deps_repo }}/{{ tripleo_package_fact }}"
-        state: present
-
-    - name: Create tripleo repos
-      command: tripleo-repos -b master current-tripleo
-
-    - name: Install tripleo packages
-      package:
-        name: "{{ test_deps_tripleo_packages }}"
-        state: present
diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/defaults/main.yml b/tripleo_ansible/roles/tripleo_keystone_resources/defaults/main.yml
index bb99a284e..35b381691 100644
--- a/tripleo_ansible/roles/tripleo_keystone_resources/defaults/main.yml
+++ b/tripleo_ansible/roles/tripleo_keystone_resources/defaults/main.yml
@@ -16,6 +16,8 @@
 
 
 # All variables intended for modification should be placed in this file.
+tripleo_keystone_resources_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}"
+tripleo_keystone_resources_debug: "{{ ((ansible_verbosity | int) >= 2) | bool }}"
 
 # All variables within this role should have a prefix of "tripleo_keystone_resources"
 tripleo_keystone_resources_cloud_name: openstack
diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/admin.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/admin.yml
index e536b9592..e77d44f49 100644
--- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/admin.yml
+++ b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/admin.yml
@@ -39,7 +39,7 @@
     - keystone_enable_member | default(tripleo_keystone_resources_member_role_enabled)
 
 - name: Create admin user
-  no_log: true
+  no_log: "{{ tripleo_keystone_resources_hide_sensitive_logs | bool }}"
   os_user:
     cloud: "{{ tripleo_keystone_resources_cloud_name }}"
     name: admin
diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/endpoints.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/endpoints.yml
index 4f9191991..48b1de496 100644
--- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/endpoints.yml
+++ b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/endpoints.yml
@@ -15,7 +15,7 @@
 # under the License.
 
 - name: "Async creation of Keystone {{ keystone_endpoint_type }} endpoint"
-  no_log: true
+  no_log: "{{ tripleo_keystone_resources_hide_sensitive_logs | bool }}"
   os_keystone_endpoint:
     cloud: "{{ tripleo_keystone_resources_cloud_name }}"
     service: "{{ tripleo_keystone_resources_data.key }}"
@@ -31,7 +31,7 @@
     loop_var: tripleo_keystone_resources_data
 
 - name: "Check Keystone {{ keystone_endpoint_type }} endpoint status"
-  no_log: true
+  no_log: "{{ not (tripleo_keystone_resources_debug | bool) }}"
   async_status:
     jid: "{{ tripleo_keystone_resources_endpoint_async_result_item.ansible_job_id }}"
   loop: "{{ tripleo_keystone_resources_endpoint_results.results }}"
diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/services.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/services.yml
index 1c8211de9..480ad3bb4 100644
--- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/services.yml
+++ b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/services.yml
@@ -15,7 +15,7 @@
 # under the License.
 
 - name: Async creation of Keystone service
-  no_log: true
+  no_log: "{{ tripleo_keystone_resources_hide_sensitive_logs | bool }}"
   os_keystone_service:
     cloud: "{{ tripleo_keystone_resources_cloud_name }}"
     name: "{{ tripleo_keystone_resources_data.key }}"
@@ -30,7 +30,7 @@
     loop_var: tripleo_keystone_resources_data
 
 - name: Check Keystone service status
-  no_log: true
+  no_log: "{{ not (tripleo_keystone_resources_debug | bool) }}"
   async_status:
     jid: "{{ tripleo_keystone_resources_service_async_result_item.ansible_job_id }}"
   loop: "{{ tripleo_keystone_resources_service_results.results }}"
diff --git a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/users.yml b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/users.yml
index c91594e59..38354f2eb 100644
--- a/tripleo_ansible/roles/tripleo_keystone_resources/tasks/users.yml
+++ b/tripleo_ansible/roles/tripleo_keystone_resources/tasks/users.yml
@@ -15,7 +15,7 @@
 # under the License.
 
 - name: "Async creation of Keystone user"
-  no_log: true
+  no_log: "{{ tripleo_keystone_resources_hide_sensitive_logs | bool }}"
   os_user:
     cloud: "{{ tripleo_keystone_resources_cloud_name }}"
     name: "{{ lookup('dict', tripleo_keystone_resources_data).value.name | default(lookup('dict', tripleo_keystone_resources_data).key) }}"
@@ -32,7 +32,7 @@
     loop_var: tripleo_keystone_resources_data
 
 - name: "Check Keystone user status"
-  no_log: true
+  no_log: "{{ not (tripleo_keystone_resources_debug | bool) }}"
   async_status:
     jid: "{{ tripleo_keystone_resources_user_async_result_item.ansible_job_id }}"
   loop: "{{ tripleo_keystone_resources_user_results.results }}"