Merge "Add KeystoneFernetKeys to generated passwords"

tripleo_common/constants.py

@@ -81,6 +81,7 @@ PASSWORD_PARAMETER_NAMES = (
     'KeystoneCredential1',
     'KeystoneFernetKey0',
     'KeystoneFernetKey1',
+    'KeystoneFernetKeys',
     'ManilaPassword',
     'MistralPassword',
     'MysqlClustercheckPassword',

tripleo_common/tests/actions/test_parameters.py

@@ -66,6 +66,10 @@ _EXISTING_PASSWORDS = {
     'KeystoneCredential1': 'c4MFq82TQLFLKpiiUjrKkp15dafE2ALcD3jbaIu3rfE=',
     'KeystoneFernetKey0': 'O8NSPxr4zXBBAoGIj-5aUmtE7-Jk5a4ptVsEhzJ8Vd8=',
     'KeystoneFernetKey1': 'AueoL37kd6eLjV29AG-Ruxu5szW47osgXx6aPOqtI6I=',
+    'KeystoneFernetKeys': {
+        '/etc/keystone/fernet-keys/0': {'content': 'IAMAVERYSAFEKEY'},
+        '/etc/keystone/fernet-keys/1': {'content': 'IALSOAMAVERYSAFEKEY'}
+    },
     'CephClusterFSID': u'97c16f44-b62c-11e6-aed3-185e0f73fdc5',
     'Ec2ApiPassword': 'FPvz2WiWxrHVWrmSSvv44bqmr',
     'EtcdInitialClusterToken': 'fcVZXehsSc2KdmFFMKDudxTLKa',
@@ -389,6 +393,8 @@ class GeneratePasswordsActionTest(base.TestCase):
                 'get_orchestration_client')
     @mock.patch('tripleo_common.utils.passwords.'
                 'create_ssh_keypair')
+    @mock.patch('tripleo_common.utils.passwords.'
+                'create_fernet_keys_repo_structure_and_keys')
     @mock.patch('tripleo_common.utils.passwords.'
                 'get_snmpd_readonly_user_password')
     @mock.patch('tripleo_common.actions.base.TripleOAction.'
@@ -397,6 +403,7 @@ class GeneratePasswordsActionTest(base.TestCase):
     def test_run_passwords_exist(self, mock_get_object_client,
                                  mock_get_workflow_client,
                                  mock_get_snmpd_readonly_user_password,
+                                 mock_fernet_keys_setup,
                                  mock_create_ssh_keypair,
                                  mock_get_orchestration_client,
                                  mock_cache):
@@ -404,6 +411,8 @@ class GeneratePasswordsActionTest(base.TestCase):
         mock_get_snmpd_readonly_user_password.return_value = "TestPassword"
         mock_create_ssh_keypair.return_value = {'public_key': 'Foo',
                                                 'private_key': 'Bar'}
+        mock_fernet_keys_setup.return_value = {'/tmp/foo': {'content': 'Foo'},
+                                               '/tmp/bar': {'content': 'Bar'}}
 
         mock_ctx = mock.MagicMock()
 
@@ -441,6 +450,8 @@ class GeneratePasswordsActionTest(base.TestCase):
                 'get_orchestration_client')
     @mock.patch('tripleo_common.utils.passwords.'
                 'create_ssh_keypair')
+    @mock.patch('tripleo_common.utils.passwords.'
+                'create_fernet_keys_repo_structure_and_keys')
     @mock.patch('tripleo_common.utils.passwords.'
                 'get_snmpd_readonly_user_password')
     @mock.patch('tripleo_common.actions.base.TripleOAction.'
@@ -449,6 +460,7 @@ class GeneratePasswordsActionTest(base.TestCase):
     def test_passwords_exist_in_heat(self, mock_get_object_client,
                                      mock_get_workflow_client,
                                      mock_get_snmpd_readonly_user_password,
+                                     mock_fernet_keys_setup,
                                      mock_create_ssh_keypair,
                                      mock_get_orchestration_client,
                                      mock_cache):
@@ -456,6 +468,8 @@ class GeneratePasswordsActionTest(base.TestCase):
         mock_get_snmpd_readonly_user_password.return_value = "TestPassword"
         mock_create_ssh_keypair.return_value = {'public_key': 'Foo',
                                                 'private_key': 'Bar'}
+        mock_fernet_keys_setup.return_value = {'/tmp/foo': {'content': 'Foo'},
+                                               '/tmp/bar': {'content': 'Bar'}}
 
         existing_passwords = _EXISTING_PASSWORDS.copy()
         existing_passwords.pop("AdminPassword")

tripleo_common/tests/utils/test_passwords.py

@@ -41,6 +41,8 @@ class TestPasswords(base.TestCase):
     def test_fernet_keys_and_credentials(self, mock_create_creds):
 
         keys = [uuidutils.generate_uuid(dashed=False),
+                uuidutils.generate_uuid(dashed=False),
+                uuidutils.generate_uuid(dashed=False),
                 uuidutils.generate_uuid(dashed=False),
                 uuidutils.generate_uuid(dashed=False),
                 uuidutils.generate_uuid(dashed=False)]

tripleo_common/utils/passwords.py

@@ -68,6 +68,8 @@ def generate_passwords(mistralclient=None, stack_env=None):
         elif name in ('KeystoneCredential0', 'KeystoneCredential1',
                       'KeystoneFernetKey0', 'KeystoneFernetKey1'):
             passwords[name] = create_keystone_credential()
+        elif name == 'KeystoneFernetKeys':
+            passwords[name] = create_fernet_keys_repo_structure_and_keys()
         elif name == 'MigrationSshKey':
             passwords[name] = create_ssh_keypair()
         else:
@@ -76,6 +78,15 @@ def generate_passwords(mistralclient=None, stack_env=None):
     return passwords
 
 
+def create_fernet_keys_repo_structure_and_keys():
+    return {
+        '/etc/keystone/fernet-keys/0': {
+            'content': create_keystone_credential()},
+        '/etc/keystone/fernet-keys/1': {
+            'content': create_keystone_credential()}
+    }
+
+
 def create_cephx_key():
     # NOTE(gfidente): Taken from
     # https://github.com/ceph/ceph-deploy/blob/master/ceph_deploy/new.py#L21