openstack/tripleo-common
Code Issues Proposed changes

Merge "Fernet Key management"

Browse Source
This commit is contained in:
Jenkins 2016-11-18 15:44:51 +00:00 committed by Gerrit Code Review
commit 4b0867662a
3 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tripleo_common/constants.py
View File

@ -75,6 +75,8 @@ PASSWORD_PARAMETER_NAMES = (
'IronicPassword', 'IronicPassword',
'KeystoneCredential0', 'KeystoneCredential0',
'KeystoneCredential1', 'KeystoneCredential1',
'KeystoneFernetKey0',
'KeystoneFernetKey1',
'ManilaPassword', 'ManilaPassword',
'MistralPassword', 'MistralPassword',
'MysqlClustercheckPassword', 'MysqlClustercheckPassword',

32
tripleo_common/tests/utils/test_passwords.py
View File

@ -13,6 +13,7 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
import mock import mock
import uuid
from tripleo_common.tests import base from tripleo_common.tests import base
from tripleo_common.utils import passwords as password_utils from tripleo_common.utils import passwords as password_utils
@ -34,3 +35,34 @@ class TestPasswords(base.TestCase):
value = password_utils.get_snmpd_readonly_user_password(mock_mistral) value = password_utils.get_snmpd_readonly_user_password(mock_mistral)
self.assertEqual(value, "78cbc32b858718267c355d4") self.assertEqual(value, "78cbc32b858718267c355d4")
@mock.patch('tripleo_common.utils.passwords.create_keystone_credential')
def test_fernet_keys_and_credentials(self, mock_create_creds):
keys = [uuid.uuid4().hex, uuid.uuid4().hex,
uuid.uuid4().hex, uuid.uuid4().hex]
snmpd_password = uuid.uuid4().hex
mock_mistral = mock.Mock()
mock_mistral.environments.get.return_value = mock.Mock(variables={
"undercloud_ceilometer_snmpd_password": snmpd_password
})
# generate_overcloud_passwords will be called multiple times
# but the order is based on how the strings are hashed, and thus
# not really predictable. So, make sure it is a unique one of the
# generated values
mock_create_creds.side_effect = keys
value = password_utils.generate_overcloud_passwords(mock_mistral)
self.assertIn(value['KeystoneCredential0'], keys)
self.assertIn(value['KeystoneCredential1'], keys)
self.assertIn(value['KeystoneFernetKey0'], keys)
self.assertIn(value['KeystoneFernetKey1'], keys)
self.assertNotEqual(value['KeystoneFernetKey0'],
value['KeystoneFernetKey1'])
self.assertNotEqual(value['KeystoneCredential0'],
value['KeystoneCredential1'])

3
tripleo_common/utils/passwords.py
View File

@ -54,7 +54,8 @@ def generate_overcloud_passwords(mistralclient, stack_env=None):
# The SnmpdReadonlyUserPassword is stored in a mistral env. # The SnmpdReadonlyUserPassword is stored in a mistral env.
elif name == 'SnmpdReadonlyUserPassword': elif name == 'SnmpdReadonlyUserPassword':
passwords[name] = get_snmpd_readonly_user_password(mistralclient) passwords[name] = get_snmpd_readonly_user_password(mistralclient)
elif name in ('KeystoneCredential0', 'KeystoneCredential1'): elif name in ('KeystoneCredential0', 'KeystoneCredential1',
'KeystoneFernetKey0', 'KeystoneFernetKey1'):
passwords[name] = create_keystone_credential() passwords[name] = create_keystone_credential()
else: else:
passwords[name] = passutils.generate_password( passwords[name] = passutils.generate_password(