Stop generating KeystoneFernetKey[01]

... because these were deprecated during Pike[1] and were removed
during Stein[2] in favor of the new single KeystoneFernetKeys
parameter.

[1] 490e237f09d2c685903b173d3fd94efc450a9cb2
[2] 40ba776463b24afb7feec574999da66a5b63a028

Change-Id: Ieabac57383de4f6c8157c0b0c746ca8606237420

tripleo_common/constants.py

@@ -62,8 +62,6 @@ PASSWORD_PARAMETER_NAMES = (
     'LibvirtTLSPassword',
     'KeystoneCredential0',
     'KeystoneCredential1',
-    'KeystoneFernetKey0',
-    'KeystoneFernetKey1',
     'KeystoneFernetKeys',
     'KeystonePassword',
     'ManilaPassword',
@@ -122,8 +120,6 @@ DO_NOT_ROTATE_LIST = (
     'BarbicanSimpleCryptoKek',
     'KeystoneCredential0',
     'KeystoneCredential1',
-    'KeystoneFernetKey0',
-    'KeystoneFernetKey1',
     'KeystoneFernetKeys',
     'CephClientKey',
     'CephClusterFSID',

tripleo_common/tests/utils/test_passwords.py

@@ -55,8 +55,6 @@ class TestPasswords(base.TestCase):
     def test_fernet_keys_and_credentials(self, mock_create_creds):
 
         keys = [uuidutils.generate_uuid(dashed=False),
-                uuidutils.generate_uuid(dashed=False),
-                uuidutils.generate_uuid(dashed=False),
                 uuidutils.generate_uuid(dashed=False),
                 uuidutils.generate_uuid(dashed=False),
                 uuidutils.generate_uuid(dashed=False),
@@ -78,13 +76,8 @@ class TestPasswords(base.TestCase):
                 value = password_utils.generate_passwords()
         self.assertIn(value['KeystoneCredential0'], keys)
         self.assertIn(value['KeystoneCredential1'], keys)
-        self.assertIn(value['KeystoneFernetKey0'], keys)
-        self.assertIn(value['KeystoneFernetKey1'], keys)
         self.assertIn(value['BarbicanSimpleCryptoKek'], keys)
 
-        self.assertNotEqual(value['KeystoneFernetKey0'],
-                            value['KeystoneFernetKey1'])
-
         self.assertNotEqual(value['KeystoneCredential0'],
                             value['KeystoneCredential1'])
         self.assertEqual(len(value['OctaviaServerCertsKeyPassphrase']), 32)

tripleo_common/tests/utils/test_plan.py

@@ -118,8 +118,6 @@ _EXISTING_PASSWORDS = {
     'DesignateRndcKey': 'hB8XaZRd2Tf00jKsyoXpyw==',
     'KeystoneCredential0': 'ftJNQ_XlDUK7Lgvv1kdWf3SyqVsrvNDgoNV4kJg3yzw=',
     'KeystoneCredential1': 'c4MFq82TQLFLKpiiUjrKkp15dafE2ALcD3jbaIu3rfE=',
-    'KeystoneFernetKey0': 'O8NSPxr4zXBBAoGIj-5aUmtE7-Jk5a4ptVsEhzJ8Vd8=',
-    'KeystoneFernetKey1': 'AueoL37kd6eLjV29AG-Ruxu5szW47osgXx6aPOqtI6I=',
     'KeystoneFernetKeys': {
         '/etc/keystone/fernet-keys/0': {'content': 'IAMAVERYSAFEKEY'},
         '/etc/keystone/fernet-keys/1': {'content': 'IALSOAMAVERYSAFEKEY'}

tripleo_common/utils/passwords.py

@@ -87,8 +87,7 @@ def generate_passwords(stack_env=None,
         # for the overcloud.
         elif name == 'SnmpdReadonlyUserPassword':
             passwords[name] = get_snmpd_readonly_user_password()
-        elif name in ('KeystoneCredential0', 'KeystoneCredential1',
-                      'KeystoneFernetKey0', 'KeystoneFernetKey1'):
+        elif name in ('KeystoneCredential0', 'KeystoneCredential1'):
             passwords[name] = create_keystone_credential()
         elif name == 'KeystoneFernetKeys':
             passwords[name] = create_fernet_keys_repo_structure_and_keys()