Merge "Update puppet-keystone to handle $ in admin password"

devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/build_srpm.data

@@ -1 +1 @@
-TIS_PATCH_VER=5
+TIS_PATCH_VER=6

devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/meta_patches/0005-escape-special-characters-in-bootstrap.patch

@@ -0,0 +1,33 @@
+From f3282651cd75697bbf7be3a07c1093c03964b5e1 Mon Sep 17 00:00:00 2001
+From: Kam Nasim <kam.nasim@windriver.com>
+Date: Mon, 2 Apr 2018 16:20:52 -0400
+Subject: [PATCH] meta patch for
+ 0004-escape-special-characters-in-bootstrap.patch
+
+---
+ SPECS/puppet-keystone.spec | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/SPECS/puppet-keystone.spec b/SPECS/puppet-keystone.spec
+index 36cf461..301002a 100644
+--- a/SPECS/puppet-keystone.spec
++++ b/SPECS/puppet-keystone.spec
+@@ -13,6 +13,7 @@ Source0:        https://tarballs.openstack.org/%{name}/%{name}-%{upstream_versio
+ Patch0001:      0001-pike-rebase-squash-titanium-patches.patch
+ Patch0002:      0002-remove-the-Keystone-admin-app.patch
+ Patch0003:      0003-remove-eventlet_bindhost-from-Keystoneconf.patch
++Patch0004:      0004-escape-special-characters-in-bootstrap.patch
+ 
+ BuildArch:      noarch
+ 
+@@ -33,6 +34,7 @@ Puppet module for OpenStack Keystone
+ %patch0001 -p1
+ %patch0002 -p1
+ %patch0003 -p1
++%patch0004 -p1
+ 
+ find . -type f -name ".*" -exec rm {} +
+ find . -size 0 -exec rm {} +
+-- 
+1.8.3.1
+

devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/meta_patches/PATCH_ORDER

@@ -2,3 +2,4 @@
 0002-squash-titanium-patches.patch
 0003-remove-the-keystone-admin-app.patch
 0004-remove-eventlet_and_bindhost-from-keystoneconf.patch
+0005-escape-special-characters-in-bootstrap.patch

devtools/puppet-modules/openstack/puppet-keystone-11.3.0/centos/patches/0004-escape-special-characters-in-bootstrap.patch

@@ -0,0 +1,39 @@
+From 70d22113cc8d58b6546cb4917c27f9aae51787c5 Mon Sep 17 00:00:00 2001
+From: Kam Nasim <kam.nasim@windriver.com>
+Date: Mon, 2 Apr 2018 16:13:31 -0400
+Subject: [PATCH] CGTS-9320: config_controller fails when admin pw containing $
+
+Escape special characters when executing the keystone-manage bootstrap
+command since the keystone CLI argparse will parse "Madawa$ka1" as
+"Madawa" which will cause the Keystone ADMIN acct to be created with an
+incorrect password. Puppet will detect this and attempt to course
+correct by sending an UPDATE User request to Keystone, which does set
+the right password but causes other failures in config_controller
+---
+ manifests/init.pp | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/manifests/init.pp b/manifests/init.pp
+index d64638c..89af303 100644
+--- a/manifests/init.pp
++++ b/manifests/init.pp
+@@ -1292,10 +1292,15 @@ running as a standalone service, or httpd for being run by a httpd server")
+   }
+ 
+   if $enable_bootstrap {
++    #(NOTE: knasim-wrs): escape special characters in the password otherwise the
++    # keyword-manage bootstrap CLI may parse the password incorrectly, causing
++    # the admin account to be created with an incorrect password
++    $admin_password_escaped = shell_escape($admin_password_real)
++
+     # this requires the database to be up and running and configured
+     # and is only run once, so we don't need to notify the service
+     exec { 'keystone-manage bootstrap':
+-      command     => "keystone-manage bootstrap --bootstrap-password ${admin_password_real}",
++      command     => "keystone-manage bootstrap --bootstrap-password ${admin_password_escaped}",
+       user        => $keystone_user,
+       path        => '/usr/bin',
+       refreshonly => true,
+-- 
+1.8.3.1
+