From de718da43e388d22555cf32ea5be4566c9f39e0c Mon Sep 17 00:00:00 2001
From: Joao Victor Portal <Joao.VictorPortal@windriver.com>
Date: Tue, 27 Jun 2023 16:13:16 -0300
Subject: [PATCH] Create local_starlingxrc script

This change adds an utility script called "local_starlingxrc". It does
the following actions: if the file "~/$USER-openrc" exists, sources it;
if it doesn't exist, creates and sources it. The openrc file created
uses the same Keystone username of the linux user logged in and asks the
password. It should be used through command "source local_starlingxrc".

Test Plan:

PASS: Successfully deploy an AIO-DX containing this change.
PASS: In the deployed AIO-DX, check that the command "local_starlingxrc"
is available at "/usr/local/bin/local_starlingxrc" with permissions
"-r-xr-xr-x", user root, group root.
PASS: In the deployed AIO-DX, create linux user user1 that is not part
of groups sys_protected and root and create Keystone user user1 with
user role "reader". Execute a SSH to the active controller using user1,
execute "source local_starlingxrc", inform the password asked and
execute "system host-list" with no errors. Check that the file
"user1-openrc" is created in user1 home folder with permissions
"-rw-------", owner user1. Exit and execute SSH again using user1,
execute "source local_starlingxrc", check that no password is asked and
execute "system host-list" with no errors.
PASS: Repeat the test above using standby controller. Check that the
output of "source local_starlingxrc" always prints an error message
saying that it is not the active controller and that "system host-list"
always returns an error.

Partial-Bug: 2024627
Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/886661
Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
Change-Id: I576bf49cc5db9fef10f26963219d7c179f46a24f
---
 .../platform-util/centos/platform-util.spec   |  2 +
 .../debian/deb_folder/controller.install      |  1 +
 .../platform-util-controller.install          |  1 +
 .../platform-util/debian/deb_folder/rules     |  4 +-
 .../platform-util/scripts/local_starlingxrc   | 37 +++++++++++++++++++
 5 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 utilities/platform-util/scripts/local_starlingxrc

diff --git a/utilities/platform-util/centos/platform-util.spec b/utilities/platform-util/centos/platform-util.spec
index 806c0870..a22b9f31 100644
--- a/utilities/platform-util/centos/platform-util.spec
+++ b/utilities/platform-util/centos/platform-util.spec
@@ -68,6 +68,7 @@ install -m 555 %{_buildsubdir}/scripts/stx-iso-utils-centos.sh %{buildroot}%{loc
 install -m 555 %{_buildsubdir}/scripts/show-certs.sh %{buildroot}%{local_bindir}
 install -m 555 %{_buildsubdir}/scripts/update_docker_registry_auth.sh %{buildroot}%{local_bindir}
 install -m 555 %{_buildsubdir}/scripts/change_system_private_registry.sh %{buildroot}%{local_bindir}
+install -m 555 %{_buildsubdir}/scripts/local_starlingxrc %{buildroot}%{local_bindir}
 
 install -d %{buildroot}%{local_etc_initd}
 install %{_buildsubdir}/scripts/log_functions.sh %{buildroot}%{local_etc_initd}
@@ -121,6 +122,7 @@ systemctl enable opt-platform.service
 %{local_bindir}/show-certs.sh
 %{local_bindir}/update_docker_registry_auth.sh
 %{local_bindir}/change_system_private_registry.sh
+%{local_bindir}/local_starlingxrc
 
 %files noncontroller
 %defattr(-,root,root,-)
diff --git a/utilities/platform-util/debian/deb_folder/controller.install b/utilities/platform-util/debian/deb_folder/controller.install
index 07eae200..48defce6 100644
--- a/utilities/platform-util/debian/deb_folder/controller.install
+++ b/utilities/platform-util/debian/deb_folder/controller.install
@@ -6,3 +6,4 @@ scripts/stx-iso-utils-centos.sh usr/local/bin
 scripts/update-iso.sh usr/local/bin
 scripts/update_docker_registry_auth.sh usr/local/bin
 scripts/change_system_private_registry.sh usr/local/bin
+scripts/local_starlingxrc usr/local/bin
diff --git a/utilities/platform-util/debian/deb_folder/platform-util-controller.install b/utilities/platform-util/debian/deb_folder/platform-util-controller.install
index 68631423..4025da99 100644
--- a/utilities/platform-util/debian/deb_folder/platform-util-controller.install
+++ b/utilities/platform-util/debian/deb_folder/platform-util-controller.install
@@ -6,3 +6,4 @@
 /usr/local/bin/update-iso.sh
 /usr/local/bin/update_docker_registry_auth.sh
 /usr/local/bin/change_system_private_registry.sh
+/usr/local/bin/local_starlingxrc
diff --git a/utilities/platform-util/debian/deb_folder/rules b/utilities/platform-util/debian/deb_folder/rules
index e2341909..d069c0cd 100755
--- a/utilities/platform-util/debian/deb_folder/rules
+++ b/utilities/platform-util/debian/deb_folder/rules
@@ -38,6 +38,7 @@ override_dh_auto_install:
 	install -m 555 scripts/update_docker_registry_auth.sh $(DEBIAN_BUILDDIR)/usr/local/bin/
 	install -m 555 scripts/change_system_private_registry.sh $(DEBIAN_BUILDDIR)/usr/local/bin/
 	install -m 555 scripts/is-rootdisk-device.sh $(DEBIAN_BUILDDIR)/usr/local/bin/
+	install -m 555 scripts/local_starlingxrc $(DEBIAN_BUILDDIR)/usr/local/bin/
 	install -m 755 scripts/connectivity_test $(DEBIAN_BUILDDIR)/usr/local/bin/
 	install -m 750 scripts/set_keystone_user_option.sh $(DEBIAN_BUILDDIR)/usr/local/bin/
 
@@ -51,4 +52,5 @@ override_dh_auto_install:
 override_dh_fixperms:
 	dh_fixperms -Xupdate-iso.sh -Xgen-bootloader-iso.sh -Xstx-iso-utils.sh \
 	-Xshow-certs.sh -Xupdate_docker_registry_auth.sh -Xchange_system_private_registry.sh \
-        -Xis-rootdisk-device.sh -Xpatch-restart-* -Xconnectivity_test -Xset_keystone_user_option.sh
+	-Xis-rootdisk-device.sh -Xlocal_starlingxrc -Xpatch-restart-* -Xconnectivity_test \
+	-Xset_keystone_user_option.sh
diff --git a/utilities/platform-util/scripts/local_starlingxrc b/utilities/platform-util/scripts/local_starlingxrc
new file mode 100644
index 00000000..29fe4332
--- /dev/null
+++ b/utilities/platform-util/scripts/local_starlingxrc
@@ -0,0 +1,37 @@
+#
+# Copyright (c) 2023 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Creates and/or loads local file "~/$USER-openrc".
+# It is assumed that the Keystone username is the same as the logged in
+# username.
+#
+
+# Check if openrc file exists.
+if [ -e "$HOME/$USER-openrc" ]; then
+
+    source $HOME/$USER-openrc
+    return $?
+
+else
+
+    # Create and source openrc file.
+    read -s -p "Enter the password to be used with Keystone user $USER: " password
+    echo
+    touch $HOME/$USER-openrc
+    chmod 600 $HOME/$USER-openrc
+    printf "%s\n" \
+           "source /etc/platform/openrc --no_credentials" \
+           "if [[ \"\$?\" != \"0\" ]]; then" \
+           "    return 1" \
+           "fi" \
+           "export OS_USERNAME=$USER" \
+           "export OS_PASSWORD=$password" \
+           "export PS1='[\u@\h \W(keystone_\$OS_USERNAME)]\$ '" \
+           "return 0" >> $HOME/$USER-openrc
+    echo "Created file $HOME/$USER-openrc"
+    source $HOME/$USER-openrc
+    return $?
+
+fi