Add keystore password support

Zuul now requires a keystore password set in zuul.conf.

Change-Id: I2269b2dce156265a084b2a68687a233131933b00

zuul_operator/templates/zuul.conf

@@ -1,6 +1,9 @@
 [gearman]
 server=zuul-gearman
 
+[keystore]
+password={{ keystore_password }}
+
 [zookeeper]
 {% for key, value in spec.zookeeper.items() -%}
 {{ key }}={{ value }}

zuul_operator/zuul.py

@@ -142,6 +142,21 @@ class Zuul:
         except pykube.exceptions.ObjectDoesNotExist:
             return None
 
+    def get_keystore_password(self):
+        secret_name = 'zuul-keystore'
+        secret_key = 'password'
+        try:
+            obj = objects.Secret.objects(self.api).\
+                filter(namespace=self.namespace).\
+                get(name=secret_name)
+            pw = base64.b64decode(obj.obj['data'][secret_key]).decode('utf8')
+            return pw
+        except pykube.exceptions.ObjectDoesNotExist:
+            pw = utils.generate_password(512)
+            utils.update_secret(self.api, self.namespace, secret_name,
+                                string_data={secret_key: pw})
+            return pw
+
     def write_zuul_conf(self):
         dburi = self.get_db_uri()
         self.spec.setdefault('database', {})['dburi'] = dburi
@@ -170,7 +185,8 @@ class Zuul:
                     connection[k] = v
 
         kw = {'connections': connections,
-              'spec': self.spec}
+              'spec': self.spec,
+              'keystore_password': self.get_keystore_password()}
 
         env = jinja2.Environment(
             loader=jinja2.PackageLoader('zuul_operator', 'templates'))