def test_run_passwords_exist(self, mock_get_snmpd_readonly_user_password, mock_fernet_keys_setup, mock_create_ssh_keypair): mock_get_snmpd_readonly_user_password.return_value = "TestPassword" mock_create_ssh_keypair.return_value = { 'public_key': 'Foo', 'private_key': 'Bar' } mock_fernet_keys_setup.return_value = { '/tmp/foo': { 'content': 'Foo' }, '/tmp/bar': { 'content': 'Bar' } } mock_orchestration = mock.MagicMock() mock_orchestration.stacks.environment.return_value = { 'parameter_defaults': _EXISTING_PASSWORDS.copy() } mock_resource = mock.MagicMock() mock_resource.attributes = { 'endpoint_map': { 'PlacementPublic': {} }, } mock_orchestration.resources.get.return_value = mock_resource result = plan_utils.generate_passwords(None, mock_orchestration) # ensure old passwords used and no new generation self.assertEqual(_EXISTING_PASSWORDS, result)
def test_placement_passwords_upgrade(self, mock_get_snmpd_readonly_user_password, mock_fernet_keys_setup, mock_create_ssh_keypair): mock_get_snmpd_readonly_user_password.return_value = "TestPassword" mock_create_ssh_keypair.return_value = { 'public_key': 'Foo', 'private_key': 'Bar' } mock_fernet_keys_setup.return_value = { '/tmp/foo': { 'content': 'Foo' }, '/tmp/bar': { 'content': 'Bar' } } passwords = _EXISTING_PASSWORDS.copy() mock_orchestration = mock.MagicMock() mock_orchestration.stacks.environment.return_value = { 'parameter_defaults': passwords } mock_resource = mock.MagicMock() mock_resource.attributes = { 'endpoint_map': {}, } mock_orchestration.resources.get.return_value = mock_resource result = plan_utils.generate_passwords(None, mock_orchestration) self.assertEqual(passwords['NovaPassword'], result['PlacementPassword'])
def test_passwords_exist_in_heat( self, mock_get_snmpd_readonly_user_password, mock_fernet_keys_setup, mock_create_ssh_keypair): mock_get_snmpd_readonly_user_password.return_value = "TestPassword" mock_create_ssh_keypair.return_value = {'public_key': 'Foo', 'private_key': 'Bar'} mock_fernet_keys_setup.return_value = {'/tmp/foo': {'content': 'Foo'}, '/tmp/bar': {'content': 'Bar'}} existing_passwords = _EXISTING_PASSWORDS.copy() existing_passwords["AdminPassword"] = '******' mock_orchestration = mock.MagicMock() mock_orchestration.stacks.environment.return_value = { 'parameter_defaults': existing_passwords } mock_resource = mock.MagicMock() mock_resource.attributes = { 'endpoint_map': { 'PlacementPublic': {} }, } mock_orchestration.resources.get.return_value = mock_resource result = plan_utils.generate_passwords(None, mock_orchestration) self.assertEqual(existing_passwords, result)
def test_run_rotate_no_rotate_list( self, mock_get_snmpd_readonly_user_password, mock_fernet_keys_setup, mock_create_ssh_keypair): mock_get_snmpd_readonly_user_password.return_value = "TestPassword" mock_create_ssh_keypair.return_value = {'public_key': 'Foo', 'private_key': 'Bar'} mock_fernet_keys_setup.return_value = {'/tmp/foo': {'content': 'Foo'}, '/tmp/bar': {'content': 'Bar'}} mock_orchestration = mock.MagicMock() mock_orchestration.stacks.environment.return_value = { 'parameter_defaults': _EXISTING_PASSWORDS.copy() } mock_resource = mock.MagicMock() mock_resource.attributes = { 'endpoint_map': { 'PlacementPublic': {} }, } mock_orchestration.resources.get.return_value = mock_resource result = plan_utils.generate_passwords(None, mock_orchestration, rotate_passwords=True) # ensure passwords in the DO_NOT_ROTATE_LIST are not modified for name in constants.DO_NOT_ROTATE_LIST: self.assertEqual(_EXISTING_PASSWORDS[name], result[name]) # ensure all passwords are generated for name in constants.PASSWORD_PARAMETER_NAMES: self.assertTrue(name in result, "%s is not in %s" % (name, result)) # ensure new passwords have been generated self.assertNotEqual(_EXISTING_PASSWORDS, result)
def run_module(): result = dict( success=False, changed=False, error="", passwords={} ) argument_spec = openstack_full_argument_spec( **yaml.safe_load(DOCUMENTATION)['options'] ) module = AnsibleModule( argument_spec, supports_check_mode=False, **openstack_module_kwargs() ) try: container = module.params.get('container') rotate_passwords = module.params.get('rotate_passwords') password_list = module.params.get('password_list') password_file = module.params.get('password_file') _, conn = openstack_cloud_from_module(module) tripleo = tc.TripleOCommon(session=conn.session) swift = tripleo.get_object_client() heat = tripleo.get_orchestration_client() # Which file to look for passwords if not password_file: password_file = os.path.join( constants.DEFAULT_WORKING_DIR_FORMAT.format(container), constants.PASSWORDS_ENV_FORMAT.format(container)) # Check whether the password file exists if os.path.exists(password_file): with open(password_file, 'r') as f: passwords_env = yaml.safe_load(f.read()) else: passwords_env = None rotated_passwords = plan_utils.generate_passwords( swift, heat, container=container, rotate_passwords=rotate_passwords, rotate_pw_list=password_list, passwords_env=passwords_env ) result['success'] = True result['passwords'] = rotated_passwords result['changed'] = True except Exception as err: result['error'] = str(err) result['msg'] = ("Error rotating passwords for plan %s: %s" % ( container, err)) module.fail_json(**result) # in the event of a successful module execution, you will want to # simple AnsibleModule.exit_json(), passing the key/value results module.exit_json(**result)
def test_run_rotate_with_rotate_list(self, mock_get_snmpd_readonly_user_password, mock_fernet_keys_setup, mock_create_ssh_keypair): mock_get_snmpd_readonly_user_password.return_value = "TestPassword" mock_create_ssh_keypair.return_value = { 'public_key': 'Foo', 'private_key': 'Bar' } mock_fernet_keys_setup.return_value = { '/tmp/foo': { 'content': 'Foo' }, '/tmp/bar': { 'content': 'Bar' } } mock_orchestration = mock.MagicMock() mock_orchestration.stacks.environment.return_value = { 'parameter_defaults': _EXISTING_PASSWORDS.copy() } mock_resource = mock.MagicMock() mock_resource.attributes = { 'endpoint_map': { 'PlacementPublic': {} }, } mock_orchestration.resources.get.return_value = mock_resource rotate_list = [ 'BarbicanPassword', 'AdminPassword', 'CeilometerMeteringSecret', 'NovaPassword', 'MysqlRootPassword' ] result = plan_utils.generate_passwords(None, mock_orchestration, rotate_passwords=True, rotate_pw_list=rotate_list) # ensure only specified passwords are regenerated for name in constants.PASSWORD_PARAMETER_NAMES: self.assertTrue(name in result, "%s is not in %s" % (name, result)) if name in rotate_list: self.assertNotEqual(_EXISTING_PASSWORDS[name], result[name]) else: self.assertEqual(_EXISTING_PASSWORDS[name], result[name])
def run_module(): result = dict( success=False, changed=False, error="", passwords={} ) argument_spec = openstack_full_argument_spec( **yaml.safe_load(DOCUMENTATION)['options'] ) module = AnsibleModule( argument_spec, supports_check_mode=False, **openstack_module_kwargs() ) try: container = module.params.get('container') rotate_passwords = module.params.get('rotate_passwords') password_list = module.params.get('password_list') _, conn = openstack_cloud_from_module(module) tripleo = tc.TripleOCommon(session=conn.session) swift = tripleo.get_object_client() heat = tripleo.get_orchestration_client() rotated_passwords = plan_utils.generate_passwords( swift, heat, container=container, rotate_passwords=rotate_passwords, rotate_pw_list=password_list) result['success'] = True result['passwords'] = rotated_passwords result['changed'] = True except Exception as err: result['error'] = str(err) result['msg'] = ("Error rotating passwords for plan %s: %s" % ( container, err)) module.fail_json(**result) # in the event of a successful module execution, you will want to # simple AnsibleModule.exit_json(), passing the key/value results module.exit_json(**result)
def test_generate_password(self, mock_get_snmpd_readonly_user_password): mock_get_snmpd_readonly_user_password.return_value = "TestPassword" mock_orchestration = mock.MagicMock() mock_orchestration.stacks.environment.return_value = { 'parameter_defaults': {} } mock_resource = mock.MagicMock() mock_resource.attributes = { 'endpoint_map': { 'PlacementPublic': {} }, } mock_orchestration.resources.get.return_value = mock_resource result = plan_utils.generate_passwords(None, mock_orchestration) for password_param_name in constants.PASSWORD_PARAMETER_NAMES: self.assertTrue(password_param_name in result, "%s is not in %s" % (password_param_name, result))
def export_passwords(heat, stack, stack_dir): """Export passwords from an existing stack and write them in Heat environment file format to the specified directory. :param heat: Heat client :type heat: heatclient.client.Client :param stack: Stack name to query for passwords :type stack: str :param stack_dir: Directory to save the generated Heat environment containing the password values. :type stack_dir: str :return: None :rtype: None """ passwords_path = os.path.join(stack_dir, "tripleo-{}-passwords.yaml".format(stack)) LOG.info("Exporting passwords for stack %s to %s" % (stack, passwords_path)) passwords = plan_utils.generate_passwords(heat=heat, container=stack) password_params = dict(parameter_defaults=passwords) with open(passwords_path, 'w') as f: f.write(yaml.safe_dump(password_params)) os.chmod(passwords_path, 0o600)