def test_run_passwords_exist(self, mock_get_snmpd_readonly_user_password,
mock_fernet_keys_setup,
mock_create_ssh_keypair):
mock_get_snmpd_readonly_user_password.return_value = "TestPassword"
mock_create_ssh_keypair.return_value = {
'public_key': 'Foo',
'private_key': 'Bar'
}
mock_fernet_keys_setup.return_value = {
'/tmp/foo': {
'content': 'Foo'
},
'/tmp/bar': {
'content': 'Bar'
}
}
mock_orchestration = mock.MagicMock()
mock_orchestration.stacks.environment.return_value = {
'parameter_defaults': _EXISTING_PASSWORDS.copy()
}
mock_resource = mock.MagicMock()
mock_resource.attributes = {
'endpoint_map': {
'PlacementPublic': {}
},
}
mock_orchestration.resources.get.return_value = mock_resource
result = plan_utils.generate_passwords(None, mock_orchestration)
# ensure old passwords used and no new generation
self.assertEqual(_EXISTING_PASSWORDS, result)
def test_placement_passwords_upgrade(self,
mock_get_snmpd_readonly_user_password,
mock_fernet_keys_setup,
mock_create_ssh_keypair):
mock_get_snmpd_readonly_user_password.return_value = "TestPassword"
mock_create_ssh_keypair.return_value = {
'public_key': 'Foo',
'private_key': 'Bar'
}
mock_fernet_keys_setup.return_value = {
'/tmp/foo': {
'content': 'Foo'
},
'/tmp/bar': {
'content': 'Bar'
}
}
passwords = _EXISTING_PASSWORDS.copy()
mock_orchestration = mock.MagicMock()
mock_orchestration.stacks.environment.return_value = {
'parameter_defaults': passwords
}
mock_resource = mock.MagicMock()
mock_resource.attributes = {
'endpoint_map': {},
}
mock_orchestration.resources.get.return_value = mock_resource
result = plan_utils.generate_passwords(None, mock_orchestration)
self.assertEqual(passwords['NovaPassword'],
result['PlacementPassword'])
def test_passwords_exist_in_heat(
self, mock_get_snmpd_readonly_user_password,
mock_fernet_keys_setup, mock_create_ssh_keypair):
mock_get_snmpd_readonly_user_password.return_value = "TestPassword"
mock_create_ssh_keypair.return_value = {'public_key': 'Foo',
'private_key': 'Bar'}
mock_fernet_keys_setup.return_value = {'/tmp/foo': {'content': 'Foo'},
'/tmp/bar': {'content': 'Bar'}}
existing_passwords = _EXISTING_PASSWORDS.copy()
existing_passwords["AdminPassword"] = '******'
mock_orchestration = mock.MagicMock()
mock_orchestration.stacks.environment.return_value = {
'parameter_defaults': existing_passwords
}
mock_resource = mock.MagicMock()
mock_resource.attributes = {
'endpoint_map': {
'PlacementPublic': {}
},
}
mock_orchestration.resources.get.return_value = mock_resource
result = plan_utils.generate_passwords(None, mock_orchestration)
self.assertEqual(existing_passwords, result)
def test_run_rotate_no_rotate_list(
self, mock_get_snmpd_readonly_user_password,
mock_fernet_keys_setup, mock_create_ssh_keypair):
mock_get_snmpd_readonly_user_password.return_value = "TestPassword"
mock_create_ssh_keypair.return_value = {'public_key': 'Foo',
'private_key': 'Bar'}
mock_fernet_keys_setup.return_value = {'/tmp/foo': {'content': 'Foo'},
'/tmp/bar': {'content': 'Bar'}}
mock_orchestration = mock.MagicMock()
mock_orchestration.stacks.environment.return_value = {
'parameter_defaults': _EXISTING_PASSWORDS.copy()
}
mock_resource = mock.MagicMock()
mock_resource.attributes = {
'endpoint_map': {
'PlacementPublic': {}
},
}
mock_orchestration.resources.get.return_value = mock_resource
result = plan_utils.generate_passwords(None, mock_orchestration,
rotate_passwords=True)
# ensure passwords in the DO_NOT_ROTATE_LIST are not modified
for name in constants.DO_NOT_ROTATE_LIST:
self.assertEqual(_EXISTING_PASSWORDS[name], result[name])
# ensure all passwords are generated
for name in constants.PASSWORD_PARAMETER_NAMES:
self.assertTrue(name in result, "%s is not in %s" % (name, result))
# ensure new passwords have been generated
self.assertNotEqual(_EXISTING_PASSWORDS, result)
def run_module():
result = dict(
success=False,
changed=False,
error="",
passwords={}
)
argument_spec = openstack_full_argument_spec(
**yaml.safe_load(DOCUMENTATION)['options']
)
module = AnsibleModule(
argument_spec,
supports_check_mode=False,
**openstack_module_kwargs()
)
try:
container = module.params.get('container')
rotate_passwords = module.params.get('rotate_passwords')
password_list = module.params.get('password_list')
password_file = module.params.get('password_file')
_, conn = openstack_cloud_from_module(module)
tripleo = tc.TripleOCommon(session=conn.session)
swift = tripleo.get_object_client()
heat = tripleo.get_orchestration_client()
# Which file to look for passwords
if not password_file:
password_file = os.path.join(
constants.DEFAULT_WORKING_DIR_FORMAT.format(container),
constants.PASSWORDS_ENV_FORMAT.format(container))
# Check whether the password file exists
if os.path.exists(password_file):
with open(password_file, 'r') as f:
passwords_env = yaml.safe_load(f.read())
else:
passwords_env = None
rotated_passwords = plan_utils.generate_passwords(
swift, heat, container=container,
rotate_passwords=rotate_passwords,
rotate_pw_list=password_list,
passwords_env=passwords_env
)
result['success'] = True
result['passwords'] = rotated_passwords
result['changed'] = True
except Exception as err:
result['error'] = str(err)
result['msg'] = ("Error rotating passwords for plan %s: %s" % (
container, err))
module.fail_json(**result)
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
module.exit_json(**result)
def test_run_rotate_with_rotate_list(self,
mock_get_snmpd_readonly_user_password,
mock_fernet_keys_setup,
mock_create_ssh_keypair):
mock_get_snmpd_readonly_user_password.return_value = "TestPassword"
mock_create_ssh_keypair.return_value = {
'public_key': 'Foo',
'private_key': 'Bar'
}
mock_fernet_keys_setup.return_value = {
'/tmp/foo': {
'content': 'Foo'
},
'/tmp/bar': {
'content': 'Bar'
}
}
mock_orchestration = mock.MagicMock()
mock_orchestration.stacks.environment.return_value = {
'parameter_defaults': _EXISTING_PASSWORDS.copy()
}
mock_resource = mock.MagicMock()
mock_resource.attributes = {
'endpoint_map': {
'PlacementPublic': {}
},
}
mock_orchestration.resources.get.return_value = mock_resource
rotate_list = [
'BarbicanPassword', 'AdminPassword', 'CeilometerMeteringSecret',
'NovaPassword', 'MysqlRootPassword'
]
result = plan_utils.generate_passwords(None,
mock_orchestration,
rotate_passwords=True,
rotate_pw_list=rotate_list)
# ensure only specified passwords are regenerated
for name in constants.PASSWORD_PARAMETER_NAMES:
self.assertTrue(name in result, "%s is not in %s" % (name, result))
if name in rotate_list:
self.assertNotEqual(_EXISTING_PASSWORDS[name], result[name])
else:
self.assertEqual(_EXISTING_PASSWORDS[name], result[name])
def run_module():
result = dict(
success=False,
changed=False,
error="",
passwords={}
)
argument_spec = openstack_full_argument_spec(
**yaml.safe_load(DOCUMENTATION)['options']
)
module = AnsibleModule(
argument_spec,
supports_check_mode=False,
**openstack_module_kwargs()
)
try:
container = module.params.get('container')
rotate_passwords = module.params.get('rotate_passwords')
password_list = module.params.get('password_list')
_, conn = openstack_cloud_from_module(module)
tripleo = tc.TripleOCommon(session=conn.session)
swift = tripleo.get_object_client()
heat = tripleo.get_orchestration_client()
rotated_passwords = plan_utils.generate_passwords(
swift, heat, container=container,
rotate_passwords=rotate_passwords,
rotate_pw_list=password_list)
result['success'] = True
result['passwords'] = rotated_passwords
result['changed'] = True
except Exception as err:
result['error'] = str(err)
result['msg'] = ("Error rotating passwords for plan %s: %s" % (
container, err))
module.fail_json(**result)
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
module.exit_json(**result)
def test_generate_password(self, mock_get_snmpd_readonly_user_password):
mock_get_snmpd_readonly_user_password.return_value = "TestPassword"
mock_orchestration = mock.MagicMock()
mock_orchestration.stacks.environment.return_value = {
'parameter_defaults': {}
}
mock_resource = mock.MagicMock()
mock_resource.attributes = {
'endpoint_map': {
'PlacementPublic': {}
},
}
mock_orchestration.resources.get.return_value = mock_resource
result = plan_utils.generate_passwords(None, mock_orchestration)
for password_param_name in constants.PASSWORD_PARAMETER_NAMES:
self.assertTrue(password_param_name in result,
"%s is not in %s" % (password_param_name, result))
def export_passwords(heat, stack, stack_dir):
"""Export passwords from an existing stack and write them in Heat
environment file format to the specified directory.
:param heat: Heat client
:type heat: heatclient.client.Client
:param stack: Stack name to query for passwords
:type stack: str
:param stack_dir: Directory to save the generated Heat environment
containing the password values.
:type stack_dir: str
:return: None
:rtype: None
"""
passwords_path = os.path.join(stack_dir,
"tripleo-{}-passwords.yaml".format(stack))
LOG.info("Exporting passwords for stack %s to %s" %
(stack, passwords_path))
passwords = plan_utils.generate_passwords(heat=heat, container=stack)
password_params = dict(parameter_defaults=passwords)
with open(passwords_path, 'w') as f:
f.write(yaml.safe_dump(password_params))
os.chmod(passwords_path, 0o600)