Pass RabbitMQ's password from the client

In the tripleo templates the RabbitMQ password is set as
the default but can be overriden. It's not a good security pratice to
use that default so this change enables the autogeneration of
that parameter.

Bug: #1557688
Change-Id: I9c2f2b82ab2780ff325f90f5e038f3b7f3b5cf61

tripleoclient/tests/test_utils.py

@@ -38,8 +38,7 @@ def test_generate_passwords(self, generate_password_mock, isfile_mock):
         with mock.patch('six.moves.builtins.open', mock_open):
             passwords = utils.generate_overcloud_passwords(
                 create_password_file=True)
-
-        self.assertEqual(sorted(mock_open().write.mock_calls), [
+        mock_calls = [
             mock.call('NEUTRON_METADATA_PROXY_SHARED_SECRET=PASSWORD\n'),
             mock.call('OVERCLOUD_ADMIN_PASSWORD=PASSWORD\n'),
             mock.call('OVERCLOUD_ADMIN_TOKEN=PASSWORD\n'),
@@ -52,14 +51,16 @@ def test_generate_passwords(self, generate_password_mock, isfile_mock):
             mock.call('OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD=PASSWORD\n'),
             mock.call('OVERCLOUD_NEUTRON_PASSWORD=PASSWORD\n'),
             mock.call('OVERCLOUD_NOVA_PASSWORD=PASSWORD\n'),
+            mock.call('OVERCLOUD_RABBITMQ_PASSWORD=PASSWORD\n'),
             mock.call('OVERCLOUD_REDIS_PASSWORD=PASSWORD\n'),
             mock.call('OVERCLOUD_SAHARA_PASSWORD=PASSWORD\n'),
             mock.call('OVERCLOUD_SWIFT_HASH=PASSWORD\n'),
             mock.call('OVERCLOUD_SWIFT_PASSWORD=PASSWORD\n'),
-        ])
-        self.assertEqual(generate_password_mock.call_count, 16)
+        ]
+        self.assertEqual(sorted(mock_open().write.mock_calls), mock_calls)
+        self.assertEqual(generate_password_mock.call_count, len(mock_calls))
 
-        self.assertEqual(len(passwords), 16)
+        self.assertEqual(len(passwords), len(mock_calls))
 
     def test_generate_passwords_update(self):
 
@@ -85,6 +86,7 @@ def test_load_passwords(self, generate_password_mock, isfile_mock):
             'OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD=PASSWORD\n',
             'OVERCLOUD_NEUTRON_PASSWORD=PASSWORD\n',
             'OVERCLOUD_NOVA_PASSWORD=PASSWORD\n',
+            'OVERCLOUD_RABBITMQ_PASSWORD=PASSWORD\n',
             'OVERCLOUD_REDIS_PASSWORD=PASSWORD\n',
             'OVERCLOUD_SAHARA_PASSWORD=PASSWORD\n',
             'OVERCLOUD_SWIFT_HASH=PASSWORD\n',
@@ -100,7 +102,7 @@ def test_load_passwords(self, generate_password_mock, isfile_mock):
             passwords = utils.generate_overcloud_passwords()
 
         generate_password_mock.assert_not_called()
-        self.assertEqual(len(passwords), 16)
+        self.assertEqual(len(passwords), len(PASSWORDS))
         for name in utils._PASSWORD_NAMES:
             self.assertEqual('PASSWORD', passwords[name])
 

tripleoclient/tests/v1/overcloud_deploy/test_overcloud_deploy.py

@@ -163,6 +163,7 @@ def test_tht_scale(self, mock_time, mock_uuid1, mock_create_cephx_key,
             'NeutronPublicInterface': 'nic1',
             'NovaPassword': 'password',
             'NtpServer': '',
+            'RabbitPassword': 'password',
             'RedisPassword': 'password',
             'SaharaPassword': 'password',
             'SnmpdReadonlyUserPassword': 'PASSWORD',
@@ -319,6 +320,7 @@ def _orch_clt_create(**kwargs):
             'NeutronTunnelTypes': 'gre',
             'NovaPassword': 'password',
             'NtpServer': '',
+            'RabbitPassword': 'password',
             'RedisPassword': 'password',
             'SaharaPassword': 'password',
             'SnmpdReadonlyUserPassword': 'PASSWORD',

tripleoclient/tests/v1/utils.py

@@ -13,25 +13,10 @@
 #   under the License.
 #
 
+from tripleoclient import utils
+
 
 def generate_overcloud_passwords_mock():
-    passwords = (
-        "OVERCLOUD_ADMIN_PASSWORD",
-        "OVERCLOUD_ADMIN_TOKEN",
-        "OVERCLOUD_CEILOMETER_PASSWORD",
-        "OVERCLOUD_CEILOMETER_SECRET",
-        "OVERCLOUD_CINDER_PASSWORD",
-        "OVERCLOUD_DEMO_PASSWORD",
-        "OVERCLOUD_GLANCE_PASSWORD",
-        "OVERCLOUD_HEAT_PASSWORD",
-        "OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD",
-        "OVERCLOUD_NEUTRON_PASSWORD",
-        "OVERCLOUD_NOVA_PASSWORD",
-        "OVERCLOUD_REDIS_PASSWORD",
-        "OVERCLOUD_SAHARA_PASSWORD",
-        "OVERCLOUD_SWIFT_HASH",
-        "OVERCLOUD_SWIFT_PASSWORD",
-        "NEUTRON_METADATA_PROXY_SHARED_SECRET"
-    )
+    passwords = utils._PASSWORD_NAMES
 
     return dict((password, 'password') for password in passwords)

tripleoclient/utils.py

@@ -47,6 +47,7 @@
     "OVERCLOUD_HEAT_STACK_DOMAIN_PASSWORD",
     "OVERCLOUD_NEUTRON_PASSWORD",
     "OVERCLOUD_NOVA_PASSWORD",
+    "OVERCLOUD_RABBITMQ_PASSWORD",
     "OVERCLOUD_REDIS_PASSWORD",
     "OVERCLOUD_SAHARA_PASSWORD",
     "OVERCLOUD_SWIFT_HASH",

tripleoclient/v1/overcloud_deploy.py

@@ -80,6 +80,7 @@ def set_overcloud_passwords(self, stack_is_new, parameters):
         parameters['NeutronPassword'] = passwords[
             'OVERCLOUD_NEUTRON_PASSWORD']
         parameters['NovaPassword'] = passwords['OVERCLOUD_NOVA_PASSWORD']
+        parameters['RabbitPassword'] = passwords['OVERCLOUD_RABBITMQ_PASSWORD']
         parameters['RedisPassword'] = passwords['OVERCLOUD_REDIS_PASSWORD']
         parameters['SaharaPassword'] = (
             passwords['OVERCLOUD_SAHARA_PASSWORD'])