tripleo

The 'tripleoclient.export.export_passwords' function always exports all generated passwords.

Bug #1933237 reported by Jiri Podivin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Medium
Jiri Podivin
tripleo xena-2

Bug Description

Behavior of the 'tripleoclient.export.export_passwords' no longer corresponds to the intent estblished by it's signature.

https://opendev.org/openstack/python-tripleoclient/src/branch/master/tripleoclient/export.py#L34-L51

Original function had a mechanism for excluding passwords from export.

However, the check was first refactored in [1] and finally completely abandoned in [2].

Since then the only remnant of the check is the unused 'excludes' argument, which defaults
to True, regular expression check, and a double nested loop iterating over all password param names.

Meanwhile, all generated passwords are exported every time.

Two options present themselves.

Removal of the remnants of the check mechanism. Or its reestablishment.

[1] - https://review.opendev.org/c/openstack/python-tripleoclient/+/745958
[2] - https://review.opendev.org/c/openstack/python-tripleoclient/+/773287

See original description
Jiri Podivin (jpodivin)
Changed in tripleo:
importance: Undecided → Medium
Revision history for this message
Jiri Podivin (jpodivin) wrote :

After consultation with James Slagle, the second option was chosen.

Jiri Podivin (jpodivin)
description: updated
Changed in tripleo:
milestone: none → xena-1
Revision history for this message
Jiri Podivin (jpodivin) wrote :

The patch is now in gerrit.
https://review.opendev.org/c/openstack/python-tripleoclient/+/797461

Changed in tripleo:
status: Triaged → In Progress
Marios Andreou (marios-b)
Changed in tripleo:
milestone: xena-1 → xena-2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to python-tripleoclient (master)

Reviewed: https://review.opendev.org/c/openstack/python-tripleoclient/+/797461
Committed: https://opendev.org/openstack/python-tripleoclient/commit/cc2ac4a855ffeb51d9c854cd0a5c4f75f2cb735c
Submitter: "Zuul (22348)"
Branch: master

commit cc2ac4a855ffeb51d9c854cd0a5c4f75f2cb735c
Author: Jiri Podivin <email address hidden>
Date: Tue Jun 22 15:27:28 2021 +0200

    Restoration of the 'export_passwords' exclusion

    The 'tripleoclient.export.export_passwords' function was intended
    export passwords selectively, if needed, based on provided rules.

    This patch restores that functionality.
    Furthermore, tests were adjusted to validate exports with and
    without filtering.

    Function level documentation was expanded with information about
    inputs and outputs.

    Per suggestion, the loop was adjusted to iterate over generated passwords
    rather than over `tripleo_common_constants.PASSWORD_PARAMETER_NAMES`.
    The existing import of tripleo_common.constants was removed, as there
    were no more references to it.

    Closes-Bug: #1933237

    Signed-off-by: Jiri Podivin <email address hidden>
    Change-Id: I397caaf314dae17a48d4aeed55f1a5a8e4ae3d41

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/python-tripleoclient 17.1.0

This issue was fixed in the openstack/python-tripleoclient 17.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to python-tripleoclient (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/python-tripleoclient/+/838911

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to python-tripleoclient (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/python-tripleoclient/+/838911
Committed: https://opendev.org/openstack/python-tripleoclient/commit/095182c143336bb4b7039df411ad47f7b64bd4bf
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit 095182c143336bb4b7039df411ad47f7b64bd4bf
Author: Jiri Podivin <email address hidden>
Date: Tue Jun 22 15:27:28 2021 +0200

    Restoration of the 'export_passwords' exclusion

    The 'tripleoclient.export.export_passwords' function was intended
    export passwords selectively, if needed, based on provided rules.

    This patch restores that functionality.
    Furthermore, tests were adjusted to validate exports with and
    without filtering.

    Function level documentation was expanded with information about
    inputs and outputs.

    Per suggestion, the loop was adjusted to iterate over generated passwords
    rather than over `tripleo_common_constants.PASSWORD_PARAMETER_NAMES`.
    The existing import of tripleo_common.constants was removed, as there
    were no more references to it.

    Closes-Bug: #1933237

    Signed-off-by: Jiri Podivin <email address hidden>
    Change-Id: I397caaf314dae17a48d4aeed55f1a5a8e4ae3d41
    (cherry picked from commit cc2ac4a855ffeb51d9c854cd0a5c4f75f2cb735c)

tags: added: in-stable-wallaby
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.