Improve password security

Retrieve password from leader settings on keystone leader
unit.

unit_tests/utilities/test_zaza_utilities_openstack.py

@@ -158,10 +158,12 @@ class TestOpenStackUtils(ut_utils.BaseTestCase):
         self.patch_object(openstack_utils, 'get_application_config_option')
         self.patch_object(openstack_utils, 'get_keystone_ip')
         self.patch_object(openstack_utils, "get_current_os_versions")
+        self.patch_object(openstack_utils.juju_utils, 'leader_get')
 
         self.get_keystone_ip.return_value = '127.0.0.1'
         self.get_relation_id.return_value = None
         self.get_application_config_option.return_value = None
+        self.leader_get.return_value = 'openstack'
         if tls_relation or ssl_cert:
             port = 35357
             transport = 'https'

zaza/utilities/openstack.py

@@ -1245,6 +1245,8 @@ def get_overcloud_auth():
     elif api_version is None:
         api_version = 2
 
+    password = juju_utils.leader_get('keystone', 'admin_passwd')
+
     if api_version == 2:
         # V2 Explicitly, or None when charm does not possess the config key
         logging.info('Using keystone API V2 for overcloud auth')
@@ -1252,7 +1254,7 @@ def get_overcloud_auth():
             'OS_AUTH_URL': '%s://%s:%i/v2.0' % (transport, address, port),
             'OS_TENANT_NAME': 'admin',
             'OS_USERNAME': 'admin',
-            'OS_PASSWORD': 'openstack',
+            'OS_PASSWORD': password,
             'OS_REGION_NAME': 'RegionOne',
             'API_VERSION': 2,
         }
@@ -1262,7 +1264,7 @@ def get_overcloud_auth():
         auth_settings = {
             'OS_AUTH_URL': '%s://%s:%i/v3' % (transport, address, port),
             'OS_USERNAME': 'admin',
-            'OS_PASSWORD': 'openstack',
+            'OS_PASSWORD': password,
             'OS_REGION_NAME': 'RegionOne',
             'OS_DOMAIN_NAME': 'admin_domain',
             'OS_USER_DOMAIN_NAME': 'admin_domain',