From 97c8c69675f83c8f7ac6d925f53a57d6b2b25165 Mon Sep 17 00:00:00 2001
From: Frode Nordahl <frode.nordahl@canonical.com>
Date: Wed, 1 Aug 2018 15:36:10 +0200
Subject: [PATCH] Improve password security

Retrieve password from leader settings on keystone leader
unit.
---
 unit_tests/utilities/test_zaza_utilities_openstack.py | 2 ++
 zaza/utilities/openstack.py                           | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/unit_tests/utilities/test_zaza_utilities_openstack.py b/unit_tests/utilities/test_zaza_utilities_openstack.py
index 705b378..599a1e2 100644
--- a/unit_tests/utilities/test_zaza_utilities_openstack.py
+++ b/unit_tests/utilities/test_zaza_utilities_openstack.py
@@ -158,10 +158,12 @@ class TestOpenStackUtils(ut_utils.BaseTestCase):
         self.patch_object(openstack_utils, 'get_application_config_option')
         self.patch_object(openstack_utils, 'get_keystone_ip')
         self.patch_object(openstack_utils, "get_current_os_versions")
+        self.patch_object(openstack_utils.juju_utils, 'leader_get')
 
         self.get_keystone_ip.return_value = '127.0.0.1'
         self.get_relation_id.return_value = None
         self.get_application_config_option.return_value = None
+        self.leader_get.return_value = 'openstack'
         if tls_relation or ssl_cert:
             port = 35357
             transport = 'https'
diff --git a/zaza/utilities/openstack.py b/zaza/utilities/openstack.py
index 0a26eea..c8c767c 100644
--- a/zaza/utilities/openstack.py
+++ b/zaza/utilities/openstack.py
@@ -1245,6 +1245,8 @@ def get_overcloud_auth():
     elif api_version is None:
         api_version = 2
 
+    password = juju_utils.leader_get('keystone', 'admin_passwd')
+
     if api_version == 2:
         # V2 Explicitly, or None when charm does not possess the config key
         logging.info('Using keystone API V2 for overcloud auth')
@@ -1252,7 +1254,7 @@ def get_overcloud_auth():
             'OS_AUTH_URL': '%s://%s:%i/v2.0' % (transport, address, port),
             'OS_TENANT_NAME': 'admin',
             'OS_USERNAME': 'admin',
-            'OS_PASSWORD': 'openstack',
+            'OS_PASSWORD': password,
             'OS_REGION_NAME': 'RegionOne',
             'API_VERSION': 2,
         }
@@ -1262,7 +1264,7 @@ def get_overcloud_auth():
         auth_settings = {
             'OS_AUTH_URL': '%s://%s:%i/v3' % (transport, address, port),
             'OS_USERNAME': 'admin',
-            'OS_PASSWORD': 'openstack',
+            'OS_PASSWORD': password,
             'OS_REGION_NAME': 'RegionOne',
             'OS_DOMAIN_NAME': 'admin_domain',
             'OS_USER_DOMAIN_NAME': 'admin_domain',