From be0e123734724acbedbef36d651e45e4bccae881 Mon Sep 17 00:00:00 2001 From: Nick Carboni Date: Fri, 12 Oct 2018 13:56:33 -0400 Subject: [PATCH] Generate a new ansible rabbitmq password If the current rabbitmq password contains special characters it will fail a new preflight check in the setup playbook. This is fixed for new installations by https://github.com/ManageIQ/manageiq/pull/18092 but because we re-run the setup playbook when we upgrade the tower version, we also need to correct existing ones. https://bugzilla.redhat.com/show_bug.cgi?id=1638009 --- ...aracters_from_ansible_rabbitmq_password.rb | 25 +++++++++ ...ers_from_ansible_rabbitmq_password_spec.rb | 55 +++++++++++++++++++ 2 files changed, 80 insertions(+) create mode 100644 db/migrate/20181012160010_remove_special_characters_from_ansible_rabbitmq_password.rb create mode 100644 spec/migrations/20181012160010_remove_special_characters_from_ansible_rabbitmq_password_spec.rb diff --git a/db/migrate/20181012160010_remove_special_characters_from_ansible_rabbitmq_password.rb b/db/migrate/20181012160010_remove_special_characters_from_ansible_rabbitmq_password.rb new file mode 100644 index 000000000..4e062baac --- /dev/null +++ b/db/migrate/20181012160010_remove_special_characters_from_ansible_rabbitmq_password.rb @@ -0,0 +1,25 @@ +require 'securerandom' + +class RemoveSpecialCharactersFromAnsibleRabbitmqPassword < ActiveRecord::Migration[5.0] + # used only in specs + class MiqDatabase < ActiveRecord::Base; end + + class Authentication < ActiveRecord::Base + self.inheritance_column = :_type_disabled + include ActiveRecord::IdRegions + end + + def up + auth = Authentication.in_my_region.find_by( + :name => "Ansible Rabbitmq Authentication", + :authtype => "ansible_rabbitmq_auth", + :userid => "ansible", + :type => "AuthUseridPassword" + ) + + return unless auth + + current = MiqPassword.decrypt(auth.password) + auth.update_attributes!(:password => MiqPassword.encrypt(SecureRandom.hex(18))) unless current.match(/^[a-zA-Z0-9]+$/) + end +end diff --git a/spec/migrations/20181012160010_remove_special_characters_from_ansible_rabbitmq_password_spec.rb b/spec/migrations/20181012160010_remove_special_characters_from_ansible_rabbitmq_password_spec.rb new file mode 100644 index 000000000..ae830b644 --- /dev/null +++ b/spec/migrations/20181012160010_remove_special_characters_from_ansible_rabbitmq_password_spec.rb @@ -0,0 +1,55 @@ +require_migration + +describe RemoveSpecialCharactersFromAnsibleRabbitmqPassword do + let(:database_stub) { migration_stub(:MiqDatabase) } + let(:authentication_stub) { migration_stub(:Authentication) } + let(:db_id) { database_stub.first.id } + let(:auth_attributes) do + { + :name => "Ansible Rabbitmq Authentication", + :authtype => "ansible_rabbitmq_auth", + :userid => "ansible", + :type => "AuthUseridPassword", + :resource_id => db_id, + :resource_type => "MiqDatabase" + } + end + + before { database_stub.create! } + + migration_context :up do + it "does nothing if the authentication record doesn't exist" do + expect(rabbitmq_auths.count).to eq(0) + migrate + expect(rabbitmq_auths.count).to eq(0) + end + + it "does not change the password if the existing one doesn't contain special characters" do + authentication_stub.create!(auth_attributes.merge(:password => MiqPassword.encrypt("password"))) + expect(ansible_rabbitmq_password).to eq("password") + + migrate + + expect(ansible_rabbitmq_password).to eq("password") + end + + it "generates a new password when the existing one contains special characters" do + authentication_stub.create!(auth_attributes.merge(:password => MiqPassword.encrypt("pass_word"))) + expect(ansible_rabbitmq_password).to eq("pass_word") + + migrate + + expect(ansible_rabbitmq_password).to match(/^[a-zA-Z0-9]+$/) + end + end + + def rabbitmq_auths + authentication_stub.where(auth_attributes) + end + + def ansible_rabbitmq_password + auths = rabbitmq_auths + expect(auths.count).to eq(1) + MiqPassword.decrypt(auths.first.password) + end +end