k8s: Remove hardcoded password for 'vagrant' user

Password for 'vagrant' user is now passed through exported environmental
variable.

This patch also:

* removes the assumption of having 'vagrant' user on cluster nodes (for
  future scripts reuse),
* removes mixed string interpolation and passing shell variables,
* replaces '~' with '$HOME' for proper substitiution.

Issue-ID: SECCOM-235
Change-Id: Id9e7b6acccd902de4c414cd8a0f095ac135fee5a
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>

diff --git a/test/security/k8s/vagrant/dublin/Vagrantfile b/test/security/k8s/vagrant/dublin/Vagrantfile
index e7fe6b1..d91a822 100644 (file)
--- a/test/security/k8s/vagrant/dublin/Vagrantfile
+++ b/test/security/k8s/vagrant/dublin/Vagrantfile
@@ -2,7 +2,9 @@
 # -*- coding: utf-8 -*-
 
 host_ip = "192.168.121.1"
-operator_key = "~/.ssh/onap-key"
+operator_key = "${HOME}/.ssh/onap-key"
+vagrant_user = "vagrant"
+vagrant_password = "vagrant"
 
 vm_memory = 2 * 1024
 vm_cpus = 1
@@ -16,6 +18,16 @@ cluster = [
 
 all = cluster.dup << operation
 
+$deploy_key = <<-SCRIPT
+  KEY="$1"
+  USER="$2"
+  PASS="$PASSWORD"
+  IPS="$3"
+  for ip in $IPS; do
+    sshpass -p "$PASS" ssh-copy-id -o StrictHostKeyChecking=no -i "$KEY" "${USER}@${ip}"
+  done
+SCRIPT
+
 $link_dotfiles = <<-SCRIPT
   for rc in /vagrant/dot_*; do
     ln -sf "$rc" "${HOME}/.${rc##*dot_}"
@@ -73,11 +85,12 @@ Vagrant.configure('2') do |config|
 
         ips = ""
         cluster.each { |node| ips << node[:ip] << " " }
-        config.vm.provision :shell, privileged: false, inline: <<-SHELL
-          for ip in #{ips}; do
-            sshpass -p vagrant ssh-copy-id -o StrictHostKeyChecking=no -i #{operator_key} "$ip"
-          done
-        SHELL
+        config.vm.provision :shell do |s|
+          s.privileged = false
+          s.inline = $deploy_key
+          s.args = [operator_key, vagrant_user, ips]
+          s.env = {'PASSWORD': vagrant_password}
+        end
       end
     end
   end