From ed225a36d88abefc9a52100a44f7d5f8d4d8322c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= <radoslaw.piliszek@gmail.com>
Date: Sat, 8 Feb 2020 16:24:53 +0100
Subject: [PATCH] Add --clean to kolla-mergepwd

to clean old keys on merge.

Change-Id: Ifcc99e7c737707eea9e951db066dc94fd85bd9f7
---
 doc/source/user/operating-kolla.rst              |  5 +++++
 kolla_ansible/cmd/mergepwd.py                    | 16 +++++++++++++---
 .../feature-mergepwd-clean-18cbed4d39967e70.yaml |  5 +++++
 3 files changed, 23 insertions(+), 3 deletions(-)
 create mode 100644 releasenotes/notes/feature-mergepwd-clean-18cbed4d39967e70.yaml

diff --git a/doc/source/user/operating-kolla.rst b/doc/source/user/operating-kolla.rst
index 18f9465906..5cb6ff0f17 100644
--- a/doc/source/user/operating-kolla.rst
+++ b/doc/source/user/operating-kolla.rst
@@ -217,3 +217,8 @@ For example:
    kolla-genpwd -p passwords.yml.new
    kolla-mergepwd --old passwords.yml.old --new passwords.yml.new --final /etc/kolla/passwords.yml
 
+.. note::
+
+   ``kolla-mergepwd``, by default, keeps old, unused passwords intact.
+   To alter this behavior, and remove such entries, use the ``--clean``
+   argument when invoking ``kolla-mergepwd``.
diff --git a/kolla_ansible/cmd/mergepwd.py b/kolla_ansible/cmd/mergepwd.py
index 4c697629a0..850a36cf32 100755
--- a/kolla_ansible/cmd/mergepwd.py
+++ b/kolla_ansible/cmd/mergepwd.py
@@ -16,14 +16,21 @@ import argparse
 import yaml
 
 
-def mergepwd(old, new, final):
+def mergepwd(old, new, final, clean=False):
     with open(old, "r") as old_file:
         old_passwords = yaml.safe_load(old_file)
 
     with open(new, "r") as new_file:
         new_passwords = yaml.safe_load(new_file)
 
-    new_passwords.update(old_passwords)
+    if clean:
+        # keep only new keys
+        for key in new_passwords:
+            if key in old_passwords:
+                new_passwords[key] = old_passwords[key]
+    else:
+        # old behavior
+        new_passwords.update(old_passwords)
 
     with open(final, "w") as destination:
         yaml.safe_dump(new_passwords, destination, default_flow_style=False)
@@ -34,8 +41,11 @@ def main():
     parser.add_argument("--old", help="old password file", required=True)
     parser.add_argument("--new", help="new password file", required=True)
     parser.add_argument("--final", help="merged password file", required=True)
+    parser.add_argument("--clean",
+                        help="clean (keep only new keys)",
+                        action='store_true')
     args = parser.parse_args()
-    mergepwd(args.old, args.new, args.final)
+    mergepwd(args.old, args.new, args.final, args.clean)
 
 
 if __name__ == '__main__':
diff --git a/releasenotes/notes/feature-mergepwd-clean-18cbed4d39967e70.yaml b/releasenotes/notes/feature-mergepwd-clean-18cbed4d39967e70.yaml
new file mode 100644
index 0000000000..dd60d9bdf5
--- /dev/null
+++ b/releasenotes/notes/feature-mergepwd-clean-18cbed4d39967e70.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Adds ``--clean`` argument to ``kolla-mergepwd``. It allows to clean old
+    (not used anymore) keys from the passwords file.