From 70d22113cc8d58b6546cb4917c27f9aae51787c5 Mon Sep 17 00:00:00 2001
From: Kam Nasim <kam.nasim@windriver.com>
Date: Mon, 2 Apr 2018 16:13:31 -0400
Subject: [PATCH] CGTS-9320: config_controller fails when admin pw containing $

Escape special characters when executing the keystone-manage bootstrap
command since the keystone CLI argparse will parse "Madawa$ka1" as
"Madawa" which will cause the Keystone ADMIN acct to be created with an
incorrect password. Puppet will detect this and attempt to course
correct by sending an UPDATE User request to Keystone, which does set
the right password but causes other failures in config_controller
---
 manifests/init.pp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index d64638c..89af303 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1292,10 +1292,15 @@ running as a standalone service, or httpd for being run by a httpd server")
   }
 
   if $enable_bootstrap {
+    #(NOTE: knasim-wrs): escape special characters in the password otherwise the
+    # keyword-manage bootstrap CLI may parse the password incorrectly, causing
+    # the admin account to be created with an incorrect password
+    $admin_password_escaped = shell_escape($admin_password_real)
+
     # this requires the database to be up and running and configured
     # and is only run once, so we don't need to notify the service
     exec { 'keystone-manage bootstrap':
-      command     => "keystone-manage bootstrap --bootstrap-password ${admin_password_real}",
+      command     => "keystone-manage bootstrap --bootstrap-password ${admin_password_escaped}",
       user        => $keystone_user,
       path        => '/usr/bin',
       refreshonly => true,
-- 
1.8.3.1