diff options
| author |   Dileep Ranganathan <dileep.ranganathan@intel.com> | 2018-10-12 05:54:32 -0700 |
|---|---|---|
| committer | Dileep Ranganathan <dileep.ranganathan@intel.com> | 2018-10-21 06:09:42 -0700 |
| commit | e3f81c49af440b593b102c68c8421e892722632c (patch) | |
| tree | 6d8f57364fb697ccd8af409496bde5355d74f47c | |
| parent | ef0843f7f384fb89e4143db0fa0dd18cce80f71a (diff) | |
Enable SMS for HAS
Load secrets from SMS in OSDF
Helm charts uses a Job to load secrets.
CSIT needs to load it manually.
Added is_eanbled flag for SMS. SMS is enabled by default.
For testing locally, this can be overridden.
Change-Id: I09bc96e1408d4136cc479e1e5667d36b5a1b5427
Issue-ID: OPTFRA-343
Signed-off-by: Dileep Ranganathan <dileep.ranganathan@intel.com>
| -rwxr-xr-x | conductor.conf | 18 | ||||
| -rw-r--r-- | conductor/conductor/common/sms.py | 21 | ||||
| -rw-r--r-- | conductor/conductor/service.py | 5 | ||||
| -rwxr-xr-x | preload_secrets.yaml | 4 |
4 files changed, 24 insertions, 24 deletions
diff --git a/conductor.conf b/conductor.conf index 18dad13..027335d 100755 --- a/conductor.conf +++ b/conductor.conf @@ -162,6 +162,9 @@ aaf_url = http://aaf-service:8100/authz/perms/user/ # From conductor # +# Is Secret Management service enabled (boolean value) +#is_enabled = true + # Base URL for SMS, up to and not including the version, and without a trailing # slash. (string value) #aaf_sms_url = https://aaf-sms.onap:10443 @@ -173,7 +176,7 @@ aaf_url = http://aaf-service:8100/authz/perms/user/ # be False and the server certis not verified by the client. (string value) #aaf_ca_certs = AAF_RootCA.cer -# Domain Name for HAS +# Domain Name for HAS (string value) #secret_domain = has @@ -224,10 +227,10 @@ certificate_key_file = certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer # Username for AAI. (string value) -username = OOF +#username = # Password for AAI. (string value) -password = OOF +#password = [api] @@ -255,11 +258,9 @@ password = OOF # username for plans. (string value) #username = -username = admin1 # password for plans. (string value) #password = -password = plan.15 # auth toggling. (boolean value) #basic_auth_secure = true @@ -461,21 +462,18 @@ music_new_version = True # for version (string value) #music_version = <None> -music_version = "2.5.3" +music_version = "3.0.23" # username value that used for creating basic authorization header (string # value) #aafuser = <None> -aafuser = conductor # password value that used for creating basic authorization header (string # value) #aafpass = <None> -aafpass = c0nduct0r # AAF namespace field used in MUSIC request header (string value) #aafns = <None> -aafns = conductor [prometheus] @@ -536,11 +534,9 @@ server_url = https://sdnc.onap:8282/restconf/ # Basic Authentication Username (string value) #username = <None> -username = admin # Basic Authentication Password (string value) #password = <None> -password = Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U # Timeout for SDNC Rest Call (string value) #sdnc_rest_timeout = 30 diff --git a/conductor/conductor/common/sms.py b/conductor/conductor/common/sms.py index ace2e68..c5eee3a 100644 --- a/conductor/conductor/common/sms.py +++ b/conductor/conductor/common/sms.py @@ -35,6 +35,9 @@ LOG = log.getLogger(__name__) CONF = cfg.CONF AAF_SMS_OPTS = [ + cfg.BoolOpt('is_enabled', + default=True, + help='Is Secret Management service enabled'), cfg.StrOpt('aaf_sms_url', default='https://aaf-sms.onap:10443', help='Base URL for SMS, up to and not including ' @@ -99,15 +102,15 @@ def retrieve_secrets(): def load_secrets(): config = CONF secret_dict = retrieve_secrets() - config.aai.username = secret_dict['aai']['username'] - config.aai.password = secret_dict['aai']['password'] - config.conductor_api.username = secret_dict['conductor_api']['username'] - config.conductor_api.password = secret_dict['conductor_api']['password'] - config.music_api.aafuser = secret_dict['music_api']['aafuser'] - config.music_api.aafpass = secret_dict['music_api']['aafpass'] - config.music_api.aafns = secret_dict['music_api']['aafns'] - config.sdnc.username = secret_dict['sdnc']['username'] - config.sdnc.password = secret_dict['sdnc']['password'] + config.set_override('username', secret_dict['aai']['username'], 'aai') + config.set_override('password', secret_dict['aai']['password'], 'aai') + config.set_override('username', secret_dict['conductor_api']['username'], 'conductor_api') + config.set_override('password', secret_dict['conductor_api']['password'], 'conductor_api') + config.set_override('aafuser', secret_dict['music_api']['aafuser'], 'music_api') + config.set_override('aafpass', secret_dict['music_api']['aafpass'], 'music_api') + config.set_override('aafns', secret_dict['music_api']['aafns'], 'music_api') + config.set_override('username', secret_dict['sdnc']['username'], 'sdnc') + config.set_override('password', secret_dict['sdnc']['password'], 'sdnc') def delete_secrets(): diff --git a/conductor/conductor/service.py b/conductor/conductor/service.py index 982123c..42fe99f 100644 --- a/conductor/conductor/service.py +++ b/conductor/conductor/service.py @@ -108,6 +108,7 @@ def prepare_service(argv=None, config_files=None): if argv: gmr.TextGuruMeditation.setup_autorun(version) messaging.setup() - # TODO(Dileep): Uncomment once Helm charts to preload secrets available - # sms.load_secrets() + # Load secrets from SMS + if conf.aaf_sms.is_enabled: + sms.load_secrets() return conf diff --git a/preload_secrets.yaml b/preload_secrets.yaml index 1642308..98e5197 100755 --- a/preload_secrets.yaml +++ b/preload_secrets.yaml @@ -5,8 +5,8 @@ domain: has secrets: - name: aai values: - username: OOF - password: OOF + username: oof@oof.onap.org + password: demo123456! - name: conductor_api values: username: admin1 |