Fix AAF authentication in conductor api

Fix AAF authentication and move all password decryption to common place Issue-ID: OPTFRA-733 Signed-off-by: krishnaa96 <krishna.moorthy6@wipro.com> Change-Id: I14c119bb246c26b7dc5b5144a843ff627587141b
author: krishnaa96 <krishna.moorthy6@wipro.com> 2020-04-15 21:35:53 +0530
committer: krishnaa96 <krishna.moorthy6@wipro.com> 2020-04-15 21:35:53 +0530
commit: a1d1240aa9f31127dc9ccb18b0e8ace9aac183c1 (patch)
tree: b714438f1078bdd6d301db009ad39d017a028609
parent: f42e4ce17b9ea2d5ff77b116a5510d751dd54131 (diff)
6 files changed, 13 insertions, 13 deletions
diff --git a/conductor/conductor/api/adapters/aaf/aaf_authentication.py b/conductor/conductor/api/adapters/aaf/aaf_authentication.py
index fb0b9ab..9c3fa69 100644
--- a/conductor/conductor/api/adapters/aaf/aaf_authentication.py
+++ b/conductor/conductor/api/adapters/aaf/aaf_authentication.py
@@ -83,7 +83,7 @@ def clear_cache():
 def authenticate(uid, passwd):
     aafUser = None
     username = CONF.conductor_api.username
-    password = cipherUtils.AESCipher.get_instance().decrypt(CONF.conductor_api.password)
+    password = CONF.conductor_api.password
     if username == uid and password == passwd:
         aafUser = CONF.aaf_api.aaf_conductor_user
     else:
@@ -120,8 +120,8 @@ def has_valid_permissions(userPerms):
             userType = userPerm["type"]
             userInstance = userPerm["instance"]
             userAction = userPerm["action"]
-            if userType == permType and userInstance == permInstance and \
-                (userAction == permAction or userAction == "*"):
+            if userType == permType and (userInstance == permInstance or permInstance == "*") and \
+                (userAction == permAction or permAction == "*"):
                 # FS - trace
                 LOG.info("User has valid permissions ")
                 return True
@@ -133,7 +133,7 @@ Make the remote aaf api call if user is not in the cache.
 Return the perms
 """
 def get_aaf_permissions(aafUser):
-    key = base64.b64encode("{}".format(aafUser), "ascii")
+    key = base64.b64encode("{}".format(aafUser).encode())
     time_delta = timedelta(hours = CONF.aaf_api.aaf_cache_expiry_hrs)
 
     perms = perm_cache.get(key)
@@ -159,7 +159,7 @@ def remote_api(aafUser):
         "server_url": server_url,
         "retries": CONF.aaf_api.aaf_retries,
         "username": CONF.aaf_api.username,
-        "password": cipherUtils.AESCipher.get_instance().decrypt(CONF.aaf_api.password),
+        "password": CONF.aaf_api.password,
         "log_debug": LOG.debug,
         "read_timeout": CONF.aaf_api.aaf_timeout,
         "cert_file": CONF.aaf_api.aaf_cert_file,
diff --git a/conductor/conductor/api/controllers/v1/plans.py b/conductor/conductor/api/controllers/v1/plans.py
index 9fb7240..3d4dfc4 100644
--- a/conductor/conductor/api/controllers/v1/plans.py
+++ b/conductor/conductor/api/controllers/v1/plans.py
@@ -326,7 +326,7 @@ def check_auth():
             plan = False
             auth_str = pecan.request.headers['Authorization']
             user_pw = auth_str.split(' ')[1]
-            decode_user_pw = base64.b64decode(user_pw)
+            decode_user_pw = base64.b64decode(user_pw.encode()).decode()
             list_id_pw = decode_user_pw.split(':')
             LOG.error("Incorrect username={} / password={}".format(list_id_pw[0], list_id_pw[1]))
     except:
diff --git a/conductor/conductor/common/music/api.py b/conductor/conductor/common/music/api.py
index 05b930d..77b6a5a 100644
--- a/conductor/conductor/common/music/api.py
+++ b/conductor/conductor/common/music/api.py
@@ -138,7 +138,7 @@ class MusicAPI(object):
         }
         self.rest = rest.REST(**kwargs)
 
-        music_pwd = cipherUtils.AESCipher.get_instance().decrypt(CONF.music_api.aafpass)
+        music_pwd = CONF.music_api.aafpass
         # Set one parameter for connection mode
         # Currently depend on music version
         if CONF.music_api.enable_https_mode:
diff --git a/conductor/conductor/common/sms.py b/conductor/conductor/common/sms.py
index ed71b8a..b8f0649 100644
--- a/conductor/conductor/common/sms.py
+++ b/conductor/conductor/common/sms.py
@@ -102,16 +102,16 @@ def load_secrets():
     config = CONF
     secret_dict = retrieve_secrets()
     config.set_override('username', secret_dict['aai']['username'], 'aai')
-    config.set_override('password', secret_dict['aai']['password'], 'aai')
+    config.set_override('password', decrypt_pass(secret_dict['aai']['password']), 'aai')
     config.set_override('username', secret_dict['conductor_api']['username'], 'conductor_api')
     config.set_override('password', decrypt_pass(secret_dict['conductor_api']['password']), 'conductor_api')
     config.set_override('aafuser', secret_dict['music_api']['aafuser'], 'music_api')
-    config.set_override('aafpass', secret_dict['music_api']['aafpass'], 'music_api')
+    config.set_override('aafpass', decrypt_pass(secret_dict['music_api']['aafpass']), 'music_api')
     config.set_override('aafns', secret_dict['music_api']['aafns'], 'music_api')
     config.set_override('username', secret_dict['sdnc']['username'], 'sdnc')
-    config.set_override('password', secret_dict['sdnc']['password'], 'sdnc')
+    config.set_override('password', decrypt_pass(secret_dict['sdnc']['password']), 'sdnc')
     config.set_override('username', secret_dict['aaf_api']['username'], 'aaf_api')
-    config.set_override('password', secret_dict['aaf_api']['password'], 'aaf_api')
+    config.set_override('password', decrypt_pass(secret_dict['aaf_api']['password']), 'aaf_api')
     config.set_override('aaf_conductor_user', secret_dict['aaf_api']['aaf_conductor_user'], 'aaf_api')
 
 
diff --git a/conductor/conductor/data/plugins/inventory_provider/aai.py b/conductor/conductor/data/plugins/inventory_provider/aai.py
index 658f838..ddb857b 100644
--- a/conductor/conductor/data/plugins/inventory_provider/aai.py
+++ b/conductor/conductor/data/plugins/inventory_provider/aai.py
@@ -111,7 +111,7 @@ class AAI(base.InventoryProviderBase):
         self.timeout = self.conf.aai.aai_rest_timeout
         self.retries = self.conf.aai.aai_retries
         self.username = self.conf.aai.username
-        self.password = cipherUtils.AESCipher.get_instance().decrypt(self.conf.aai.password)
+        self.password = self.conf.aai.password
         self.triage_translator=TraigeTranslator()
 
         # Cache is initially empty
diff --git a/conductor/conductor/data/plugins/service_controller/sdnc.py b/conductor/conductor/data/plugins/service_controller/sdnc.py
index 1571b41..0384270 100644
--- a/conductor/conductor/data/plugins/service_controller/sdnc.py
+++ b/conductor/conductor/data/plugins/service_controller/sdnc.py
@@ -67,7 +67,7 @@ class SDNC(base.ServiceControllerBase):
         self.conf = CONF
 
         self.base = self.conf.sdnc.server_url.rstrip('/')
-        self.password = cipherUtils.AESCipher.get_instance().decrypt(self.conf.sdnc.password)
+        self.password = self.conf.sdnc.password
         self.timeout = self.conf.sdnc.sdnc_rest_timeout
         self.verify = False
         self.retries = self.conf.sdnc.sdnc_retries
author	krishnaa96 <krishna.moorthy6@wipro.com>	2020-04-15 21:35:53 +0530
committer	krishnaa96 <krishna.moorthy6@wipro.com>	2020-04-15 21:35:53 +0530
commit	a1d1240aa9f31127dc9ccb18b0e8ace9aac183c1 (patch)
tree	b714438f1078bdd6d301db009ad39d017a028609
parent	f42e4ce17b9ea2d5ff77b116a5510d751dd54131 (diff)