summaryrefslogtreecommitdiffstats
path: root/conductor
diff options
context:
space:
mode:
authorkrishnaa96 <krishna.moorthy6@wipro.com>2020-04-15 21:35:53 +0530
committerkrishnaa96 <krishna.moorthy6@wipro.com>2020-04-15 21:35:53 +0530
commita1d1240aa9f31127dc9ccb18b0e8ace9aac183c1 (patch)
treeb714438f1078bdd6d301db009ad39d017a028609 /conductor
parentf42e4ce17b9ea2d5ff77b116a5510d751dd54131 (diff)
Fix AAF authentication in conductor api
Fix AAF authentication and move all password decryption to common place Issue-ID: OPTFRA-733 Signed-off-by: krishnaa96 <krishna.moorthy6@wipro.com> Change-Id: I14c119bb246c26b7dc5b5144a843ff627587141b
Diffstat (limited to 'conductor')
-rw-r--r--conductor/conductor/api/adapters/aaf/aaf_authentication.py10
-rw-r--r--conductor/conductor/api/controllers/v1/plans.py2
-rw-r--r--conductor/conductor/common/music/api.py2
-rw-r--r--conductor/conductor/common/sms.py8
-rw-r--r--conductor/conductor/data/plugins/inventory_provider/aai.py2
-rw-r--r--conductor/conductor/data/plugins/service_controller/sdnc.py2
6 files changed, 13 insertions, 13 deletions
diff --git a/conductor/conductor/api/adapters/aaf/aaf_authentication.py b/conductor/conductor/api/adapters/aaf/aaf_authentication.py
index fb0b9ab..9c3fa69 100644
--- a/conductor/conductor/api/adapters/aaf/aaf_authentication.py
+++ b/conductor/conductor/api/adapters/aaf/aaf_authentication.py
@@ -83,7 +83,7 @@ def clear_cache():
def authenticate(uid, passwd):
aafUser = None
username = CONF.conductor_api.username
- password = cipherUtils.AESCipher.get_instance().decrypt(CONF.conductor_api.password)
+ password = CONF.conductor_api.password
if username == uid and password == passwd:
aafUser = CONF.aaf_api.aaf_conductor_user
else:
@@ -120,8 +120,8 @@ def has_valid_permissions(userPerms):
userType = userPerm["type"]
userInstance = userPerm["instance"]
userAction = userPerm["action"]
- if userType == permType and userInstance == permInstance and \
- (userAction == permAction or userAction == "*"):
+ if userType == permType and (userInstance == permInstance or permInstance == "*") and \
+ (userAction == permAction or permAction == "*"):
# FS - trace
LOG.info("User has valid permissions ")
return True
@@ -133,7 +133,7 @@ Make the remote aaf api call if user is not in the cache.
Return the perms
"""
def get_aaf_permissions(aafUser):
- key = base64.b64encode("{}".format(aafUser), "ascii")
+ key = base64.b64encode("{}".format(aafUser).encode())
time_delta = timedelta(hours = CONF.aaf_api.aaf_cache_expiry_hrs)
perms = perm_cache.get(key)
@@ -159,7 +159,7 @@ def remote_api(aafUser):
"server_url": server_url,
"retries": CONF.aaf_api.aaf_retries,
"username": CONF.aaf_api.username,
- "password": cipherUtils.AESCipher.get_instance().decrypt(CONF.aaf_api.password),
+ "password": CONF.aaf_api.password,
"log_debug": LOG.debug,
"read_timeout": CONF.aaf_api.aaf_timeout,
"cert_file": CONF.aaf_api.aaf_cert_file,
diff --git a/conductor/conductor/api/controllers/v1/plans.py b/conductor/conductor/api/controllers/v1/plans.py
index 9fb7240..3d4dfc4 100644
--- a/conductor/conductor/api/controllers/v1/plans.py
+++ b/conductor/conductor/api/controllers/v1/plans.py
@@ -326,7 +326,7 @@ def check_auth():
plan = False
auth_str = pecan.request.headers['Authorization']
user_pw = auth_str.split(' ')[1]
- decode_user_pw = base64.b64decode(user_pw)
+ decode_user_pw = base64.b64decode(user_pw.encode()).decode()
list_id_pw = decode_user_pw.split(':')
LOG.error("Incorrect username={} / password={}".format(list_id_pw[0], list_id_pw[1]))
except:
diff --git a/conductor/conductor/common/music/api.py b/conductor/conductor/common/music/api.py
index 05b930d..77b6a5a 100644
--- a/conductor/conductor/common/music/api.py
+++ b/conductor/conductor/common/music/api.py
@@ -138,7 +138,7 @@ class MusicAPI(object):
}
self.rest = rest.REST(**kwargs)
- music_pwd = cipherUtils.AESCipher.get_instance().decrypt(CONF.music_api.aafpass)
+ music_pwd = CONF.music_api.aafpass
# Set one parameter for connection mode
# Currently depend on music version
if CONF.music_api.enable_https_mode:
diff --git a/conductor/conductor/common/sms.py b/conductor/conductor/common/sms.py
index ed71b8a..b8f0649 100644
--- a/conductor/conductor/common/sms.py
+++ b/conductor/conductor/common/sms.py
@@ -102,16 +102,16 @@ def load_secrets():
config = CONF
secret_dict = retrieve_secrets()
config.set_override('username', secret_dict['aai']['username'], 'aai')
- config.set_override('password', secret_dict['aai']['password'], 'aai')
+ config.set_override('password', decrypt_pass(secret_dict['aai']['password']), 'aai')
config.set_override('username', secret_dict['conductor_api']['username'], 'conductor_api')
config.set_override('password', decrypt_pass(secret_dict['conductor_api']['password']), 'conductor_api')
config.set_override('aafuser', secret_dict['music_api']['aafuser'], 'music_api')
- config.set_override('aafpass', secret_dict['music_api']['aafpass'], 'music_api')
+ config.set_override('aafpass', decrypt_pass(secret_dict['music_api']['aafpass']), 'music_api')
config.set_override('aafns', secret_dict['music_api']['aafns'], 'music_api')
config.set_override('username', secret_dict['sdnc']['username'], 'sdnc')
- config.set_override('password', secret_dict['sdnc']['password'], 'sdnc')
+ config.set_override('password', decrypt_pass(secret_dict['sdnc']['password']), 'sdnc')
config.set_override('username', secret_dict['aaf_api']['username'], 'aaf_api')
- config.set_override('password', secret_dict['aaf_api']['password'], 'aaf_api')
+ config.set_override('password', decrypt_pass(secret_dict['aaf_api']['password']), 'aaf_api')
config.set_override('aaf_conductor_user', secret_dict['aaf_api']['aaf_conductor_user'], 'aaf_api')
diff --git a/conductor/conductor/data/plugins/inventory_provider/aai.py b/conductor/conductor/data/plugins/inventory_provider/aai.py
index 658f838..ddb857b 100644
--- a/conductor/conductor/data/plugins/inventory_provider/aai.py
+++ b/conductor/conductor/data/plugins/inventory_provider/aai.py
@@ -111,7 +111,7 @@ class AAI(base.InventoryProviderBase):
self.timeout = self.conf.aai.aai_rest_timeout
self.retries = self.conf.aai.aai_retries
self.username = self.conf.aai.username
- self.password = cipherUtils.AESCipher.get_instance().decrypt(self.conf.aai.password)
+ self.password = self.conf.aai.password
self.triage_translator=TraigeTranslator()
# Cache is initially empty
diff --git a/conductor/conductor/data/plugins/service_controller/sdnc.py b/conductor/conductor/data/plugins/service_controller/sdnc.py
index 1571b41..0384270 100644
--- a/conductor/conductor/data/plugins/service_controller/sdnc.py
+++ b/conductor/conductor/data/plugins/service_controller/sdnc.py
@@ -67,7 +67,7 @@ class SDNC(base.ServiceControllerBase):
self.conf = CONF
self.base = self.conf.sdnc.server_url.rstrip('/')
- self.password = cipherUtils.AESCipher.get_instance().decrypt(self.conf.sdnc.password)
+ self.password = self.conf.sdnc.password
self.timeout = self.conf.sdnc.sdnc_rest_timeout
self.verify = False
self.retries = self.conf.sdnc.sdnc_retries