diff options
author | Dileep Ranganathan <dileep.ranganathan@intel.com> | 2018-10-08 15:34:56 -0700 |
---|---|---|
committer | Dileep Ranganathan <dileep.ranganathan@intel.com> | 2018-10-08 15:34:56 -0700 |
commit | ef59fbb68ef593ae2fe6e351e30e544688637044 (patch) | |
tree | 4c5167453b89bec096aa1f4fb798131a91c82e48 /conductor | |
parent | c9cf683edb9fab83698c5e1801df89dd78a3300f (diff) |
Retrieve secrets using Secret Management Service
Integrate with HAS by retrieving stored secrets using SMS
Application code remains in tact as the secrets are preloaded
and stored in config. During startup the conf will be set with
retrieved secrets. The configs in clear text will be deprecated
eventually. OOM needs to load aaf-sms and preload secrets
before oof deployment.
Updated to use domain name instead of domain uuid.
Change-Id: I902b18c0cf080316f9a251e61387b67756198cc2
Issue-ID: OPTFRA-343
Signed-off-by: Dileep Ranganathan <dileep.ranganathan@intel.com>
Diffstat (limited to 'conductor')
-rw-r--r-- | conductor/conductor/common/sms.py | 29 | ||||
-rw-r--r-- | conductor/conductor/service.py | 3 | ||||
-rw-r--r-- | conductor/conductor/tests/unit/test_sms.py | 16 | ||||
-rw-r--r-- | conductor/requirements.txt | 2 |
4 files changed, 32 insertions, 18 deletions
diff --git a/conductor/conductor/common/sms.py b/conductor/conductor/common/sms.py index 43b9522..ace2e68 100644 --- a/conductor/conductor/common/sms.py +++ b/conductor/conductor/common/sms.py @@ -23,6 +23,12 @@ from onapsmsclient import Client from oslo_config import cfg from oslo_log import log +import conductor.data.plugins.inventory_provider.aai +import conductor.api.controllers.v1.plans +import conductor.common.music.api +import conductor.data.plugins.service_controller.sdnc + + LOG = log.getLogger(__name__) @@ -43,8 +49,7 @@ AAF_SMS_OPTS = [ 'is not verified by the client.'), cfg.StrOpt('secret_domain', default='has', - help='Domain UUID - A unique UUID generated when the domain' - 'for HAS is created by administrator during deployment') + help='Domain Name for HAS') ] CONF.register_opts(AAF_SMS_OPTS, group='aaf_sms') @@ -52,8 +57,6 @@ config_spec = { "preload_secrets": "../preload_secrets.yaml" } -secret_cache = {} - def preload_secrets(): """ This is intended to load the secrets required for testing Application @@ -67,8 +70,8 @@ def preload_secrets(): timeout = config.aaf_sms_timeout cacert = config.aaf_ca_certs sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert) - domain = sms_client.createDomain(domain) - config.secret_domain = domain # uuid + domain_uuid = sms_client.createDomain(domain) + LOG.debug("Created domain {} with uuid {}".format(domain, domain_uuid)) secrets = preload_config.get("secrets") for secret in secrets: sms_client.storeSecret(domain, secret.get('name'), @@ -93,6 +96,20 @@ def retrieve_secrets(): return secret_dict +def load_secrets(): + config = CONF + secret_dict = retrieve_secrets() + config.aai.username = secret_dict['aai']['username'] + config.aai.password = secret_dict['aai']['password'] + config.conductor_api.username = secret_dict['conductor_api']['username'] + config.conductor_api.password = secret_dict['conductor_api']['password'] + config.music_api.aafuser = secret_dict['music_api']['aafuser'] + config.music_api.aafpass = secret_dict['music_api']['aafpass'] + config.music_api.aafns = secret_dict['music_api']['aafns'] + config.sdnc.username = secret_dict['sdnc']['username'] + config.sdnc.password = secret_dict['sdnc']['password'] + + def delete_secrets(): """ This is intended to delete the secrets for a clean initialization for testing Application. Actual deployment will have a preload script. diff --git a/conductor/conductor/service.py b/conductor/conductor/service.py index df5bffc..982123c 100644 --- a/conductor/conductor/service.py +++ b/conductor/conductor/service.py @@ -20,6 +20,7 @@ import sys # from keystoneauth1 import loading as ka_loading +from conductor.common import sms from oslo_config import cfg import oslo_i18n from oslo_log import log @@ -107,4 +108,6 @@ def prepare_service(argv=None, config_files=None): if argv: gmr.TextGuruMeditation.setup_autorun(version) messaging.setup() + # TODO(Dileep): Uncomment once Helm charts to preload secrets available + # sms.load_secrets() return conf diff --git a/conductor/conductor/tests/unit/test_sms.py b/conductor/conductor/tests/unit/test_sms.py index b04111e..77c06b8 100644 --- a/conductor/conductor/tests/unit/test_sms.py +++ b/conductor/conductor/tests/unit/test_sms.py @@ -35,10 +35,7 @@ class TestSMS(unittest.TestCase): @requests_mock.mock() def test_sms(self, mock_sms): - ''' NOTE: preload_secret generate the uuid for the domain - Create Domain API is called during the deployment using a - preload script. So the application oly knows the domain_uuid. - All sub-sequent SMS API calls needs the uuid. + ''' NOTE: preload_secret during the deployment using a preload script. For test purposes we need to do preload ourselves''' sms_url = self.config.aaf_sms_url @@ -53,7 +50,8 @@ class TestSMS(unittest.TestCase): # Mock requests for preload_secret cd_url = self.base_domain_url.format(sms_url) domain_uuid1 = str(uuid4()) - s_url = self.secret_url.format(sms_url, domain_uuid1) + domain_name = self.config.secret_domain + s_url = self.secret_url.format(sms_url, domain_name) mock_sms.post(cd_url, status_code=200, json={'uuid': domain_uuid1}) mock_sms.post(s_url, status_code=200) # Initialize Secrets from SMS @@ -61,13 +59,9 @@ class TestSMS(unittest.TestCase): # Part 2: Retrieve Secret Test # Mock requests for retrieve_secrets - # IMPORTANT: Read the config again as the preload_secrets has - # updated the config with uuid - domain_uuid2 = self.config.secret_domain - self.assertEqual(domain_uuid1, domain_uuid2) - d_url = self.domain_url.format(sms_url, domain_uuid2) - s_url = self.secret_url.format(sms_url, domain_uuid2) + d_url = self.domain_url.format(sms_url, domain_name) + s_url = self.secret_url.format(sms_url, domain_name) # Retrieve Secrets from SMS and load to secret cache # Use the secret_cache instead of config files diff --git a/conductor/requirements.txt b/conductor/requirements.txt index 52ed4ed..d6d413d 100644 --- a/conductor/requirements.txt +++ b/conductor/requirements.txt @@ -23,6 +23,6 @@ requests[security]!=2.9.0,>=2.8.1 # Apache-2.0 six>=1.9.0 # MIT, also required by futurist stevedore>=1.9.0 # Apache-2.0, also required by oslo.config WebOb>=1.2.3 # MIT -onapsmsclient>=0.0.3 +onapsmsclient>=0.0.4 Flask>=0.11.1 prometheus-client>=0.3.1
\ No newline at end of file |