From e3f81c49af440b593b102c68c8421e892722632c Mon Sep 17 00:00:00 2001
From: Dileep Ranganathan <dileep.ranganathan@intel.com>
Date: Fri, 12 Oct 2018 05:54:32 -0700
Subject: Enable SMS for HAS

Load secrets from SMS in OSDF
Helm charts uses a Job to load secrets.
CSIT needs to load it manually.
Added is_eanbled flag for SMS. SMS is enabled by default.
For testing locally, this can be overridden.

Change-Id: I09bc96e1408d4136cc479e1e5667d36b5a1b5427
Issue-ID: OPTFRA-343
Signed-off-by: Dileep Ranganathan <dileep.ranganathan@intel.com>
---
 conductor.conf                    | 18 +++++++-----------
 conductor/conductor/common/sms.py | 21 ++++++++++++---------
 conductor/conductor/service.py    |  5 +++--
 preload_secrets.yaml              |  4 ++--
 4 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/conductor.conf b/conductor.conf
index 18dad13..027335d 100755
--- a/conductor.conf
+++ b/conductor.conf
@@ -162,6 +162,9 @@ aaf_url = http://aaf-service:8100/authz/perms/user/
 # From conductor
 #
 
+# Is Secret Management service enabled (boolean value)
+#is_enabled = true
+
 # Base URL for SMS, up to and not including the version, and without a trailing
 # slash. (string value)
 #aaf_sms_url = https://aaf-sms.onap:10443
@@ -173,7 +176,7 @@ aaf_url = http://aaf-service:8100/authz/perms/user/
 # be False and the server certis not verified by the client. (string value)
 #aaf_ca_certs = AAF_RootCA.cer
 
-# Domain Name for HAS
+# Domain Name for HAS (string value)
 #secret_domain = has
 
 
@@ -224,10 +227,10 @@ certificate_key_file =
 certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
 
 # Username for AAI. (string value)
-username = OOF
+#username =
 
 # Password for AAI. (string value)
-password = OOF
+#password =
 
 
 [api]
@@ -255,11 +258,9 @@ password = OOF
 
 # username for plans. (string value)
 #username =
-username = admin1
 
 # password for plans. (string value)
 #password =
-password = plan.15
 
 # auth toggling. (boolean value)
 #basic_auth_secure = true
@@ -461,21 +462,18 @@ music_new_version = True
 
 # for version (string value)
 #music_version = <None>
-music_version = "2.5.3"
+music_version = "3.0.23"
 
 # username value that used for creating basic authorization header (string
 # value)
 #aafuser = <None>
-aafuser = conductor
 
 # password value that used for creating basic authorization header (string
 # value)
 #aafpass = <None>
-aafpass = c0nduct0r
 
 # AAF namespace field used in MUSIC request header (string value)
 #aafns = <None>
-aafns = conductor
 
 
 [prometheus]
@@ -536,11 +534,9 @@ server_url = https://sdnc.onap:8282/restconf/
 
 # Basic Authentication Username (string value)
 #username = <None>
-username = admin
 
 # Basic Authentication Password (string value)
 #password = <None>
-password = Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
 
 # Timeout for SDNC Rest Call (string value)
 #sdnc_rest_timeout = 30
diff --git a/conductor/conductor/common/sms.py b/conductor/conductor/common/sms.py
index ace2e68..c5eee3a 100644
--- a/conductor/conductor/common/sms.py
+++ b/conductor/conductor/common/sms.py
@@ -35,6 +35,9 @@ LOG = log.getLogger(__name__)
 CONF = cfg.CONF
 
 AAF_SMS_OPTS = [
+    cfg.BoolOpt('is_enabled',
+               default=True,
+               help='Is Secret Management service enabled'),
     cfg.StrOpt('aaf_sms_url',
                default='https://aaf-sms.onap:10443',
                help='Base URL for SMS, up to and not including '
@@ -99,15 +102,15 @@ def retrieve_secrets():
 def load_secrets():
     config = CONF
     secret_dict = retrieve_secrets()
-    config.aai.username = secret_dict['aai']['username']
-    config.aai.password = secret_dict['aai']['password']
-    config.conductor_api.username = secret_dict['conductor_api']['username']
-    config.conductor_api.password = secret_dict['conductor_api']['password']
-    config.music_api.aafuser = secret_dict['music_api']['aafuser']
-    config.music_api.aafpass = secret_dict['music_api']['aafpass']
-    config.music_api.aafns = secret_dict['music_api']['aafns']
-    config.sdnc.username = secret_dict['sdnc']['username']
-    config.sdnc.password = secret_dict['sdnc']['password']
+    config.set_override('username', secret_dict['aai']['username'], 'aai')
+    config.set_override('password', secret_dict['aai']['password'], 'aai')
+    config.set_override('username', secret_dict['conductor_api']['username'], 'conductor_api')
+    config.set_override('password', secret_dict['conductor_api']['password'], 'conductor_api')
+    config.set_override('aafuser', secret_dict['music_api']['aafuser'], 'music_api')
+    config.set_override('aafpass', secret_dict['music_api']['aafpass'], 'music_api')
+    config.set_override('aafns', secret_dict['music_api']['aafns'], 'music_api')
+    config.set_override('username', secret_dict['sdnc']['username'], 'sdnc')
+    config.set_override('password', secret_dict['sdnc']['password'], 'sdnc')
 
 
 def delete_secrets():
diff --git a/conductor/conductor/service.py b/conductor/conductor/service.py
index 982123c..42fe99f 100644
--- a/conductor/conductor/service.py
+++ b/conductor/conductor/service.py
@@ -108,6 +108,7 @@ def prepare_service(argv=None, config_files=None):
     if argv:
         gmr.TextGuruMeditation.setup_autorun(version)
     messaging.setup()
-    # TODO(Dileep): Uncomment once Helm charts to preload secrets available
-    # sms.load_secrets()
+    # Load secrets from SMS
+    if conf.aaf_sms.is_enabled:
+        sms.load_secrets()
     return conf
diff --git a/preload_secrets.yaml b/preload_secrets.yaml
index 1642308..98e5197 100755
--- a/preload_secrets.yaml
+++ b/preload_secrets.yaml
@@ -5,8 +5,8 @@ domain: has
 secrets:
 - name: aai
   values:
-    username: OOF
-    password: OOF
+    username: oof@oof.onap.org
+    password: demo123456!
 - name: conductor_api
   values:
     username: admin1
-- 
cgit 1.2.3-korg