From a1d1240aa9f31127dc9ccb18b0e8ace9aac183c1 Mon Sep 17 00:00:00 2001 From: krishnaa96 Date: Wed, 15 Apr 2020 21:35:53 +0530 Subject: Fix AAF authentication in conductor api Fix AAF authentication and move all password decryption to common place Issue-ID: OPTFRA-733 Signed-off-by: krishnaa96 Change-Id: I14c119bb246c26b7dc5b5144a843ff627587141b --- conductor/conductor/api/adapters/aaf/aaf_authentication.py | 10 +++++----- conductor/conductor/api/controllers/v1/plans.py | 2 +- conductor/conductor/common/music/api.py | 2 +- conductor/conductor/common/sms.py | 8 ++++---- conductor/conductor/data/plugins/inventory_provider/aai.py | 2 +- conductor/conductor/data/plugins/service_controller/sdnc.py | 2 +- 6 files changed, 13 insertions(+), 13 deletions(-) (limited to 'conductor') diff --git a/conductor/conductor/api/adapters/aaf/aaf_authentication.py b/conductor/conductor/api/adapters/aaf/aaf_authentication.py index fb0b9ab..9c3fa69 100644 --- a/conductor/conductor/api/adapters/aaf/aaf_authentication.py +++ b/conductor/conductor/api/adapters/aaf/aaf_authentication.py @@ -83,7 +83,7 @@ def clear_cache(): def authenticate(uid, passwd): aafUser = None username = CONF.conductor_api.username - password = cipherUtils.AESCipher.get_instance().decrypt(CONF.conductor_api.password) + password = CONF.conductor_api.password if username == uid and password == passwd: aafUser = CONF.aaf_api.aaf_conductor_user else: @@ -120,8 +120,8 @@ def has_valid_permissions(userPerms): userType = userPerm["type"] userInstance = userPerm["instance"] userAction = userPerm["action"] - if userType == permType and userInstance == permInstance and \ - (userAction == permAction or userAction == "*"): + if userType == permType and (userInstance == permInstance or permInstance == "*") and \ + (userAction == permAction or permAction == "*"): # FS - trace LOG.info("User has valid permissions ") return True @@ -133,7 +133,7 @@ Make the remote aaf api call if user is not in the cache. Return the perms """ def get_aaf_permissions(aafUser): - key = base64.b64encode("{}".format(aafUser), "ascii") + key = base64.b64encode("{}".format(aafUser).encode()) time_delta = timedelta(hours = CONF.aaf_api.aaf_cache_expiry_hrs) perms = perm_cache.get(key) @@ -159,7 +159,7 @@ def remote_api(aafUser): "server_url": server_url, "retries": CONF.aaf_api.aaf_retries, "username": CONF.aaf_api.username, - "password": cipherUtils.AESCipher.get_instance().decrypt(CONF.aaf_api.password), + "password": CONF.aaf_api.password, "log_debug": LOG.debug, "read_timeout": CONF.aaf_api.aaf_timeout, "cert_file": CONF.aaf_api.aaf_cert_file, diff --git a/conductor/conductor/api/controllers/v1/plans.py b/conductor/conductor/api/controllers/v1/plans.py index 9fb7240..3d4dfc4 100644 --- a/conductor/conductor/api/controllers/v1/plans.py +++ b/conductor/conductor/api/controllers/v1/plans.py @@ -326,7 +326,7 @@ def check_auth(): plan = False auth_str = pecan.request.headers['Authorization'] user_pw = auth_str.split(' ')[1] - decode_user_pw = base64.b64decode(user_pw) + decode_user_pw = base64.b64decode(user_pw.encode()).decode() list_id_pw = decode_user_pw.split(':') LOG.error("Incorrect username={} / password={}".format(list_id_pw[0], list_id_pw[1])) except: diff --git a/conductor/conductor/common/music/api.py b/conductor/conductor/common/music/api.py index 05b930d..77b6a5a 100644 --- a/conductor/conductor/common/music/api.py +++ b/conductor/conductor/common/music/api.py @@ -138,7 +138,7 @@ class MusicAPI(object): } self.rest = rest.REST(**kwargs) - music_pwd = cipherUtils.AESCipher.get_instance().decrypt(CONF.music_api.aafpass) + music_pwd = CONF.music_api.aafpass # Set one parameter for connection mode # Currently depend on music version if CONF.music_api.enable_https_mode: diff --git a/conductor/conductor/common/sms.py b/conductor/conductor/common/sms.py index ed71b8a..b8f0649 100644 --- a/conductor/conductor/common/sms.py +++ b/conductor/conductor/common/sms.py @@ -102,16 +102,16 @@ def load_secrets(): config = CONF secret_dict = retrieve_secrets() config.set_override('username', secret_dict['aai']['username'], 'aai') - config.set_override('password', secret_dict['aai']['password'], 'aai') + config.set_override('password', decrypt_pass(secret_dict['aai']['password']), 'aai') config.set_override('username', secret_dict['conductor_api']['username'], 'conductor_api') config.set_override('password', decrypt_pass(secret_dict['conductor_api']['password']), 'conductor_api') config.set_override('aafuser', secret_dict['music_api']['aafuser'], 'music_api') - config.set_override('aafpass', secret_dict['music_api']['aafpass'], 'music_api') + config.set_override('aafpass', decrypt_pass(secret_dict['music_api']['aafpass']), 'music_api') config.set_override('aafns', secret_dict['music_api']['aafns'], 'music_api') config.set_override('username', secret_dict['sdnc']['username'], 'sdnc') - config.set_override('password', secret_dict['sdnc']['password'], 'sdnc') + config.set_override('password', decrypt_pass(secret_dict['sdnc']['password']), 'sdnc') config.set_override('username', secret_dict['aaf_api']['username'], 'aaf_api') - config.set_override('password', secret_dict['aaf_api']['password'], 'aaf_api') + config.set_override('password', decrypt_pass(secret_dict['aaf_api']['password']), 'aaf_api') config.set_override('aaf_conductor_user', secret_dict['aaf_api']['aaf_conductor_user'], 'aaf_api') diff --git a/conductor/conductor/data/plugins/inventory_provider/aai.py b/conductor/conductor/data/plugins/inventory_provider/aai.py index 658f838..ddb857b 100644 --- a/conductor/conductor/data/plugins/inventory_provider/aai.py +++ b/conductor/conductor/data/plugins/inventory_provider/aai.py @@ -111,7 +111,7 @@ class AAI(base.InventoryProviderBase): self.timeout = self.conf.aai.aai_rest_timeout self.retries = self.conf.aai.aai_retries self.username = self.conf.aai.username - self.password = cipherUtils.AESCipher.get_instance().decrypt(self.conf.aai.password) + self.password = self.conf.aai.password self.triage_translator=TraigeTranslator() # Cache is initially empty diff --git a/conductor/conductor/data/plugins/service_controller/sdnc.py b/conductor/conductor/data/plugins/service_controller/sdnc.py index 1571b41..0384270 100644 --- a/conductor/conductor/data/plugins/service_controller/sdnc.py +++ b/conductor/conductor/data/plugins/service_controller/sdnc.py @@ -67,7 +67,7 @@ class SDNC(base.ServiceControllerBase): self.conf = CONF self.base = self.conf.sdnc.server_url.rstrip('/') - self.password = cipherUtils.AESCipher.get_instance().decrypt(self.conf.sdnc.password) + self.password = self.conf.sdnc.password self.timeout = self.conf.sdnc.sdnc_rest_timeout self.verify = False self.retries = self.conf.sdnc.sdnc_retries -- cgit 1.2.3-korg