summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDileep Ranganathan <dileep.ranganathan@intel.com>2018-09-27 08:06:26 -0700
committerDileep Ranganathan <dileep.ranganathan@intel.com>2018-10-08 03:21:43 -0700
commitfa9960690db89b0695c266abdb9009e2331f6f3c (patch)
treeba2946805cc2b6e9c8b31767909002e15b371743
parent9d5af7d79a3c32099da70c512d35fa2662812b7a (diff)
Retrieve secrets using Secret Management Service
Integrate with OSDF by retrieving stored secrets using SMS Application code remains in tact as the secrets are preloaded and stored in config. The configs in clear text will be deprecated eventually. OOM needs to load aaf-sms and preload secrets before oof deployment. Updated to use domain name instead of domain uuid. Change-Id: I88a3c3dd2ad87753cc056fb63c8bbabd546707ab Issue-ID: OPTFRA-343 Signed-off-by: Dileep Ranganathan <dileep.ranganathan@intel.com>
-rw-r--r--assembly.xml1
-rwxr-xr-xconfig/osdf_config.yaml2
-rwxr-xr-xconfig/preload_secrets.yaml18
-rw-r--r--osdf/adapters/aaf/sms.py38
-rwxr-xr-xosdfapp.py2
-rw-r--r--requirements.txt2
-rw-r--r--test/adapters/test_sms.py16
7 files changed, 59 insertions, 20 deletions
diff --git a/assembly.xml b/assembly.xml
index d19bdcf..24379d4 100644
--- a/assembly.xml
+++ b/assembly.xml
@@ -31,6 +31,7 @@
</includes>
<excludes>
<exclude>**/*.pyc</exclude>
+ <exclude>config/preload_secrets.yaml</exclude>
</excludes>
</fileSet>
</fileSets>
diff --git a/config/osdf_config.yaml b/config/osdf_config.yaml
index c484fb4..b522919 100755
--- a/config/osdf_config.yaml
+++ b/config/osdf_config.yaml
@@ -68,7 +68,7 @@ aaf_user_roles:
# Secret Management Service from AAF
aaf_sms_url: https://aaf-sms.onap:10443
aaf_sms_timeout: 30
-secret_domain: osdf #Replace with the UUID
+secret_domain: osdf
aaf_ca_certs: ssl_certs/aaf_root_ca.cer
# config db api
diff --git a/config/preload_secrets.yaml b/config/preload_secrets.yaml
index 6e877e7..1d2ea01 100755
--- a/config/preload_secrets.yaml
+++ b/config/preload_secrets.yaml
@@ -9,11 +9,11 @@ secrets:
values:
UserName: admin1
Password: plan.15
-- name: policy_platform
+- name: policyPlatform
values:
UserName: testpdp
Password: alpha123
-- name: policy_client
+- name: policyClient
values:
UserName: python
Password: test
@@ -40,4 +40,16 @@ secrets:
- name: osdfCMScheduler
values:
UserName: test1
- Password: test_pwd1
+ Password: testpwd1
+- name: configDb
+ values:
+ UserName: osdf
+ Password: passwd
+- name: pciHMS
+ values:
+ UserName: ''
+ Password: ''
+- name: osdfPCIOpt
+ values:
+ UserName: pci_test
+ Password: pci_testpwd
diff --git a/osdf/adapters/aaf/sms.py b/osdf/adapters/aaf/sms.py
index 976eb61..9c7af51 100644
--- a/osdf/adapters/aaf/sms.py
+++ b/osdf/adapters/aaf/sms.py
@@ -29,8 +29,6 @@ config_spec = {
"preload_secrets": "config/preload_secrets.yaml"
}
-secret_cache = {}
-
def preload_secrets():
""" This is intended to load the secrets required for testing Application
@@ -44,8 +42,9 @@ def preload_secrets():
timeout = config["aaf_sms_timeout"]
cacert = config["aaf_ca_certs"]
sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert)
- domain = sms_client.createDomain(domain)
- config["secret_domain"] = domain # uuid
+ domain_uuid = sms_client.createDomain(domain)
+ debug_log.debug(
+ "Created domain {} with uuid {}".format(domain, domain_uuid))
secrets = preload_config.get("secrets")
for secret in secrets:
sms_client.storeSecret(domain, secret.get('name'),
@@ -70,6 +69,37 @@ def retrieve_secrets():
return secret_dict
+def load_secrets():
+ config = osdf_config.deployment
+ secret_dict = retrieve_secrets()
+ config['soUsername'] = secret_dict['so']['UserName']
+ config['soPassword'] = secret_dict['so']['Password']
+ config['conductorUsername'] = secret_dict['conductor']['UserName']
+ config['conductorPassword'] = secret_dict['conductor']['Password']
+ config['policyPlatformUsername'] = secret_dict['policyPlatform']['UserName']
+ config['policyPlatformPassword'] = secret_dict['policyPlatform']['Password']
+ config['policyClientUsername'] = secret_dict['policyClient']['UserName']
+ config['policyClientPassword'] = secret_dict['policyClient']['Password']
+ config['messageReaderAafUserId'] = secret_dict['dmaap']['UserName']
+ config['messageReaderAafPassword'] = secret_dict['dmaap']['Password']
+ config['sdcUsername'] = secret_dict['sdc']['UserName']
+ config['sdcPassword'] = secret_dict['sdc']['Password']
+ config['osdfPlacementUsername'] = secret_dict['osdfPlacement']['UserName']
+ config['osdfPlacementPassword'] = secret_dict['osdfPlacement']['Password']
+ config['osdfPlacementSOUsername'] = secret_dict['osdfPlacementSO']['UserName']
+ config['osdfPlacementSOPassword'] = secret_dict['osdfPlacementSO']['Password']
+ config['osdfPlacementVFCUsername'] = secret_dict['osdfPlacementVFC']['UserName']
+ config['osdfPlacementVFCPassword'] = secret_dict['osdfPlacementVFC']['Password']
+ config['osdfCMSchedulerUsername'] = secret_dict['osdfCMScheduler']['UserName']
+ config['osdfCMSchedulerPassword'] = secret_dict['osdfCMScheduler']['Password']
+ config['configDbUserName'] = secret_dict['configDb']['UserName']
+ config['configDbPassword'] = secret_dict['configDb']['Password']
+ config['pciHMSUsername'] = secret_dict['pciHMS']['UserName']
+ config['pciHMSPassword'] = secret_dict['pciHMS']['Password']
+ config['osdfPCIOptUsername'] = secret_dict['osdfPCIOpt']['UserName']
+ config['osdfPCIOptPassword'] = secret_dict['osdfPCIOpt']['Password']
+
+
def delete_secrets():
""" This is intended to delete the secrets for a clean initialization for
testing Application. Actual deployment will have a preload script.
diff --git a/osdfapp.py b/osdfapp.py
index c28e14c..f43c215 100755
--- a/osdfapp.py
+++ b/osdfapp.py
@@ -207,6 +207,8 @@ if __name__ == "__main__":
common_app_opts.update({'ssl_context': tuple(ssl_opts)})
opts = get_options(sys.argv)
+ # TODO(Dileep): Uncomment once Helm charts to preload secrets available
+ # sms.load_secrets()
if not opts.local and not opts.devtest: # normal deployment
app.run(port=internal_port, debug=False, **common_app_opts)
else:
diff --git a/requirements.txt b/requirements.txt
index 2cf5358..0275ab7 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -11,5 +11,5 @@ requests>=2.14.2
schematics>=2.0.0
docopt>=0.6.2
pydevd>=1.0.0
-onapsmsclient>=0.0.3
+onapsmsclient>=0.0.4
pymzn>=0.17.0
diff --git a/test/adapters/test_sms.py b/test/adapters/test_sms.py
index ed6c9c9..ae9346d 100644
--- a/test/adapters/test_sms.py
+++ b/test/adapters/test_sms.py
@@ -35,10 +35,7 @@ class TestSMS(unittest.TestCase):
@requests_mock.mock()
def test_sms(self, mock_sms):
- ''' NOTE: preload_secret generate the uuid for the domain
- Create Domain API is called during the deployment using a
- preload script. So the application oly knows the domain_uuid.
- All sub-sequent SMS API calls needs the uuid.
+ ''' NOTE: preload_secret during the deployment using a preload script.
For test purposes we need to do preload ourselves'''
sms_url = self.config["aaf_sms_url"]
@@ -53,7 +50,8 @@ class TestSMS(unittest.TestCase):
# Mock requests for preload_secret
cd_url = self.base_domain_url.format(sms_url)
domain_uuid1 = str(uuid4())
- s_url = self.secret_url.format(sms_url, domain_uuid1)
+ domain_name = self.config['secret_domain']
+ s_url = self.secret_url.format(sms_url, domain_name)
mock_sms.post(cd_url, status_code=200, json={'uuid': domain_uuid1})
mock_sms.post(s_url, status_code=200)
# Initialize Secrets from SMS
@@ -61,13 +59,9 @@ class TestSMS(unittest.TestCase):
# Part 2: Retrieve Secret Test
# Mock requests for retrieve_secrets
- # IMPORTANT: Read the config again as the preload_secrets has
- # updated the config with uuid
- domain_uuid2 = self.config["secret_domain"]
- self.assertEqual(domain_uuid1, domain_uuid2)
- d_url = self.domain_url.format(sms_url, domain_uuid2)
- s_url = self.secret_url.format(sms_url, domain_uuid2)
+ d_url = self.domain_url.format(sms_url, domain_name)
+ s_url = self.secret_url.format(sms_url, domain_name)
# Retrieve Secrets from SMS and load to secret cache
# Use the secret_cache instead of config files