summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDileep Ranganathan <dileep.ranganathan@intel.com>2018-10-12 02:29:49 -0700
committerDileep Ranganathan <dileep.ranganathan@intel.com>2018-10-19 04:55:34 -0700
commitc3aa7ebbb6f17c93958103077614f5bdac9837b0 (patch)
tree5688c63850524dabe9eba9cd96cf29df3cd91279
parent8d495104b8174cdc19b4bf27b98d9b4210fec01f (diff)
Enable SMS in OSDF
Load secrets from SMS in OSDF. Removed secrets from osdf_config.yaml. Unit tests to use the test/config/osdf_config.yaml. Helm charts uses a Job to load secrets. CSIT needs to load it using the preload tool provided by SMS. Change-Id: I0f832033476c02958f6392abba74e4d5a36cc902 Issue-ID: OPTFRA-343 Signed-off-by: Dileep Ranganathan <dileep.ranganathan@intel.com>
-rwxr-xr-xconfig/osdf_config.yaml47
-rw-r--r--osdf/adapters/aaf/sms.py4
-rw-r--r--osdf/webapp/appcontroller.py6
-rwxr-xr-xosdfapp.py5
-rwxr-xr-xtest/config/osdf_config.yaml14
-rwxr-xr-xtest/functest/simulators/simulated-config/osdf_config.yaml13
-rw-r--r--tox.ini4
7 files changed, 45 insertions, 48 deletions
diff --git a/config/osdf_config.yaml b/config/osdf_config.yaml
index d78f227..8c6d9f1 100755
--- a/config/osdf_config.yaml
+++ b/config/osdf_config.yaml
@@ -10,14 +10,8 @@ placementDefaultMajorVersion: "1"
placementDefaultMinorVersion: "0"
placementDefaultPatchVersion: "0"
-# Credentials for SO
-soUsername: "" # SO username for call back.
-soPassword: "" # SO password for call back.
-
-# Credentials for Conductor
+# Config for Conductor
conductorUrl: http://172.17.0.6:8091/v1/plans/
-conductorUsername: admin1
-conductorPassword: plan.15
conductorPingWaitTime: 60 # seconds to wait before calling the conductor retry URL
conductorMaxRetries: 30 # if we don't get something in 30 minutes, give up
# versions to be set in HTTP header
@@ -26,39 +20,16 @@ conductorMinorVersion: 0
# Policy Platform -- requires ClientAuth, Authorization, and Environment
policyPlatformUrl: http://policy.api.simpledemo.onap.org:8081/pdp/api/getConfig # Policy Dev platform URL
policyPlatformEnv: TEST # Environment for policy platform
-policyPlatformUsername: testpdp # Policy platform username.
-policyPlatformPassword: alpha123 # Policy platform password.
-policyClientUsername: python # For use with ClientAuth
-policyClientPassword: test # For use with ClientAuth
-# Credentials for DMaaP
+# Config for DMaaP
messageReaderHosts: NA
messageReaderTopic: NA
-messageReaderAafUserId: NA
-messageReaderAafPassword: NA
-# Credentials for SDC
+# Config for SDC
sdcUrl: NA
-sdcUsername: NA
-sdcPassword: NA
sdcONAPInstanceID: NA
-# Credentials for the OOF placement service - Generic
-osdfPlacementUsername: test
-osdfPlacementPassword: testpwd
-
-# Credentials for the OOF placement service - SO
-osdfPlacementSOUsername: so_test
-osdfPlacementSOPassword: so_testpwd
-
-# Credentials for the OOF placement service - VFC
-osdfPlacementVFCUsername: vfc_test
-osdfPlacementVFCPassword: vfc_testpwd
-
-# Credentials for the OOF CM scheduling service - Generic
-osdfCMSchedulerUsername: test1
-osdfCMSchedulerPassword: testpwd1
-
+# AAF Authentication config
is_aaf_enabled: False
aaf_cache_expiry_hrs: 3
aaf_url: https://aaftest.simpledemo.onap.org:8095
@@ -73,15 +44,5 @@ aaf_ca_certs: ssl_certs/aaf_root_ca.cer
# config db api
configDbUrl: http://config.db.url:8080
-configDbUserName: osdf
-configDbPassword: passwd
configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList'
configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList'
-
-# Credentials for PCIHandler
-pciHMSUsername: "" # pcihandler username for call back.
-pciHMSPassword: "" # pcihandler password for call back.
-
-# Credentials for the OOF PCI Opt service
-osdfPCIOptUsername: pci_test
-osdfPCIOptPassword: pci_testpwd
diff --git a/osdf/adapters/aaf/sms.py b/osdf/adapters/aaf/sms.py
index 9c7af51..25ae7f2 100644
--- a/osdf/adapters/aaf/sms.py
+++ b/osdf/adapters/aaf/sms.py
@@ -21,6 +21,8 @@
from onapsmsclient import Client
+import osdf.config.base as cfg_base
+import osdf.config.credentials as creds
import osdf.config.loader as config_loader
from osdf.config.base import osdf_config
from osdf.logging.osdf_logging import debug_log
@@ -98,6 +100,8 @@ def load_secrets():
config['pciHMSPassword'] = secret_dict['pciHMS']['Password']
config['osdfPCIOptUsername'] = secret_dict['osdfPCIOpt']['UserName']
config['osdfPCIOptPassword'] = secret_dict['osdfPCIOpt']['Password']
+ cfg_base.http_basic_auth_credentials = creds.load_credentials(osdf_config)
+ cfg_base.dmaap_creds = creds.dmaap_creds()
def delete_secrets():
diff --git a/osdf/webapp/appcontroller.py b/osdf/webapp/appcontroller.py
index 3a5385d..9714fb5 100644
--- a/osdf/webapp/appcontroller.py
+++ b/osdf/webapp/appcontroller.py
@@ -21,7 +21,8 @@ from flask_httpauth import HTTPBasicAuth
from flask import Response
import json
import osdf
-from osdf.config.base import http_basic_auth_credentials, osdf_config
+import osdf.config.base as cfg_base
+from osdf.config.base import osdf_config
from osdf.adapters.aaf import aaf_authentication as aaf_auth
auth_basic = HTTPBasicAuth()
@@ -38,7 +39,8 @@ unauthorized_message = json.dumps(error_body)
def get_pw(username):
end_point = request.url.split('/')[-1]
auth_group = osdf.end_point_auth_mapping.get(end_point)
- return http_basic_auth_credentials[auth_group].get(username) if auth_group else None
+ return cfg_base.http_basic_auth_credentials[auth_group].get(
+ username) if auth_group else None
@auth_basic.error_handler
def auth_error():
diff --git a/osdfapp.py b/osdfapp.py
index f43c215..9449bc9 100755
--- a/osdfapp.py
+++ b/osdfapp.py
@@ -28,6 +28,7 @@ from flask import Flask, request, Response, g
import osdf
import pydevd
import json
+import osdf.adapters.aaf.sms as sms
import osdf.adapters.policy.interface
import osdf.config.credentials
import osdf.config.loader
@@ -207,8 +208,8 @@ if __name__ == "__main__":
common_app_opts.update({'ssl_context': tuple(ssl_opts)})
opts = get_options(sys.argv)
- # TODO(Dileep): Uncomment once Helm charts to preload secrets available
- # sms.load_secrets()
+ # Load secrets from SMS
+ sms.load_secrets()
if not opts.local and not opts.devtest: # normal deployment
app.run(port=internal_port, debug=False, **common_app_opts)
else:
diff --git a/test/config/osdf_config.yaml b/test/config/osdf_config.yaml
index bc64ffd..8cff1d5 100755
--- a/test/config/osdf_config.yaml
+++ b/test/config/osdf_config.yaml
@@ -52,3 +52,17 @@ aaf_cache_expiry_hrs: 3
aaf_url: https://aaftest.simpledemo.onap.org:8095
aaf_user_roles:
- /api/oof/v1/placement:org.onap.osdf.access|*|read ALL
+
+# Secret Management Service from AAF
+aaf_sms_url: https://aaf-sms.onap:10443
+aaf_sms_timeout: 30
+secret_domain: osdf
+aaf_ca_certs: ssl_certs/aaf_root_ca.cer
+
+# Credentials for PCIHandler
+pciHMSUsername: "" # pcihandler username for call back.
+pciHMSPassword: "" # pcihandler password for call back.
+
+# Credentials for the OOF PCI Opt service
+osdfPCIOptUsername: PCI-OSDF-USER
+osdfPCIOptPassword: PCI-OSDF-PASSWD
diff --git a/test/functest/simulators/simulated-config/osdf_config.yaml b/test/functest/simulators/simulated-config/osdf_config.yaml
index 9602c46..eccad14 100755
--- a/test/functest/simulators/simulated-config/osdf_config.yaml
+++ b/test/functest/simulators/simulated-config/osdf_config.yaml
@@ -47,6 +47,19 @@ osdfPlacementUrl: "http://127.0.0.1:24699/osdf/api/v2/placement"
osdfPlacementUsername: "test"
osdfPlacementPassword: "testpwd"
+# AAF Authentication config
+is_aaf_enabled: False
+aaf_cache_expiry_hrs: 3
+aaf_url: https://aaftest.simpledemo.onap.org:8095
+aaf_user_roles:
+ - /api/oof/v1/placement:org.onap.osdf.access|*|read ALL
+
+# Secret Management Service from AAF
+aaf_sms_url: https://aaf-sms.onap:10443
+aaf_sms_timeout: 30
+secret_domain: osdf
+aaf_ca_certs: ssl_certs/aaf_root_ca.cer
+
# config db api
configDbUrl: http://127.0.0.1:5000/simulated/configdb
configDbUserName: osdf
diff --git a/tox.ini b/tox.ini
index 88b595d..0272bda 100644
--- a/tox.ini
+++ b/tox.ini
@@ -5,6 +5,8 @@ envlist = py3
[testenv]
distribute = False
+setenv =
+ OSDF_CONFIG_FILE={toxinidir}/test/config/osdf_config.yaml
commands =
- cat /etc/hosts
/bin/bash test/functest/scripts/start-simulators.sh
@@ -13,7 +15,7 @@ commands =
coverage report -m --omit=".tox/py3/*","test/*"
/bin/bash test/functest/scripts/stop-simulators.sh
# TODO: need to update the above "omit" when we package osdf as pip-installable
-deps = -r{toxinidir}/requirements.txt
+deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test/test-requirements.txt
[run]