diff options
| author |   Dileep Ranganathan <dileep.ranganathan@intel.com> | 2018-09-27 08:06:26 -0700 |
|---|---|---|
| committer | Dileep Ranganathan <dileep.ranganathan@intel.com> | 2018-10-08 03:21:43 -0700 |
| commit | fa9960690db89b0695c266abdb9009e2331f6f3c (patch) | |
| tree | ba2946805cc2b6e9c8b31767909002e15b371743 /osdf/adapters | |
| parent | 9d5af7d79a3c32099da70c512d35fa2662812b7a (diff) | |
Retrieve secrets using Secret Management Service
Integrate with OSDF by retrieving stored secrets using SMS
Application code remains in tact as the secrets are preloaded
and stored in config. The configs in clear text will be deprecated
eventually. OOM needs to load aaf-sms and preload secrets
before oof deployment.
Updated to use domain name instead of domain uuid.
Change-Id: I88a3c3dd2ad87753cc056fb63c8bbabd546707ab
Issue-ID: OPTFRA-343
Signed-off-by: Dileep Ranganathan <dileep.ranganathan@intel.com>
Diffstat (limited to 'osdf/adapters')
| -rw-r--r-- | osdf/adapters/aaf/sms.py | 38 |
1 files changed, 34 insertions, 4 deletions
diff --git a/osdf/adapters/aaf/sms.py b/osdf/adapters/aaf/sms.py index 976eb61..9c7af51 100644 --- a/osdf/adapters/aaf/sms.py +++ b/osdf/adapters/aaf/sms.py @@ -29,8 +29,6 @@ config_spec = { "preload_secrets": "config/preload_secrets.yaml" } -secret_cache = {} - def preload_secrets(): """ This is intended to load the secrets required for testing Application @@ -44,8 +42,9 @@ def preload_secrets(): timeout = config["aaf_sms_timeout"] cacert = config["aaf_ca_certs"] sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert) - domain = sms_client.createDomain(domain) - config["secret_domain"] = domain # uuid + domain_uuid = sms_client.createDomain(domain) + debug_log.debug( + "Created domain {} with uuid {}".format(domain, domain_uuid)) secrets = preload_config.get("secrets") for secret in secrets: sms_client.storeSecret(domain, secret.get('name'), @@ -70,6 +69,37 @@ def retrieve_secrets(): return secret_dict +def load_secrets(): + config = osdf_config.deployment + secret_dict = retrieve_secrets() + config['soUsername'] = secret_dict['so']['UserName'] + config['soPassword'] = secret_dict['so']['Password'] + config['conductorUsername'] = secret_dict['conductor']['UserName'] + config['conductorPassword'] = secret_dict['conductor']['Password'] + config['policyPlatformUsername'] = secret_dict['policyPlatform']['UserName'] + config['policyPlatformPassword'] = secret_dict['policyPlatform']['Password'] + config['policyClientUsername'] = secret_dict['policyClient']['UserName'] + config['policyClientPassword'] = secret_dict['policyClient']['Password'] + config['messageReaderAafUserId'] = secret_dict['dmaap']['UserName'] + config['messageReaderAafPassword'] = secret_dict['dmaap']['Password'] + config['sdcUsername'] = secret_dict['sdc']['UserName'] + config['sdcPassword'] = secret_dict['sdc']['Password'] + config['osdfPlacementUsername'] = secret_dict['osdfPlacement']['UserName'] + config['osdfPlacementPassword'] = secret_dict['osdfPlacement']['Password'] + config['osdfPlacementSOUsername'] = secret_dict['osdfPlacementSO']['UserName'] + config['osdfPlacementSOPassword'] = secret_dict['osdfPlacementSO']['Password'] + config['osdfPlacementVFCUsername'] = secret_dict['osdfPlacementVFC']['UserName'] + config['osdfPlacementVFCPassword'] = secret_dict['osdfPlacementVFC']['Password'] + config['osdfCMSchedulerUsername'] = secret_dict['osdfCMScheduler']['UserName'] + config['osdfCMSchedulerPassword'] = secret_dict['osdfCMScheduler']['Password'] + config['configDbUserName'] = secret_dict['configDb']['UserName'] + config['configDbPassword'] = secret_dict['configDb']['Password'] + config['pciHMSUsername'] = secret_dict['pciHMS']['UserName'] + config['pciHMSPassword'] = secret_dict['pciHMS']['Password'] + config['osdfPCIOptUsername'] = secret_dict['osdfPCIOpt']['UserName'] + config['osdfPCIOptPassword'] = secret_dict['osdfPCIOpt']['Password'] + + def delete_secrets(): """ This is intended to delete the secrets for a clean initialization for testing Application. Actual deployment will have a preload script. |