aboutsummaryrefslogtreecommitdiffstats
path: root/osdf/adapters/aaf
diff options
context:
space:
mode:
Diffstat (limited to 'osdf/adapters/aaf')
-rw-r--r--osdf/adapters/aaf/aaf_authentication.py46
-rw-r--r--osdf/adapters/aaf/sms.py116
2 files changed, 103 insertions, 59 deletions
diff --git a/osdf/adapters/aaf/aaf_authentication.py b/osdf/adapters/aaf/aaf_authentication.py
index 26eac29..b9aa510 100644
--- a/osdf/adapters/aaf/aaf_authentication.py
+++ b/osdf/adapters/aaf/aaf_authentication.py
@@ -17,12 +17,14 @@
#
import base64
-import re
-from datetime import datetime, timedelta
+from datetime import datetime
+from datetime import timedelta
from flask import request
+import re
from osdf.config.base import osdf_config
-from osdf.logging.osdf_logging import error_log, debug_log
+from osdf.logging.osdf_logging import debug_log
+from osdf.logging.osdf_logging import error_log
from osdf.utils.interfaces import RestClient
AUTHZ_PERMS_USER = '{}/authz/perms/user/{}'
@@ -43,7 +45,6 @@ def authenticate(uid, passwd):
return has_valid_role(perms)
except Exception as exp:
error_log.error("Error Authenticating the user {} : {}: ".format(uid, exp))
- pass
return False
@@ -57,27 +58,38 @@ else return false
def has_valid_role(perms):
aaf_user_roles = deploy_config['aaf_user_roles']
+ aaf_roles = get_role_list(perms)
+
for roles in aaf_user_roles:
path_perm = roles.split(':')
uri = path_perm[0]
- role = path_perm[1].split('|')[0]
- if re.search(uri, request.path) and perms:
- roles = perms.get('roles')
- if roles:
- perm_list = roles.get('perm')
- for p in perm_list:
- if role == p['type']:
- return True
+ perm = path_perm[1].split('|')
+ p = (perm[0], perm[1], perm[2].split()[0])
+ if re.search(uri, request.path) and p in aaf_roles:
+ return True
return False
+
"""
-Make the remote aaf api call if user is not in the cache.
+Build a list of roles tuples from the AAF response.
-Return the perms
"""
+
+
+def get_role_list(perms):
+ role_list = []
+ if perms:
+ roles = perms.get('roles')
+ if roles:
+ perm = roles.get('perm', [])
+ for p in perm:
+ role_list.append((p['type'], p['instance'], p['action']))
+ return role_list
+
+
def get_aaf_permissions(uid, passwd):
key = base64.b64encode(bytes("{}_{}".format(uid, passwd), "ascii"))
- time_delta = timedelta(hours=deploy_config.get('aaf_cache_expiry_hrs', 3))
+ time_delta = timedelta(minutes=deploy_config.get('aaf_cache_expiry_mins', 5))
perms = perm_cache.get(key)
@@ -91,8 +103,8 @@ def get_aaf_permissions(uid, passwd):
def remote_api(passwd, uid):
- headers = {"Accept": "application/Users+xml;q=1.0;charset=utf-8;version=2.0,text/xml;q=1.0;version=2.0",
- "Accept": "application/Users+json;q=1.0;charset=utf-8;version=2.0,application/json;q=1.0;version=2.0,*/*;q=1.0"}
+ headers = {"Accept": "application/Users+json;q=1.0;charset=utf-8;version=2.0,application/json;q=1.0;version=2.0,"
+ "*/*;q=1.0"}
url = AUTHZ_PERMS_USER.format(deploy_config['aaf_url'], uid)
rc = RestClient(userid=uid, passwd=passwd, headers=headers, url=url, log_func=debug_log.debug,
req_id='aaf_user_id')
diff --git a/osdf/adapters/aaf/sms.py b/osdf/adapters/aaf/sms.py
index 9c7af51..031fee4 100644
--- a/osdf/adapters/aaf/sms.py
+++ b/osdf/adapters/aaf/sms.py
@@ -1,6 +1,7 @@
#
# -------------------------------------------------------------------------
# Copyright (c) 2018 Intel Corporation Intellectual Property
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -21,9 +22,12 @@
from onapsmsclient import Client
-import osdf.config.loader as config_loader
+import osdf.config.base as cfg_base
from osdf.config.base import osdf_config
+import osdf.config.credentials as creds
+import osdf.config.loader as config_loader
from osdf.logging.osdf_logging import debug_log
+from osdf.utils import cipherUtils
config_spec = {
"preload_secrets": "config/preload_secrets.yaml"
@@ -31,9 +35,12 @@ config_spec = {
def preload_secrets():
- """ This is intended to load the secrets required for testing Application
- Actual deployment will have a preload script. Make sure the config is
- in sync"""
+ """preload_secrets()
+
+ This is intended to load the secrets required for testing Application
+ Actual deployment will have a preload script. Make sure the config is
+ in sync
+ """
preload_config = config_loader.load_config_file(
config_spec.get("preload_secrets"))
domain = preload_config.get("domain")
@@ -41,6 +48,9 @@ def preload_secrets():
sms_url = config["aaf_sms_url"]
timeout = config["aaf_sms_timeout"]
cacert = config["aaf_ca_certs"]
+ if not sms_url:
+ debug_log.debug("SMS Disabled")
+ return
sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert)
domain_uuid = sms_client.createDomain(domain)
debug_log.debug(
@@ -60,58 +70,80 @@ def retrieve_secrets():
timeout = config["aaf_sms_timeout"]
cacert = config["aaf_ca_certs"]
domain = config["secret_domain"]
- sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert)
- secrets = sms_client.getSecretNames(domain)
- for secret in secrets:
- values = sms_client.getSecret(domain, secret)
- secret_dict[secret] = values
- debug_log.debug("Secret Dictionary Retrieval Success")
+ if sms_url:
+ sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert)
+ secrets = sms_client.getSecretNames(domain)
+ for secret in secrets:
+ values = sms_client.getSecret(domain, secret)
+ secret_dict[secret] = values
+ debug_log.debug("Secret Dictionary Retrieval Success")
+ else:
+ debug_log.debug("SMS Disabled. Secrets not loaded")
return secret_dict
def load_secrets():
config = osdf_config.deployment
secret_dict = retrieve_secrets()
- config['soUsername'] = secret_dict['so']['UserName']
- config['soPassword'] = secret_dict['so']['Password']
- config['conductorUsername'] = secret_dict['conductor']['UserName']
- config['conductorPassword'] = secret_dict['conductor']['Password']
- config['policyPlatformUsername'] = secret_dict['policyPlatform']['UserName']
- config['policyPlatformPassword'] = secret_dict['policyPlatform']['Password']
- config['policyClientUsername'] = secret_dict['policyClient']['UserName']
- config['policyClientPassword'] = secret_dict['policyClient']['Password']
- config['messageReaderAafUserId'] = secret_dict['dmaap']['UserName']
- config['messageReaderAafPassword'] = secret_dict['dmaap']['Password']
- config['sdcUsername'] = secret_dict['sdc']['UserName']
- config['sdcPassword'] = secret_dict['sdc']['Password']
- config['osdfPlacementUsername'] = secret_dict['osdfPlacement']['UserName']
- config['osdfPlacementPassword'] = secret_dict['osdfPlacement']['Password']
- config['osdfPlacementSOUsername'] = secret_dict['osdfPlacementSO']['UserName']
- config['osdfPlacementSOPassword'] = secret_dict['osdfPlacementSO']['Password']
- config['osdfPlacementVFCUsername'] = secret_dict['osdfPlacementVFC']['UserName']
- config['osdfPlacementVFCPassword'] = secret_dict['osdfPlacementVFC']['Password']
- config['osdfCMSchedulerUsername'] = secret_dict['osdfCMScheduler']['UserName']
- config['osdfCMSchedulerPassword'] = secret_dict['osdfCMScheduler']['Password']
- config['configDbUserName'] = secret_dict['configDb']['UserName']
- config['configDbPassword'] = secret_dict['configDb']['Password']
- config['pciHMSUsername'] = secret_dict['pciHMS']['UserName']
- config['pciHMSPassword'] = secret_dict['pciHMS']['Password']
- config['osdfPCIOptUsername'] = secret_dict['osdfPCIOpt']['UserName']
- config['osdfPCIOptPassword'] = secret_dict['osdfPCIOpt']['Password']
+ if secret_dict:
+ config['soUsername'] = secret_dict['so']['UserName']
+ config['soPassword'] = decrypt_pass(secret_dict['so']['Password'])
+ config['conductorUsername'] = secret_dict['conductor']['UserName']
+ config['conductorPassword'] = decrypt_pass(secret_dict['conductor']['Password'])
+ config['policyPlatformUsername'] = secret_dict['policyPlatform']['UserName']
+ config['policyPlatformPassword'] = decrypt_pass(secret_dict['policyPlatform']['Password'])
+ config['policyClientUsername'] = secret_dict['policyPlatform']['UserName']
+ config['policyClientPassword'] = decrypt_pass(secret_dict['policyPlatform']['Password'])
+ config['messageReaderAafUserId'] = secret_dict['dmaap']['UserName']
+ config['messageReaderAafPassword'] = decrypt_pass(secret_dict['dmaap']['Password'])
+ config['sdcUsername'] = secret_dict['sdc']['UserName']
+ config['sdcPassword'] = decrypt_pass(secret_dict['sdc']['Password'])
+ config['osdfPlacementUsername'] = secret_dict['osdfPlacement']['UserName']
+ config['osdfPlacementPassword'] = decrypt_pass(secret_dict['osdfPlacement']['Password'])
+ config['osdfPlacementSOUsername'] = secret_dict['osdfPlacementSO']['UserName']
+ config['osdfPlacementSOPassword'] = decrypt_pass(secret_dict['osdfPlacementSO']['Password'])
+ config['osdfPlacementVFCUsername'] = secret_dict['osdfPlacementVFC']['UserName']
+ config['osdfPlacementVFCPassword'] = decrypt_pass(secret_dict['osdfPlacementVFC']['Password'])
+ config['osdfCMSchedulerUsername'] = secret_dict['osdfCMScheduler']['UserName']
+ config['osdfCMSchedulerPassword'] = decrypt_pass(secret_dict['osdfCMScheduler']['Password'])
+ config['configDbUserName'] = secret_dict['configDb']['UserName']
+ config['configDbPassword'] = decrypt_pass(secret_dict['configDb']['Password'])
+ config['pciHMSUsername'] = secret_dict['pciHMS']['UserName']
+ config['pciHMSPassword'] = decrypt_pass(secret_dict['pciHMS']['Password'])
+ config['osdfPCIOptUsername'] = secret_dict['osdfPCIOpt']['UserName']
+ config['osdfPCIOptPassword'] = decrypt_pass(secret_dict['osdfPCIOpt']['Password'])
+ config['osdfOptEngineUsername'] = secret_dict['osdfOptEngine']['UserName']
+ config['osdfOptEnginePassword'] = decrypt_pass(secret_dict['osdfOptEngine']['Password'])
+ cfg_base.http_basic_auth_credentials = creds.load_credentials(osdf_config)
+ cfg_base.dmaap_creds = creds.dmaap_creds()
+
+
+def decrypt_pass(passwd):
+ config = osdf_config.deployment
+ if not config.get('appkey') or passwd == '' or passwd == 'NA':
+ return passwd
+ else:
+ return cipherUtils.AESCipher.get_instance().decrypt(passwd)
def delete_secrets():
- """ This is intended to delete the secrets for a clean initialization for
- testing Application. Actual deployment will have a preload script.
- Make sure the config is in sync"""
+ """delete_secrets()
+
+ This is intended to delete the secrets for a clean initialization for
+ testing Application. Actual deployment will have a preload script.
+ Make sure the config is in sync
+ """
config = osdf_config.deployment
sms_url = config["aaf_sms_url"]
timeout = config["aaf_sms_timeout"]
cacert = config["aaf_ca_certs"]
domain = config["secret_domain"]
- sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert)
- ret_val = sms_client.deleteDomain(domain)
- debug_log.debug("Clean up complete")
+ if sms_url:
+ sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert)
+ ret_val = sms_client.deleteDomain(domain)
+ debug_log.debug("Clean up complete")
+ else:
+ debug_log.debug("SMS Disabled. Secrets delete skipped")
return ret_val