diff options
Diffstat (limited to 'osdf/adapters/aaf')
-rw-r--r-- | osdf/adapters/aaf/aaf_authentication.py | 46 | ||||
-rw-r--r-- | osdf/adapters/aaf/sms.py | 116 |
2 files changed, 103 insertions, 59 deletions
diff --git a/osdf/adapters/aaf/aaf_authentication.py b/osdf/adapters/aaf/aaf_authentication.py index 26eac29..b9aa510 100644 --- a/osdf/adapters/aaf/aaf_authentication.py +++ b/osdf/adapters/aaf/aaf_authentication.py @@ -17,12 +17,14 @@ # import base64 -import re -from datetime import datetime, timedelta +from datetime import datetime +from datetime import timedelta from flask import request +import re from osdf.config.base import osdf_config -from osdf.logging.osdf_logging import error_log, debug_log +from osdf.logging.osdf_logging import debug_log +from osdf.logging.osdf_logging import error_log from osdf.utils.interfaces import RestClient AUTHZ_PERMS_USER = '{}/authz/perms/user/{}' @@ -43,7 +45,6 @@ def authenticate(uid, passwd): return has_valid_role(perms) except Exception as exp: error_log.error("Error Authenticating the user {} : {}: ".format(uid, exp)) - pass return False @@ -57,27 +58,38 @@ else return false def has_valid_role(perms): aaf_user_roles = deploy_config['aaf_user_roles'] + aaf_roles = get_role_list(perms) + for roles in aaf_user_roles: path_perm = roles.split(':') uri = path_perm[0] - role = path_perm[1].split('|')[0] - if re.search(uri, request.path) and perms: - roles = perms.get('roles') - if roles: - perm_list = roles.get('perm') - for p in perm_list: - if role == p['type']: - return True + perm = path_perm[1].split('|') + p = (perm[0], perm[1], perm[2].split()[0]) + if re.search(uri, request.path) and p in aaf_roles: + return True return False + """ -Make the remote aaf api call if user is not in the cache. +Build a list of roles tuples from the AAF response. -Return the perms """ + + +def get_role_list(perms): + role_list = [] + if perms: + roles = perms.get('roles') + if roles: + perm = roles.get('perm', []) + for p in perm: + role_list.append((p['type'], p['instance'], p['action'])) + return role_list + + def get_aaf_permissions(uid, passwd): key = base64.b64encode(bytes("{}_{}".format(uid, passwd), "ascii")) - time_delta = timedelta(hours=deploy_config.get('aaf_cache_expiry_hrs', 3)) + time_delta = timedelta(minutes=deploy_config.get('aaf_cache_expiry_mins', 5)) perms = perm_cache.get(key) @@ -91,8 +103,8 @@ def get_aaf_permissions(uid, passwd): def remote_api(passwd, uid): - headers = {"Accept": "application/Users+xml;q=1.0;charset=utf-8;version=2.0,text/xml;q=1.0;version=2.0", - "Accept": "application/Users+json;q=1.0;charset=utf-8;version=2.0,application/json;q=1.0;version=2.0,*/*;q=1.0"} + headers = {"Accept": "application/Users+json;q=1.0;charset=utf-8;version=2.0,application/json;q=1.0;version=2.0," + "*/*;q=1.0"} url = AUTHZ_PERMS_USER.format(deploy_config['aaf_url'], uid) rc = RestClient(userid=uid, passwd=passwd, headers=headers, url=url, log_func=debug_log.debug, req_id='aaf_user_id') diff --git a/osdf/adapters/aaf/sms.py b/osdf/adapters/aaf/sms.py index 9c7af51..031fee4 100644 --- a/osdf/adapters/aaf/sms.py +++ b/osdf/adapters/aaf/sms.py @@ -1,6 +1,7 @@ # # ------------------------------------------------------------------------- # Copyright (c) 2018 Intel Corporation Intellectual Property +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +22,12 @@ from onapsmsclient import Client -import osdf.config.loader as config_loader +import osdf.config.base as cfg_base from osdf.config.base import osdf_config +import osdf.config.credentials as creds +import osdf.config.loader as config_loader from osdf.logging.osdf_logging import debug_log +from osdf.utils import cipherUtils config_spec = { "preload_secrets": "config/preload_secrets.yaml" @@ -31,9 +35,12 @@ config_spec = { def preload_secrets(): - """ This is intended to load the secrets required for testing Application - Actual deployment will have a preload script. Make sure the config is - in sync""" + """preload_secrets() + + This is intended to load the secrets required for testing Application + Actual deployment will have a preload script. Make sure the config is + in sync + """ preload_config = config_loader.load_config_file( config_spec.get("preload_secrets")) domain = preload_config.get("domain") @@ -41,6 +48,9 @@ def preload_secrets(): sms_url = config["aaf_sms_url"] timeout = config["aaf_sms_timeout"] cacert = config["aaf_ca_certs"] + if not sms_url: + debug_log.debug("SMS Disabled") + return sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert) domain_uuid = sms_client.createDomain(domain) debug_log.debug( @@ -60,58 +70,80 @@ def retrieve_secrets(): timeout = config["aaf_sms_timeout"] cacert = config["aaf_ca_certs"] domain = config["secret_domain"] - sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert) - secrets = sms_client.getSecretNames(domain) - for secret in secrets: - values = sms_client.getSecret(domain, secret) - secret_dict[secret] = values - debug_log.debug("Secret Dictionary Retrieval Success") + if sms_url: + sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert) + secrets = sms_client.getSecretNames(domain) + for secret in secrets: + values = sms_client.getSecret(domain, secret) + secret_dict[secret] = values + debug_log.debug("Secret Dictionary Retrieval Success") + else: + debug_log.debug("SMS Disabled. Secrets not loaded") return secret_dict def load_secrets(): config = osdf_config.deployment secret_dict = retrieve_secrets() - config['soUsername'] = secret_dict['so']['UserName'] - config['soPassword'] = secret_dict['so']['Password'] - config['conductorUsername'] = secret_dict['conductor']['UserName'] - config['conductorPassword'] = secret_dict['conductor']['Password'] - config['policyPlatformUsername'] = secret_dict['policyPlatform']['UserName'] - config['policyPlatformPassword'] = secret_dict['policyPlatform']['Password'] - config['policyClientUsername'] = secret_dict['policyClient']['UserName'] - config['policyClientPassword'] = secret_dict['policyClient']['Password'] - config['messageReaderAafUserId'] = secret_dict['dmaap']['UserName'] - config['messageReaderAafPassword'] = secret_dict['dmaap']['Password'] - config['sdcUsername'] = secret_dict['sdc']['UserName'] - config['sdcPassword'] = secret_dict['sdc']['Password'] - config['osdfPlacementUsername'] = secret_dict['osdfPlacement']['UserName'] - config['osdfPlacementPassword'] = secret_dict['osdfPlacement']['Password'] - config['osdfPlacementSOUsername'] = secret_dict['osdfPlacementSO']['UserName'] - config['osdfPlacementSOPassword'] = secret_dict['osdfPlacementSO']['Password'] - config['osdfPlacementVFCUsername'] = secret_dict['osdfPlacementVFC']['UserName'] - config['osdfPlacementVFCPassword'] = secret_dict['osdfPlacementVFC']['Password'] - config['osdfCMSchedulerUsername'] = secret_dict['osdfCMScheduler']['UserName'] - config['osdfCMSchedulerPassword'] = secret_dict['osdfCMScheduler']['Password'] - config['configDbUserName'] = secret_dict['configDb']['UserName'] - config['configDbPassword'] = secret_dict['configDb']['Password'] - config['pciHMSUsername'] = secret_dict['pciHMS']['UserName'] - config['pciHMSPassword'] = secret_dict['pciHMS']['Password'] - config['osdfPCIOptUsername'] = secret_dict['osdfPCIOpt']['UserName'] - config['osdfPCIOptPassword'] = secret_dict['osdfPCIOpt']['Password'] + if secret_dict: + config['soUsername'] = secret_dict['so']['UserName'] + config['soPassword'] = decrypt_pass(secret_dict['so']['Password']) + config['conductorUsername'] = secret_dict['conductor']['UserName'] + config['conductorPassword'] = decrypt_pass(secret_dict['conductor']['Password']) + config['policyPlatformUsername'] = secret_dict['policyPlatform']['UserName'] + config['policyPlatformPassword'] = decrypt_pass(secret_dict['policyPlatform']['Password']) + config['policyClientUsername'] = secret_dict['policyPlatform']['UserName'] + config['policyClientPassword'] = decrypt_pass(secret_dict['policyPlatform']['Password']) + config['messageReaderAafUserId'] = secret_dict['dmaap']['UserName'] + config['messageReaderAafPassword'] = decrypt_pass(secret_dict['dmaap']['Password']) + config['sdcUsername'] = secret_dict['sdc']['UserName'] + config['sdcPassword'] = decrypt_pass(secret_dict['sdc']['Password']) + config['osdfPlacementUsername'] = secret_dict['osdfPlacement']['UserName'] + config['osdfPlacementPassword'] = decrypt_pass(secret_dict['osdfPlacement']['Password']) + config['osdfPlacementSOUsername'] = secret_dict['osdfPlacementSO']['UserName'] + config['osdfPlacementSOPassword'] = decrypt_pass(secret_dict['osdfPlacementSO']['Password']) + config['osdfPlacementVFCUsername'] = secret_dict['osdfPlacementVFC']['UserName'] + config['osdfPlacementVFCPassword'] = decrypt_pass(secret_dict['osdfPlacementVFC']['Password']) + config['osdfCMSchedulerUsername'] = secret_dict['osdfCMScheduler']['UserName'] + config['osdfCMSchedulerPassword'] = decrypt_pass(secret_dict['osdfCMScheduler']['Password']) + config['configDbUserName'] = secret_dict['configDb']['UserName'] + config['configDbPassword'] = decrypt_pass(secret_dict['configDb']['Password']) + config['pciHMSUsername'] = secret_dict['pciHMS']['UserName'] + config['pciHMSPassword'] = decrypt_pass(secret_dict['pciHMS']['Password']) + config['osdfPCIOptUsername'] = secret_dict['osdfPCIOpt']['UserName'] + config['osdfPCIOptPassword'] = decrypt_pass(secret_dict['osdfPCIOpt']['Password']) + config['osdfOptEngineUsername'] = secret_dict['osdfOptEngine']['UserName'] + config['osdfOptEnginePassword'] = decrypt_pass(secret_dict['osdfOptEngine']['Password']) + cfg_base.http_basic_auth_credentials = creds.load_credentials(osdf_config) + cfg_base.dmaap_creds = creds.dmaap_creds() + + +def decrypt_pass(passwd): + config = osdf_config.deployment + if not config.get('appkey') or passwd == '' or passwd == 'NA': + return passwd + else: + return cipherUtils.AESCipher.get_instance().decrypt(passwd) def delete_secrets(): - """ This is intended to delete the secrets for a clean initialization for - testing Application. Actual deployment will have a preload script. - Make sure the config is in sync""" + """delete_secrets() + + This is intended to delete the secrets for a clean initialization for + testing Application. Actual deployment will have a preload script. + Make sure the config is in sync + """ config = osdf_config.deployment sms_url = config["aaf_sms_url"] timeout = config["aaf_sms_timeout"] cacert = config["aaf_ca_certs"] domain = config["secret_domain"] - sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert) - ret_val = sms_client.deleteDomain(domain) - debug_log.debug("Clean up complete") + if sms_url: + sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert) + ret_val = sms_client.deleteDomain(domain) + debug_log.debug("Clean up complete") + else: + debug_log.debug("SMS Disabled. Secrets delete skipped") return ret_val |