diff options
Diffstat (limited to 'osdf')
-rw-r--r-- | osdf/adapters/aaf/sms.py | 39 | ||||
-rw-r--r-- | osdf/apps/baseapp.py | 23 | ||||
-rw-r--r-- | osdf/cmd/encryptionUtil.py | 50 | ||||
-rw-r--r-- | osdf/models/policy/placement/tosca/vnfPolicy-v20181031.yml | 14 | ||||
-rw-r--r-- | osdf/models/policy/placement/tosca_upload/onap.policies.optimization.VnfPolicy.yaml | 14 | ||||
-rw-r--r-- | osdf/optimizers/__init__.py | 17 | ||||
-rw-r--r-- | osdf/optimizers/licenseopt/__init__.py | 17 | ||||
-rw-r--r-- | osdf/optimizers/pciopt/__init__.py | 0 | ||||
-rw-r--r-- | osdf/optimizers/placementopt/__init__.py | 17 | ||||
-rw-r--r-- | osdf/optimizers/routeopt/__init__.py | 17 | ||||
-rw-r--r-- | osdf/utils/cipherUtils.py | 59 | ||||
-rw-r--r-- | osdf/utils/mdc_utils.py | 2 | ||||
-rw-r--r-- | osdf/webapp/appcontroller.py | 3 |
13 files changed, 175 insertions, 97 deletions
diff --git a/osdf/adapters/aaf/sms.py b/osdf/adapters/aaf/sms.py index 25ae7f2..fd3a5d5 100644 --- a/osdf/adapters/aaf/sms.py +++ b/osdf/adapters/aaf/sms.py @@ -1,6 +1,7 @@ # # ------------------------------------------------------------------------- # Copyright (c) 2018 Intel Corporation Intellectual Property +# Copyright (C) 2020 Wipro Limited. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,12 +21,12 @@ '''Secret Management Service Integration''' from onapsmsclient import Client - import osdf.config.base as cfg_base import osdf.config.credentials as creds import osdf.config.loader as config_loader from osdf.config.base import osdf_config from osdf.logging.osdf_logging import debug_log +from osdf.utils import cipherUtils config_spec = { "preload_secrets": "config/preload_secrets.yaml" @@ -70,40 +71,46 @@ def retrieve_secrets(): debug_log.debug("Secret Dictionary Retrieval Success") return secret_dict - def load_secrets(): config = osdf_config.deployment secret_dict = retrieve_secrets() config['soUsername'] = secret_dict['so']['UserName'] - config['soPassword'] = secret_dict['so']['Password'] + config['soPassword'] = decrypt_pass(secret_dict['so']['Password']) config['conductorUsername'] = secret_dict['conductor']['UserName'] - config['conductorPassword'] = secret_dict['conductor']['Password'] + config['conductorPassword'] = decrypt_pass(secret_dict['conductor']['Password']) config['policyPlatformUsername'] = secret_dict['policyPlatform']['UserName'] - config['policyPlatformPassword'] = secret_dict['policyPlatform']['Password'] - config['policyClientUsername'] = secret_dict['policyClient']['UserName'] - config['policyClientPassword'] = secret_dict['policyClient']['Password'] + config['policyPlatformPassword'] = decrypt_pass(secret_dict['policyPlatform']['Password']) + config['policyClientUsername'] = secret_dict['policyPlatform']['UserName'] + config['policyClientPassword'] = decrypt_pass(secret_dict['policyPlatform']['Password']) config['messageReaderAafUserId'] = secret_dict['dmaap']['UserName'] - config['messageReaderAafPassword'] = secret_dict['dmaap']['Password'] + config['messageReaderAafPassword'] = decrypt_pass(secret_dict['dmaap']['Password']) config['sdcUsername'] = secret_dict['sdc']['UserName'] - config['sdcPassword'] = secret_dict['sdc']['Password'] + config['sdcPassword'] = decrypt_pass(secret_dict['sdc']['Password']) config['osdfPlacementUsername'] = secret_dict['osdfPlacement']['UserName'] - config['osdfPlacementPassword'] = secret_dict['osdfPlacement']['Password'] + config['osdfPlacementPassword'] = decrypt_pass(secret_dict['osdfPlacement']['Password']) config['osdfPlacementSOUsername'] = secret_dict['osdfPlacementSO']['UserName'] - config['osdfPlacementSOPassword'] = secret_dict['osdfPlacementSO']['Password'] + config['osdfPlacementSOPassword'] = decrypt_pass(secret_dict['osdfPlacementSO']['Password']) config['osdfPlacementVFCUsername'] = secret_dict['osdfPlacementVFC']['UserName'] - config['osdfPlacementVFCPassword'] = secret_dict['osdfPlacementVFC']['Password'] + config['osdfPlacementVFCPassword'] = decrypt_pass(secret_dict['osdfPlacementVFC']['Password']) config['osdfCMSchedulerUsername'] = secret_dict['osdfCMScheduler']['UserName'] - config['osdfCMSchedulerPassword'] = secret_dict['osdfCMScheduler']['Password'] + config['osdfCMSchedulerPassword'] = decrypt_pass(secret_dict['osdfCMScheduler']['Password']) config['configDbUserName'] = secret_dict['configDb']['UserName'] - config['configDbPassword'] = secret_dict['configDb']['Password'] + config['configDbPassword'] = decrypt_pass(secret_dict['configDb']['Password']) config['pciHMSUsername'] = secret_dict['pciHMS']['UserName'] - config['pciHMSPassword'] = secret_dict['pciHMS']['Password'] + config['pciHMSPassword'] = decrypt_pass(secret_dict['pciHMS']['Password']) config['osdfPCIOptUsername'] = secret_dict['osdfPCIOpt']['UserName'] - config['osdfPCIOptPassword'] = secret_dict['osdfPCIOpt']['Password'] + config['osdfPCIOptPassword'] = decrypt_pass(secret_dict['osdfPCIOpt']['Password']) cfg_base.http_basic_auth_credentials = creds.load_credentials(osdf_config) cfg_base.dmaap_creds = creds.dmaap_creds() +def decrypt_pass(passwd): + if passwd == '' or passwd == 'NA': + return passwd + else: + return cipherUtils.AESCipher.get_instance().decrypt(passwd) + + def delete_secrets(): """ This is intended to delete the secrets for a clean initialization for testing Application. Actual deployment will have a preload script. diff --git a/osdf/apps/baseapp.py b/osdf/apps/baseapp.py index cfa7e5d..008ce1d 100644 --- a/osdf/apps/baseapp.py +++ b/osdf/apps/baseapp.py @@ -27,18 +27,17 @@ import time import traceback from optparse import OptionParser -import pydevd -from flask import Flask, request, Response, g -from requests import RequestException -from schematics.exceptions import DataError - import osdf.adapters.aaf.sms as sms import osdf.operation.responses +import pydevd +from flask import Flask, request, Response, g from osdf.config.base import osdf_config from osdf.logging.osdf_logging import error_log, debug_log from osdf.operation.error_handling import request_exception_to_json_body, internal_error_message from osdf.operation.exceptions import BusinessException from osdf.utils.mdc_utils import clear_mdc, mdc_from_json, default_mdc +from requests import RequestException +from schematics.exceptions import DataError ERROR_TEMPLATE = osdf.ERROR_TEMPLATE @@ -90,17 +89,19 @@ def handle_data_error(e): @app.before_request def log_request(): g.request_start = time.clock() - if request.get_json(): - - request_json = request.get_json() - g.request_id = request_json['requestInfo']['requestId'] - mdc_from_json(request_json) + if request.data: + if request.get_json(): + request_json = request.get_json() + g.request_id = request_json['requestInfo']['requestId'] + mdc_from_json(request_json) + else: + g.request_id = "N/A" + default_mdc() else: g.request_id = "N/A" default_mdc() - @app.after_request def log_response(response): clear_mdc() diff --git a/osdf/cmd/encryptionUtil.py b/osdf/cmd/encryptionUtil.py new file mode 100644 index 0000000..6c0cae2 --- /dev/null +++ b/osdf/cmd/encryptionUtil.py @@ -0,0 +1,50 @@ +# +# ------------------------------------------------------------------------- +# Copyright (c) 2015-2018 AT&T Intellectual Property +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ------------------------------------------------------------------------- +# +import sys +from osdf.utils import cipherUtils + + +def main(): + + if len(sys.argv) != 4: + print("Invalid input - usage --> (options(encrypt/decrypt) input-value with-key)") + return + + enc_dec = sys.argv[1] + valid_option_values = ['encrypt', 'decrypt'] + if enc_dec not in valid_option_values: + print("Invalid input - usage --> (options(encrypt/decrypt) input-value with-key)") + print("Option value can only be one of {}".format(valid_option_values)) + print("You entered '{}'".format(enc_dec)) + return + + input_string = sys.argv[2] + with_key = sys.argv[3] + + print("You've requested '{}' to be '{}ed' using key '{}'".format(input_string, enc_dec, with_key)) + print("You can always perform the reverse operation (encrypt/decrypt) using the same key" + "to be certain you get the same results back'") + + util = cipherUtils.AESCipher.get_instance(with_key) + if enc_dec.lower() == 'encrypt': + result = util.encrypt(input_string) + else: + result = util.decrypt(input_string) + + print("Your resultt: {}".format(result))
\ No newline at end of file diff --git a/osdf/models/policy/placement/tosca/vnfPolicy-v20181031.yml b/osdf/models/policy/placement/tosca/vnfPolicy-v20181031.yml index 46d8c32..8eaf178 100644 --- a/osdf/models/policy/placement/tosca/vnfPolicy-v20181031.yml +++ b/osdf/models/policy/placement/tosca/vnfPolicy-v20181031.yml @@ -69,3 +69,17 @@ data_types: unique: type: string required: false + attributes: + type: list + required: false + entry_schema: + type:policy.data.vnfProperties_filteringAttributes + passthroughAttributes: + type: list + required: false + entry_schema: + type:policy.data.vnfProperties_passthroughAttributes + policy.data.vnfProperties_filteringAttributes: + derived_from: tosca.nodes.Root + policy.data.vnfProperties_passthroughAttributes: + derived_from: tosca.nodes.Root diff --git a/osdf/models/policy/placement/tosca_upload/onap.policies.optimization.VnfPolicy.yaml b/osdf/models/policy/placement/tosca_upload/onap.policies.optimization.VnfPolicy.yaml index e1ec36d..e242a92 100644 --- a/osdf/models/policy/placement/tosca_upload/onap.policies.optimization.VnfPolicy.yaml +++ b/osdf/models/policy/placement/tosca_upload/onap.policies.optimization.VnfPolicy.yaml @@ -73,4 +73,18 @@ data_types: unique: type: string required: false + attributes: + type: list + required: false + entry_schema: + type:policy.data.vnfProperties_filteringAttributes + passthroughAttributes: + type: list + required: false + entry_schema: + type:policy.data.vnfProperties_passthroughAttributes + policy.data.vnfProperties_filteringAttributes: + derived_from: tosca.nodes.Root + policy.data.vnfProperties_passthroughAttributes: + derived_from: tosca.nodes.Root diff --git a/osdf/optimizers/__init__.py b/osdf/optimizers/__init__.py deleted file mode 100644 index 4b25e5b..0000000 --- a/osdf/optimizers/__init__.py +++ /dev/null @@ -1,17 +0,0 @@ -# ------------------------------------------------------------------------- -# Copyright (c) 2017-2018 AT&T Intellectual Property -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# ------------------------------------------------------------------------- -# diff --git a/osdf/optimizers/licenseopt/__init__.py b/osdf/optimizers/licenseopt/__init__.py deleted file mode 100644 index 4b25e5b..0000000 --- a/osdf/optimizers/licenseopt/__init__.py +++ /dev/null @@ -1,17 +0,0 @@ -# ------------------------------------------------------------------------- -# Copyright (c) 2017-2018 AT&T Intellectual Property -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# ------------------------------------------------------------------------- -# diff --git a/osdf/optimizers/pciopt/__init__.py b/osdf/optimizers/pciopt/__init__.py deleted file mode 100644 index e69de29..0000000 --- a/osdf/optimizers/pciopt/__init__.py +++ /dev/null diff --git a/osdf/optimizers/placementopt/__init__.py b/osdf/optimizers/placementopt/__init__.py deleted file mode 100644 index 4b25e5b..0000000 --- a/osdf/optimizers/placementopt/__init__.py +++ /dev/null @@ -1,17 +0,0 @@ -# ------------------------------------------------------------------------- -# Copyright (c) 2017-2018 AT&T Intellectual Property -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# ------------------------------------------------------------------------- -# diff --git a/osdf/optimizers/routeopt/__init__.py b/osdf/optimizers/routeopt/__init__.py deleted file mode 100644 index c235f2a..0000000 --- a/osdf/optimizers/routeopt/__init__.py +++ /dev/null @@ -1,17 +0,0 @@ -# ------------------------------------------------------------------------- -# Copyright (c) 2018 Huawei Intellectual Property -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# ------------------------------------------------------------------------- -# diff --git a/osdf/utils/cipherUtils.py b/osdf/utils/cipherUtils.py new file mode 100644 index 0000000..169f1a1 --- /dev/null +++ b/osdf/utils/cipherUtils.py @@ -0,0 +1,59 @@ +# +# ------------------------------------------------------------------------- +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ------------------------------------------------------------------------- + +from Crypto.Cipher import AES +from osdf.config.base import osdf_config +from Crypto.Util.Padding import unpad +from Crypto.Util.Padding import pad + + +class AESCipher(object): + __instance = None + + @staticmethod + def get_instance(key = None): + if AESCipher.__instance is None: + print("Creating the singleton instance") + AESCipher(key) + return AESCipher.__instance + + def __init__(self, key=None): + if AESCipher.__instance is not None: + raise Exception("This class is a singleton!") + else: + AESCipher.__instance = self + + self.bs = 32 + if key is None: + key = osdf_config.deployment["appkey"] + + self.key = key.encode() + + def encrypt(self, data): + data = data.encode() + cipher = AES.new(self.key, AES.MODE_CBC) + ciphered_data = cipher.encrypt(pad(data, AES.block_size)) + enc = (cipher.iv.hex())+(ciphered_data.hex()) + return enc + + def decrypt(self, enc): + iv = bytes.fromhex(enc[:32]) + ciphered_data = bytes.fromhex(enc[32:]) + cipher = AES.new(self.key, AES.MODE_CBC, iv=iv) + original_data = unpad(cipher.decrypt(ciphered_data), AES.block_size).decode() + return original_data diff --git a/osdf/utils/mdc_utils.py b/osdf/utils/mdc_utils.py index b98cbf0..bcd0615 100644 --- a/osdf/utils/mdc_utils.py +++ b/osdf/utils/mdc_utils.py @@ -36,7 +36,7 @@ def default_server_info(): MDC.put('server', server) if MDC.get('serverIPAddress') is None: try: - server_ip_address = socket.gethostbyname(self._fields['server']) + server_ip_address = socket.gethostbyname(MDC.get('server')) except Exception: server_ip_address = "" MDC.put('serverIPAddress', server_ip_address) diff --git a/osdf/webapp/appcontroller.py b/osdf/webapp/appcontroller.py index 9714fb5..e48e93f 100644 --- a/osdf/webapp/appcontroller.py +++ b/osdf/webapp/appcontroller.py @@ -35,6 +35,7 @@ error_body = { unauthorized_message = json.dumps(error_body) + @auth_basic.get_password def get_pw(username): end_point = request.url.split('/')[-1] @@ -42,6 +43,7 @@ def get_pw(username): return cfg_base.http_basic_auth_credentials[auth_group].get( username) if auth_group else None + @auth_basic.error_handler def auth_error(): response = Response(unauthorized_message, content_type='application/json; charset=utf-8') @@ -58,4 +60,3 @@ def verify_pw(username, password): else: pw = get_pw(username) return pw == password - return False
\ No newline at end of file |