From c3aa7ebbb6f17c93958103077614f5bdac9837b0 Mon Sep 17 00:00:00 2001
From: Dileep Ranganathan <dileep.ranganathan@intel.com>
Date: Fri, 12 Oct 2018 02:29:49 -0700
Subject: Enable SMS in OSDF

Load secrets from SMS in OSDF.
Removed secrets from osdf_config.yaml.
Unit tests to use the test/config/osdf_config.yaml.
Helm charts uses a Job to load secrets.
CSIT needs to load it using the preload tool provided by SMS.

Change-Id: I0f832033476c02958f6392abba74e4d5a36cc902
Issue-ID: OPTFRA-343
Signed-off-by: Dileep Ranganathan <dileep.ranganathan@intel.com>
---
 config/osdf_config.yaml                            | 47 ++--------------------
 osdf/adapters/aaf/sms.py                           |  4 ++
 osdf/webapp/appcontroller.py                       |  6 ++-
 osdfapp.py                                         |  5 ++-
 test/config/osdf_config.yaml                       | 14 +++++++
 .../simulators/simulated-config/osdf_config.yaml   | 13 ++++++
 tox.ini                                            |  4 +-
 7 files changed, 45 insertions(+), 48 deletions(-)

diff --git a/config/osdf_config.yaml b/config/osdf_config.yaml
index d78f227..8c6d9f1 100755
--- a/config/osdf_config.yaml
+++ b/config/osdf_config.yaml
@@ -10,14 +10,8 @@ placementDefaultMajorVersion: "1"
 placementDefaultMinorVersion: "0"
 placementDefaultPatchVersion: "0"
 
-# Credentials for SO
-soUsername: ""   # SO username for call back.
-soPassword: ""   # SO password for call back.
-
-# Credentials for Conductor
+# Config for Conductor
 conductorUrl: http://172.17.0.6:8091/v1/plans/
-conductorUsername: admin1
-conductorPassword: plan.15
 conductorPingWaitTime: 60  # seconds to wait before calling the conductor retry URL
 conductorMaxRetries: 30  # if we don't get something in 30 minutes, give up
 # versions to be set in HTTP header
@@ -26,39 +20,16 @@ conductorMinorVersion: 0
 # Policy Platform -- requires ClientAuth, Authorization, and Environment
 policyPlatformUrl: http://policy.api.simpledemo.onap.org:8081/pdp/api/getConfig # Policy Dev platform URL
 policyPlatformEnv: TEST  # Environment for policy platform
-policyPlatformUsername: testpdp   # Policy platform username.
-policyPlatformPassword: alpha123   # Policy platform password.
-policyClientUsername: python   # For use with ClientAuth
-policyClientPassword: test   # For use with ClientAuth
 
-# Credentials for DMaaP
+# Config for DMaaP
 messageReaderHosts: NA
 messageReaderTopic: NA
-messageReaderAafUserId: NA
-messageReaderAafPassword: NA
 
-# Credentials for SDC
+# Config for SDC
 sdcUrl: NA
-sdcUsername: NA
-sdcPassword: NA
 sdcONAPInstanceID: NA
 
-# Credentials for the OOF placement service - Generic
-osdfPlacementUsername: test
-osdfPlacementPassword: testpwd
-
-# Credentials for the OOF placement service - SO
-osdfPlacementSOUsername: so_test
-osdfPlacementSOPassword: so_testpwd
-
-# Credentials for the OOF placement service - VFC
-osdfPlacementVFCUsername: vfc_test
-osdfPlacementVFCPassword: vfc_testpwd
-
-# Credentials for the OOF CM scheduling service - Generic
-osdfCMSchedulerUsername: test1
-osdfCMSchedulerPassword: testpwd1
-
+# AAF Authentication config
 is_aaf_enabled: False
 aaf_cache_expiry_hrs: 3
 aaf_url: https://aaftest.simpledemo.onap.org:8095
@@ -73,15 +44,5 @@ aaf_ca_certs: ssl_certs/aaf_root_ca.cer
 
 # config db api
 configDbUrl: http://config.db.url:8080
-configDbUserName: osdf
-configDbPassword: passwd
 configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList'
 configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList'
-
-# Credentials for PCIHandler
-pciHMSUsername: ""   # pcihandler username for call back.
-pciHMSPassword: ""   # pcihandler password for call back.
-
-# Credentials for the OOF PCI Opt service
-osdfPCIOptUsername: pci_test
-osdfPCIOptPassword: pci_testpwd
diff --git a/osdf/adapters/aaf/sms.py b/osdf/adapters/aaf/sms.py
index 9c7af51..25ae7f2 100644
--- a/osdf/adapters/aaf/sms.py
+++ b/osdf/adapters/aaf/sms.py
@@ -21,6 +21,8 @@
 
 from onapsmsclient import Client
 
+import osdf.config.base as cfg_base
+import osdf.config.credentials as creds
 import osdf.config.loader as config_loader
 from osdf.config.base import osdf_config
 from osdf.logging.osdf_logging import debug_log
@@ -98,6 +100,8 @@ def load_secrets():
     config['pciHMSPassword'] = secret_dict['pciHMS']['Password']
     config['osdfPCIOptUsername'] = secret_dict['osdfPCIOpt']['UserName']
     config['osdfPCIOptPassword'] = secret_dict['osdfPCIOpt']['Password']
+    cfg_base.http_basic_auth_credentials = creds.load_credentials(osdf_config)
+    cfg_base.dmaap_creds = creds.dmaap_creds()
 
 
 def delete_secrets():
diff --git a/osdf/webapp/appcontroller.py b/osdf/webapp/appcontroller.py
index 3a5385d..9714fb5 100644
--- a/osdf/webapp/appcontroller.py
+++ b/osdf/webapp/appcontroller.py
@@ -21,7 +21,8 @@ from flask_httpauth import HTTPBasicAuth
 from flask import Response
 import json
 import osdf
-from osdf.config.base import http_basic_auth_credentials, osdf_config
+import osdf.config.base as cfg_base
+from osdf.config.base import osdf_config
 from osdf.adapters.aaf import aaf_authentication as aaf_auth
 
 auth_basic = HTTPBasicAuth()
@@ -38,7 +39,8 @@ unauthorized_message = json.dumps(error_body)
 def get_pw(username):
     end_point = request.url.split('/')[-1]
     auth_group = osdf.end_point_auth_mapping.get(end_point)
-    return http_basic_auth_credentials[auth_group].get(username) if auth_group else None
+    return cfg_base.http_basic_auth_credentials[auth_group].get(
+        username) if auth_group else None
 
 @auth_basic.error_handler
 def auth_error():
diff --git a/osdfapp.py b/osdfapp.py
index f43c215..9449bc9 100755
--- a/osdfapp.py
+++ b/osdfapp.py
@@ -28,6 +28,7 @@ from flask import Flask, request, Response, g
 import osdf
 import pydevd
 import json
+import osdf.adapters.aaf.sms as sms
 import osdf.adapters.policy.interface
 import osdf.config.credentials
 import osdf.config.loader
@@ -207,8 +208,8 @@ if __name__ == "__main__":
         common_app_opts.update({'ssl_context': tuple(ssl_opts)})
 
     opts = get_options(sys.argv)
-    # TODO(Dileep): Uncomment once Helm charts to preload secrets available
-    # sms.load_secrets()
+    # Load secrets from SMS
+    sms.load_secrets()
     if not opts.local and not opts.devtest:  # normal deployment
         app.run(port=internal_port, debug=False, **common_app_opts)
     else:
diff --git a/test/config/osdf_config.yaml b/test/config/osdf_config.yaml
index bc64ffd..8cff1d5 100755
--- a/test/config/osdf_config.yaml
+++ b/test/config/osdf_config.yaml
@@ -52,3 +52,17 @@ aaf_cache_expiry_hrs: 3
 aaf_url: https://aaftest.simpledemo.onap.org:8095
 aaf_user_roles:
     - /api/oof/v1/placement:org.onap.osdf.access|*|read ALL
+
+# Secret Management Service from AAF
+aaf_sms_url: https://aaf-sms.onap:10443
+aaf_sms_timeout: 30
+secret_domain: osdf
+aaf_ca_certs: ssl_certs/aaf_root_ca.cer
+
+# Credentials for PCIHandler
+pciHMSUsername: ""   # pcihandler username for call back.
+pciHMSPassword: ""   # pcihandler password for call back.
+
+# Credentials for the OOF PCI Opt service
+osdfPCIOptUsername: PCI-OSDF-USER
+osdfPCIOptPassword: PCI-OSDF-PASSWD
diff --git a/test/functest/simulators/simulated-config/osdf_config.yaml b/test/functest/simulators/simulated-config/osdf_config.yaml
index 9602c46..eccad14 100755
--- a/test/functest/simulators/simulated-config/osdf_config.yaml
+++ b/test/functest/simulators/simulated-config/osdf_config.yaml
@@ -47,6 +47,19 @@ osdfPlacementUrl: "http://127.0.0.1:24699/osdf/api/v2/placement"
 osdfPlacementUsername: "test"
 osdfPlacementPassword: "testpwd"
 
+# AAF Authentication config
+is_aaf_enabled: False
+aaf_cache_expiry_hrs: 3
+aaf_url: https://aaftest.simpledemo.onap.org:8095
+aaf_user_roles:
+    - /api/oof/v1/placement:org.onap.osdf.access|*|read ALL
+
+# Secret Management Service from AAF
+aaf_sms_url: https://aaf-sms.onap:10443
+aaf_sms_timeout: 30
+secret_domain: osdf
+aaf_ca_certs: ssl_certs/aaf_root_ca.cer
+
 # config db api
 configDbUrl: http://127.0.0.1:5000/simulated/configdb
 configDbUserName: osdf
diff --git a/tox.ini b/tox.ini
index 88b595d..0272bda 100644
--- a/tox.ini
+++ b/tox.ini
@@ -5,6 +5,8 @@ envlist = py3
 
 [testenv]
 distribute = False
+setenv   =
+    OSDF_CONFIG_FILE={toxinidir}/test/config/osdf_config.yaml
 commands =
     - cat /etc/hosts
     /bin/bash test/functest/scripts/start-simulators.sh
@@ -13,7 +15,7 @@ commands =
     coverage report -m --omit=".tox/py3/*","test/*"
     /bin/bash test/functest/scripts/stop-simulators.sh
     # TODO: need to update the above "omit" when we package osdf as pip-installable
-deps = -r{toxinidir}/requirements.txt 
+deps = -r{toxinidir}/requirements.txt
     -r{toxinidir}/test/test-requirements.txt
 
 [run]
-- 
cgit 1.2.3-korg