From fa9960690db89b0695c266abdb9009e2331f6f3c Mon Sep 17 00:00:00 2001 From: Dileep Ranganathan Date: Thu, 27 Sep 2018 08:06:26 -0700 Subject: Retrieve secrets using Secret Management Service Integrate with OSDF by retrieving stored secrets using SMS Application code remains in tact as the secrets are preloaded and stored in config. The configs in clear text will be deprecated eventually. OOM needs to load aaf-sms and preload secrets before oof deployment. Updated to use domain name instead of domain uuid. Change-Id: I88a3c3dd2ad87753cc056fb63c8bbabd546707ab Issue-ID: OPTFRA-343 Signed-off-by: Dileep Ranganathan --- osdf/adapters/aaf/sms.py | 38 ++++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) (limited to 'osdf/adapters') diff --git a/osdf/adapters/aaf/sms.py b/osdf/adapters/aaf/sms.py index 976eb61..9c7af51 100644 --- a/osdf/adapters/aaf/sms.py +++ b/osdf/adapters/aaf/sms.py @@ -29,8 +29,6 @@ config_spec = { "preload_secrets": "config/preload_secrets.yaml" } -secret_cache = {} - def preload_secrets(): """ This is intended to load the secrets required for testing Application @@ -44,8 +42,9 @@ def preload_secrets(): timeout = config["aaf_sms_timeout"] cacert = config["aaf_ca_certs"] sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert) - domain = sms_client.createDomain(domain) - config["secret_domain"] = domain # uuid + domain_uuid = sms_client.createDomain(domain) + debug_log.debug( + "Created domain {} with uuid {}".format(domain, domain_uuid)) secrets = preload_config.get("secrets") for secret in secrets: sms_client.storeSecret(domain, secret.get('name'), @@ -70,6 +69,37 @@ def retrieve_secrets(): return secret_dict +def load_secrets(): + config = osdf_config.deployment + secret_dict = retrieve_secrets() + config['soUsername'] = secret_dict['so']['UserName'] + config['soPassword'] = secret_dict['so']['Password'] + config['conductorUsername'] = secret_dict['conductor']['UserName'] + config['conductorPassword'] = secret_dict['conductor']['Password'] + config['policyPlatformUsername'] = secret_dict['policyPlatform']['UserName'] + config['policyPlatformPassword'] = secret_dict['policyPlatform']['Password'] + config['policyClientUsername'] = secret_dict['policyClient']['UserName'] + config['policyClientPassword'] = secret_dict['policyClient']['Password'] + config['messageReaderAafUserId'] = secret_dict['dmaap']['UserName'] + config['messageReaderAafPassword'] = secret_dict['dmaap']['Password'] + config['sdcUsername'] = secret_dict['sdc']['UserName'] + config['sdcPassword'] = secret_dict['sdc']['Password'] + config['osdfPlacementUsername'] = secret_dict['osdfPlacement']['UserName'] + config['osdfPlacementPassword'] = secret_dict['osdfPlacement']['Password'] + config['osdfPlacementSOUsername'] = secret_dict['osdfPlacementSO']['UserName'] + config['osdfPlacementSOPassword'] = secret_dict['osdfPlacementSO']['Password'] + config['osdfPlacementVFCUsername'] = secret_dict['osdfPlacementVFC']['UserName'] + config['osdfPlacementVFCPassword'] = secret_dict['osdfPlacementVFC']['Password'] + config['osdfCMSchedulerUsername'] = secret_dict['osdfCMScheduler']['UserName'] + config['osdfCMSchedulerPassword'] = secret_dict['osdfCMScheduler']['Password'] + config['configDbUserName'] = secret_dict['configDb']['UserName'] + config['configDbPassword'] = secret_dict['configDb']['Password'] + config['pciHMSUsername'] = secret_dict['pciHMS']['UserName'] + config['pciHMSPassword'] = secret_dict['pciHMS']['Password'] + config['osdfPCIOptUsername'] = secret_dict['osdfPCIOpt']['UserName'] + config['osdfPCIOptPassword'] = secret_dict['osdfPCIOpt']['Password'] + + def delete_secrets(): """ This is intended to delete the secrets for a clean initialization for testing Application. Actual deployment will have a preload script. -- cgit 1.2.3-korg