2 # -------------------------------------------------------------------------
3 # Copyright (c) 2018 Intel Corporation Intellectual Property
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
17 # -------------------------------------------------------------------------
20 '''Secret Management Service Integration'''
21 from conductor.common import config_loader
22 from onapsmsclient import Client
24 from oslo_config import cfg
25 from oslo_log import log
27 LOG = log.getLogger(__name__)
32 cfg.StrOpt('aaf_sms_url',
33 default='https://aaf-sms.onap:10443',
34 help='Base URL for SMS, up to and not including '
35 'the version, and without a trailing slash.'),
36 cfg.IntOpt('aaf_sms_timeout',
38 help='Timeout for SMS API Call'),
39 cfg.StrOpt('aaf_ca_certs',
40 default='AAF_RootCA.cer',
41 help='Path to the cacert that will be used to verify '
42 'If this is None, verify will be False and the server cert'
43 'is not verified by the client.'),
44 cfg.StrOpt('secret_domain',
46 help='Domain UUID - A unique UUID generated when the domain'
47 'for HAS is created by administrator during deployment')
50 CONF.register_opts(AAF_SMS_OPTS, group='aaf_sms')
52 "preload_secrets": "../preload_secrets.yaml"
58 def preload_secrets():
59 """ This is intended to load the secrets required for testing Application
60 Actual deployment will have a preload script. Make sure the config is
62 preload_config = config_loader.load_config_file(
63 config_spec.get("preload_secrets"))
64 domain = preload_config.get("domain")
66 sms_url = config.aaf_sms_url
67 timeout = config.aaf_sms_timeout
68 cacert = config.aaf_ca_certs
69 sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert)
70 domain = sms_client.createDomain(domain)
71 config.secret_domain = domain # uuid
72 secrets = preload_config.get("secrets")
73 for secret in secrets:
74 sms_client.storeSecret(domain, secret.get('name'),
76 LOG.debug("Preload secrets complete")
79 def retrieve_secrets():
80 """Get all secrets under the domain name"""
83 sms_url = config.aaf_sms_url
84 timeout = config.aaf_sms_timeout
85 cacert = config.aaf_ca_certs
86 domain = config.secret_domain
87 sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert)
88 secrets = sms_client.getSecretNames(domain)
89 for secret in secrets:
90 values = sms_client.getSecret(domain, secret)
91 secret_dict[secret] = values
92 LOG.debug("Secret Dictionary Retrieval Success")
97 """ This is intended to delete the secrets for a clean initialization for
98 testing Application. Actual deployment will have a preload script.
99 Make sure the config is in sync"""
100 config = CONF.aaf_sms
101 sms_url = config.aaf_sms_url
102 timeout = config.aaf_sms_timeout
103 cacert = config.aaf_ca_certs
104 domain = config.secret_domain
105 sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert)
106 ret_val = sms_client.deleteDomain(domain)
107 LOG.debug("Clean up complete")
111 if __name__ == "__main__":
112 # Initialize Secrets from SMS
115 # Retrieve Secrets from SMS and load to secret cache
116 # Use the secret_cache instead of config files
117 secret_cache = retrieve_secrets()
119 # Clean up Delete secrets and domain