2 # -------------------------------------------------------------------------
3 # Copyright (c) 2018 Intel Corporation Intellectual Property
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
17 # -------------------------------------------------------------------------
20 '''Secret Management Service Integration'''
21 from conductor.common import config_loader
22 from onapsmsclient import Client
23 from oslo_config import cfg
24 from oslo_log import log
27 from conductor.common.utils import cipherUtils
29 LOG = log.getLogger(__name__)
34 cfg.BoolOpt('is_enabled',
36 help='Is Secret Management service enabled'),
37 cfg.StrOpt('aaf_sms_url',
38 default='https://aaf-sms.onap:10443',
39 help='Base URL for SMS, up to and not including '
40 'the version, and without a trailing slash.'),
41 cfg.IntOpt('aaf_sms_timeout',
43 help='Timeout for SMS API Call'),
44 cfg.StrOpt('aaf_ca_certs',
45 default='AAF_RootCA.cer',
46 help='Path to the cacert that will be used to verify '
47 'If this is None, verify will be False and the server cert'
48 'is not verified by the client.'),
49 cfg.StrOpt('secret_domain',
51 help='Domain Name for HAS')
54 CONF.register_opts(AAF_SMS_OPTS, group='aaf_sms')
56 "preload_secrets": "../preload_secrets.yaml"
60 def preload_secrets():
61 """This is intended to load the secrets required for testing Application
63 Actual deployment will have a preload script. Make sure the config is
67 preload_config = config_loader.load_config_file(
68 config_spec.get("preload_secrets"))
69 domain = preload_config.get("domain")
71 sms_url = config.aaf_sms_url
72 timeout = config.aaf_sms_timeout
73 cacert = config.aaf_ca_certs
74 sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert)
75 domain_uuid = sms_client.createDomain(domain)
76 LOG.debug("Created domain {} with uuid {}".format(domain, domain_uuid))
77 secrets = preload_config.get("secrets")
78 for secret in secrets:
79 sms_client.storeSecret(domain, secret.get('name'),
81 LOG.debug("Preload secrets complete")
84 def retrieve_secrets():
85 """Get all secrets under the domain name"""
88 sms_url = config.aaf_sms_url
89 timeout = config.aaf_sms_timeout
90 cacert = config.aaf_ca_certs
91 domain = config.secret_domain
92 sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert)
93 secrets = sms_client.getSecretNames(domain)
94 for secret in secrets:
95 values = sms_client.getSecret(domain, secret)
96 secret_dict[secret] = values
97 LOG.debug("Secret Dictionary Retrieval Success")
103 secret_dict = retrieve_secrets()
104 config.set_override('username', secret_dict['aai']['username'], 'aai')
105 config.set_override('password', decrypt_pass(secret_dict['aai']['password']), 'aai')
106 config.set_override('username', secret_dict['conductor_api']['username'], 'conductor_api')
107 config.set_override('password', decrypt_pass(secret_dict['conductor_api']['password']), 'conductor_api')
108 config.set_override('aafuser', secret_dict['music_api']['aafuser'], 'music_api')
109 config.set_override('aafpass', decrypt_pass(secret_dict['music_api']['aafpass']), 'music_api')
110 config.set_override('aafns', secret_dict['music_api']['aafns'], 'music_api')
111 config.set_override('username', secret_dict['sdnc']['username'], 'sdnc')
112 config.set_override('password', decrypt_pass(secret_dict['sdnc']['password']), 'sdnc')
113 config.set_override('username', secret_dict['aaf_api']['username'], 'aaf_api')
114 config.set_override('password', decrypt_pass(secret_dict['aaf_api']['password']), 'aaf_api')
115 config.set_override('aaf_conductor_user', secret_dict['aaf_api']['aaf_conductor_user'], 'aaf_api')
116 config.set_override('username', secret_dict['sdc']['username'], 'sdc')
117 config.set_override('password', decrypt_pass(secret_dict['sdc']['password']), 'sdc')
120 def decrypt_pass(passwd):
121 if not CONF.auth.appkey or passwd == '' or passwd == 'NA':
124 return cipherUtils.AESCipher.get_instance().decrypt(passwd)
127 def delete_secrets():
128 """This is intended to delete the secrets for a clean initialization for
130 testing Application. Actual deployment will have a preload script.
132 Make sure the config is in sync
134 config = CONF.aaf_sms
135 sms_url = config.aaf_sms_url
136 timeout = config.aaf_sms_timeout
137 cacert = config.aaf_ca_certs
138 domain = config.secret_domain
139 sms_client = Client(url=sms_url, timeout=timeout, cacert=cacert)
140 ret_val = sms_client.deleteDomain(domain)
141 LOG.debug("Clean up complete")
145 if __name__ == "__main__":
146 # Initialize Secrets from SMS
149 # Retrieve Secrets from SMS and load to secret cache
150 # Use the secret_cache instead of config files
151 secret_cache = retrieve_secrets()
153 # Clean up Delete secrets and domain