Fix AAF authentication in conductor api

author krishnaa96 <krishna.moorthy6@wipro.com>

Wed, 15 Apr 2020 16:05:53 +0000 (21:35 +0530)

committer krishnaa96 <krishna.moorthy6@wipro.com>

Wed, 15 Apr 2020 16:05:53 +0000 (21:35 +0530)
author krishnaa96 <krishna.moorthy6@wipro.com>
Wed, 15 Apr 2020 16:05:53 +0000 (21:35 +0530)
committer krishnaa96 <krishna.moorthy6@wipro.com>
Wed, 15 Apr 2020 16:05:53 +0000 (21:35 +0530)
diff --git a/conductor/conductor/api/adapters/aaf/aaf_authentication.py b/conductor/conductor/api/adapters/aaf/aaf_authentication.py

index fb0b9ab..9c3fa69 100644 (file)
--- a/conductor/conductor/api/adapters/aaf/aaf_authentication.py
+++ b/conductor/conductor/api/adapters/aaf/aaf_authentication.py
@@ -83,7 +83,7 @@ def clear_cache():
  def authenticate(uid, passwd):
      aafUser = None
      username = CONF.conductor_api.username
-    password = cipherUtils.AESCipher.get_instance().decrypt(CONF.conductor_api.password)
+    password = CONF.conductor_api.password
      if username == uid and password == passwd:
          aafUser = CONF.aaf_api.aaf_conductor_user
      else:
@@ -120,8 +120,8 @@ def has_valid_permissions(userPerms):
              userType = userPerm["type"]
              userInstance = userPerm["instance"]
              userAction = userPerm["action"]
-            if userType == permType and userInstance == permInstance and \
-                (userAction == permAction or userAction == "*"):
+            if userType == permType and (userInstance == permInstance or permInstance == "*") and \
+                (userAction == permAction or permAction == "*"):
                  # FS - trace
                  LOG.info("User has valid permissions ")
                  return True
@@ -133,7 +133,7 @@ Make the remote aaf api call if user is not in the cache.
  Return the perms
  """
  def get_aaf_permissions(aafUser):
-    key = base64.b64encode("{}".format(aafUser), "ascii")
+    key = base64.b64encode("{}".format(aafUser).encode())
      time_delta = timedelta(hours = CONF.aaf_api.aaf_cache_expiry_hrs)
  
      perms = perm_cache.get(key)
@@ -159,7 +159,7 @@ def remote_api(aafUser):
          "server_url": server_url,
          "retries": CONF.aaf_api.aaf_retries,
          "username": CONF.aaf_api.username,
-        "password": cipherUtils.AESCipher.get_instance().decrypt(CONF.aaf_api.password),
+        "password": CONF.aaf_api.password,
          "log_debug": LOG.debug,
          "read_timeout": CONF.aaf_api.aaf_timeout,
          "cert_file": CONF.aaf_api.aaf_cert_file,
diff --git a/conductor/conductor/api/controllers/v1/plans.py b/conductor/conductor/api/controllers/v1/plans.py

index 9fb7240..3d4dfc4 100644 (file)
--- a/conductor/conductor/api/controllers/v1/plans.py
+++ b/conductor/conductor/api/controllers/v1/plans.py
@@ -326,7 +326,7 @@ def check_auth():
              plan = False
              auth_str = pecan.request.headers['Authorization']
              user_pw = auth_str.split(' ')[1]
-            decode_user_pw = base64.b64decode(user_pw)
+            decode_user_pw = base64.b64decode(user_pw.encode()).decode()
              list_id_pw = decode_user_pw.split(':')
              LOG.error("Incorrect username={} / password={}".format(list_id_pw[0], list_id_pw[1]))
      except:
diff --git a/conductor/conductor/common/music/api.py b/conductor/conductor/common/music/api.py

index 05b930d..77b6a5a 100644 (file)
--- a/conductor/conductor/common/music/api.py
+++ b/conductor/conductor/common/music/api.py
@@ -138,7 +138,7 @@ class MusicAPI(object):
          }
          self.rest = rest.REST(**kwargs)
  
-        music_pwd = cipherUtils.AESCipher.get_instance().decrypt(CONF.music_api.aafpass)
+        music_pwd = CONF.music_api.aafpass
          # Set one parameter for connection mode
          # Currently depend on music version
          if CONF.music_api.enable_https_mode:
diff --git a/conductor/conductor/common/sms.py b/conductor/conductor/common/sms.py

index ed71b8a..b8f0649 100644 (file)
--- a/conductor/conductor/common/sms.py
+++ b/conductor/conductor/common/sms.py
@@ -102,16 +102,16 @@ def load_secrets():
      config = CONF
      secret_dict = retrieve_secrets()
      config.set_override('username', secret_dict['aai']['username'], 'aai')
-    config.set_override('password', secret_dict['aai']['password'], 'aai')
+    config.set_override('password', decrypt_pass(secret_dict['aai']['password']), 'aai')
      config.set_override('username', secret_dict['conductor_api']['username'], 'conductor_api')
      config.set_override('password', decrypt_pass(secret_dict['conductor_api']['password']), 'conductor_api')
      config.set_override('aafuser', secret_dict['music_api']['aafuser'], 'music_api')
-    config.set_override('aafpass', secret_dict['music_api']['aafpass'], 'music_api')
+    config.set_override('aafpass', decrypt_pass(secret_dict['music_api']['aafpass']), 'music_api')
      config.set_override('aafns', secret_dict['music_api']['aafns'], 'music_api')
      config.set_override('username', secret_dict['sdnc']['username'], 'sdnc')
-    config.set_override('password', secret_dict['sdnc']['password'], 'sdnc')
+    config.set_override('password', decrypt_pass(secret_dict['sdnc']['password']), 'sdnc')
      config.set_override('username', secret_dict['aaf_api']['username'], 'aaf_api')
-    config.set_override('password', secret_dict['aaf_api']['password'], 'aaf_api')
+    config.set_override('password', decrypt_pass(secret_dict['aaf_api']['password']), 'aaf_api')
      config.set_override('aaf_conductor_user', secret_dict['aaf_api']['aaf_conductor_user'], 'aaf_api')
  
  
diff --git a/conductor/conductor/data/plugins/inventory_provider/aai.py b/conductor/conductor/data/plugins/inventory_provider/aai.py

index 658f838..ddb857b 100644 (file)
--- a/conductor/conductor/data/plugins/inventory_provider/aai.py
+++ b/conductor/conductor/data/plugins/inventory_provider/aai.py
@@ -111,7 +111,7 @@ class AAI(base.InventoryProviderBase):
          self.timeout = self.conf.aai.aai_rest_timeout
          self.retries = self.conf.aai.aai_retries
          self.username = self.conf.aai.username
-        self.password = cipherUtils.AESCipher.get_instance().decrypt(self.conf.aai.password)
+        self.password = self.conf.aai.password
          self.triage_translator=TraigeTranslator()
  
          # Cache is initially empty
diff --git a/conductor/conductor/data/plugins/service_controller/sdnc.py b/conductor/conductor/data/plugins/service_controller/sdnc.py

index 1571b41..0384270 100644 (file)
--- a/conductor/conductor/data/plugins/service_controller/sdnc.py
+++ b/conductor/conductor/data/plugins/service_controller/sdnc.py
@@ -67,7 +67,7 @@ class SDNC(base.ServiceControllerBase):
          self.conf = CONF
  
          self.base = self.conf.sdnc.server_url.rstrip('/')
-        self.password = cipherUtils.AESCipher.get_instance().decrypt(self.conf.sdnc.password)
+        self.password = self.conf.sdnc.password
          self.timeout = self.conf.sdnc.sdnc_rest_timeout
          self.verify = False
          self.retries = self.conf.sdnc.sdnc_retries
author	krishnaa96 <krishna.moorthy6@wipro.com>
	Wed, 15 Apr 2020 16:05:53 +0000 (21:35 +0530)
committer	krishnaa96 <krishna.moorthy6@wipro.com>
	Wed, 15 Apr 2020 16:05:53 +0000 (21:35 +0530)
conductor/conductor/api/adapters/aaf/aaf_authentication.py		patch \| blob \| history
conductor/conductor/api/controllers/v1/plans.py		patch \| blob \| history
conductor/conductor/common/music/api.py		patch \| blob \| history
conductor/conductor/common/sms.py		patch \| blob \| history
conductor/conductor/data/plugins/inventory_provider/aai.py		patch \| blob \| history
conductor/conductor/data/plugins/service_controller/sdnc.py		patch \| blob \| history