Load secrets from SMS in OSDF.
Removed secrets from osdf_config.yaml.
Unit tests to use the test/config/osdf_config.yaml.
Helm charts uses a Job to load secrets.
CSIT needs to load it using the preload tool provided by SMS.
Change-Id: I0f832033476c02958f6392abba74e4d5a36cc902
Issue-ID: OPTFRA-343
Signed-off-by: Dileep Ranganathan <dileep.ranganathan@intel.com>
placementDefaultMinorVersion: "0"
placementDefaultPatchVersion: "0"
-# Credentials for SO
-soUsername: "" # SO username for call back.
-soPassword: "" # SO password for call back.
-
-# Credentials for Conductor
+# Config for Conductor
conductorUrl: http://172.17.0.6:8091/v1/plans/
-conductorUsername: admin1
-conductorPassword: plan.15
conductorPingWaitTime: 60 # seconds to wait before calling the conductor retry URL
conductorMaxRetries: 30 # if we don't get something in 30 minutes, give up
# versions to be set in HTTP header
# Policy Platform -- requires ClientAuth, Authorization, and Environment
policyPlatformUrl: http://policy.api.simpledemo.onap.org:8081/pdp/api/getConfig # Policy Dev platform URL
policyPlatformEnv: TEST # Environment for policy platform
-policyPlatformUsername: testpdp # Policy platform username.
-policyPlatformPassword: alpha123 # Policy platform password.
-policyClientUsername: python # For use with ClientAuth
-policyClientPassword: test # For use with ClientAuth
-# Credentials for DMaaP
+# Config for DMaaP
messageReaderHosts: NA
messageReaderTopic: NA
-messageReaderAafUserId: NA
-messageReaderAafPassword: NA
-# Credentials for SDC
+# Config for SDC
sdcUrl: NA
-sdcUsername: NA
-sdcPassword: NA
sdcONAPInstanceID: NA
-# Credentials for the OOF placement service - Generic
-osdfPlacementUsername: test
-osdfPlacementPassword: testpwd
-
-# Credentials for the OOF placement service - SO
-osdfPlacementSOUsername: so_test
-osdfPlacementSOPassword: so_testpwd
-
-# Credentials for the OOF placement service - VFC
-osdfPlacementVFCUsername: vfc_test
-osdfPlacementVFCPassword: vfc_testpwd
-
-# Credentials for the OOF CM scheduling service - Generic
-osdfCMSchedulerUsername: test1
-osdfCMSchedulerPassword: testpwd1
-
+# AAF Authentication config
is_aaf_enabled: False
aaf_cache_expiry_hrs: 3
aaf_url: https://aaftest.simpledemo.onap.org:8095
# config db api
configDbUrl: http://config.db.url:8080
-configDbUserName: osdf
-configDbPassword: passwd
configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList'
configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList'
-
-# Credentials for PCIHandler
-pciHMSUsername: "" # pcihandler username for call back.
-pciHMSPassword: "" # pcihandler password for call back.
-
-# Credentials for the OOF PCI Opt service
-osdfPCIOptUsername: pci_test
-osdfPCIOptPassword: pci_testpwd
from onapsmsclient import Client
+import osdf.config.base as cfg_base
+import osdf.config.credentials as creds
import osdf.config.loader as config_loader
from osdf.config.base import osdf_config
from osdf.logging.osdf_logging import debug_log
config['pciHMSPassword'] = secret_dict['pciHMS']['Password']
config['osdfPCIOptUsername'] = secret_dict['osdfPCIOpt']['UserName']
config['osdfPCIOptPassword'] = secret_dict['osdfPCIOpt']['Password']
+ cfg_base.http_basic_auth_credentials = creds.load_credentials(osdf_config)
+ cfg_base.dmaap_creds = creds.dmaap_creds()
def delete_secrets():
from flask import Response
import json
import osdf
-from osdf.config.base import http_basic_auth_credentials, osdf_config
+import osdf.config.base as cfg_base
+from osdf.config.base import osdf_config
from osdf.adapters.aaf import aaf_authentication as aaf_auth
auth_basic = HTTPBasicAuth()
def get_pw(username):
end_point = request.url.split('/')[-1]
auth_group = osdf.end_point_auth_mapping.get(end_point)
- return http_basic_auth_credentials[auth_group].get(username) if auth_group else None
+ return cfg_base.http_basic_auth_credentials[auth_group].get(
+ username) if auth_group else None
@auth_basic.error_handler
def auth_error():
import osdf
import pydevd
import json
+import osdf.adapters.aaf.sms as sms
import osdf.adapters.policy.interface
import osdf.config.credentials
import osdf.config.loader
common_app_opts.update({'ssl_context': tuple(ssl_opts)})
opts = get_options(sys.argv)
- # TODO(Dileep): Uncomment once Helm charts to preload secrets available
- # sms.load_secrets()
+ # Load secrets from SMS
+ sms.load_secrets()
if not opts.local and not opts.devtest: # normal deployment
app.run(port=internal_port, debug=False, **common_app_opts)
else:
aaf_url: https://aaftest.simpledemo.onap.org:8095
aaf_user_roles:
- /api/oof/v1/placement:org.onap.osdf.access|*|read ALL
+
+# Secret Management Service from AAF
+aaf_sms_url: https://aaf-sms.onap:10443
+aaf_sms_timeout: 30
+secret_domain: osdf
+aaf_ca_certs: ssl_certs/aaf_root_ca.cer
+
+# Credentials for PCIHandler
+pciHMSUsername: "" # pcihandler username for call back.
+pciHMSPassword: "" # pcihandler password for call back.
+
+# Credentials for the OOF PCI Opt service
+osdfPCIOptUsername: PCI-OSDF-USER
+osdfPCIOptPassword: PCI-OSDF-PASSWD
osdfPlacementUsername: "test"
osdfPlacementPassword: "testpwd"
+# AAF Authentication config
+is_aaf_enabled: False
+aaf_cache_expiry_hrs: 3
+aaf_url: https://aaftest.simpledemo.onap.org:8095
+aaf_user_roles:
+ - /api/oof/v1/placement:org.onap.osdf.access|*|read ALL
+
+# Secret Management Service from AAF
+aaf_sms_url: https://aaf-sms.onap:10443
+aaf_sms_timeout: 30
+secret_domain: osdf
+aaf_ca_certs: ssl_certs/aaf_root_ca.cer
+
# config db api
configDbUrl: http://127.0.0.1:5000/simulated/configdb
configDbUserName: osdf
[testenv]
distribute = False
+setenv =
+ OSDF_CONFIG_FILE={toxinidir}/test/config/osdf_config.yaml
commands =
- cat /etc/hosts
/bin/bash test/functest/scripts/start-simulators.sh
coverage report -m --omit=".tox/py3/*","test/*"
/bin/bash test/functest/scripts/stop-simulators.sh
# TODO: need to update the above "omit" when we package osdf as pip-installable
-deps = -r{toxinidir}/requirements.txt
+deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test/test-requirements.txt
[run]