bug559 use of encrypt/decrypt methods
Change-Id: Ic0ac895136f547a63102ea92867fc5bcb4e9132a
Signed-off-by: tierno <alfonso.tiernosepulveda@telefonica.com>
diff --git a/Dockerfile.local b/Dockerfile.local
index be26cfe..3f841cf 100644
--- a/Dockerfile.local
+++ b/Dockerfile.local
@@ -57,6 +57,11 @@
ENV OSMLCM_DATABASE_DRIVER mongo
ENV OSMLCM_DATABASE_HOST mongo
ENV OSMLCM_DATABASE_PORT 27017
+# ENV OSMLCM_DATABASE_USER xxx
+# ENV OSMLCM_DATABASE_PASSWORD xxx
+# ENV OSMLCM_DATABASE_MASTERPASSWORD xxx
+
+#storage
ENV OSMLCM_STORAGE_DRIVER local
ENV OSMLCM_STORAGE_PATH /app/storage
diff --git a/osm_lcm/lcm.cfg b/osm_lcm/lcm.cfg
index e85ad71..3c9b1fd 100644
--- a/osm_lcm/lcm.cfg
+++ b/osm_lcm/lcm.cfg
@@ -12,7 +12,7 @@
host: ro # hostname or IP
port: 9090
tenant: osm
- loglevel: DEBUG
+ # loglevel: DEBUG
# logfile: /var/log/osm/lcm-ro.log
#[VCA]
@@ -21,7 +21,7 @@
port: 17070
user: admin
secret: secret
- loglevel: DEBUG
+ # loglevel: DEBUG
# logfile: /var/log/osm/lcm-vca.log
#[database]
@@ -30,9 +30,10 @@
host: mongo # hostname or IP
port: 27017
name: osm
- user: user
- password: password
- loglevel: DEBUG
+ # user: user
+ # password: password
+ # masterpassword: "XXXXXX" # password used for encryption of sensible information
+ # loglevel: DEBUG
# logfile: /var/log/osm/lcm-database.log
#[storage]
@@ -40,7 +41,7 @@
driver: local # local filesystem
# for local provide file path
path: /app/storage
- loglevel: DEBUG
+ # loglevel: DEBUG
# logfile: /var/log/osm/lcm-storage.log
#[message]
@@ -51,5 +52,5 @@
# for kafka provide host and port
host: kafka
port: 9092
- loglevel: DEBUG
+ # loglevel: DEBUG
# logfile: /var/log/osm/lcm-message.log
diff --git a/osm_lcm/lcm.py b/osm_lcm/lcm.py
index d2e9b60..2a040af 100644
--- a/osm_lcm/lcm.py
+++ b/osm_lcm/lcm.py
@@ -25,7 +25,7 @@
__author__ = "Alfonso Tierno"
min_RO_version = [0, 5, 72]
min_n2vc_version = "0.0.2"
-min_common_version = "0.1.7"
+min_common_version = "0.1.11"
# uncomment if LCM is installed as library and installed, and get them from __init__.py
lcm_version = '0.1.18'
lcm_version_date = '2018-10-11'
@@ -385,12 +385,14 @@
if not k.startswith("OSMLCM_"):
continue
k_items = k.lower().split("_")
+ if len(k_items) < 3:
+ continue
+ if k_items[1] in ("ro", "vca"):
+ # put in capital letter
+ k_items[1] = k_items[1].upper()
c = conf
try:
for k_item in k_items[1:-1]:
- if k_item in ("ro", "vca"):
- # put in capital letter
- k_item = k_item.upper()
c = c[k_item]
if k_items[-1] == "port":
c[k_items[-1]] = int(v)
@@ -440,14 +442,14 @@
assert False, "Unhandled option"
if config_file:
if not path.isfile(config_file):
- print("configuration file '{}' that not exist".format(config_file), file=sys.stderr)
+ print("configuration file '{}' not exist".format(config_file), file=sys.stderr)
exit(1)
else:
for config_file in (__file__[:__file__.rfind(".")] + ".cfg", "./lcm.cfg", "/etc/osm/lcm.cfg"):
if path.isfile(config_file):
break
else:
- print("No configuration file 'nbi.cfg' found neither at local folder nor at /etc/osm/", file=sys.stderr)
+ print("No configuration file 'lcm.cfg' found neither at local folder nor at /etc/osm/", file=sys.stderr)
exit(1)
lcm = Lcm(config_file)
if health_check:
diff --git a/osm_lcm/vim_sdn.py b/osm_lcm/vim_sdn.py
index cf836bf..610bd97 100644
--- a/osm_lcm/vim_sdn.py
+++ b/osm_lcm/vim_sdn.py
@@ -13,6 +13,8 @@
class VimLcm(LcmBase):
+ # values that are encrypted at vim config because they are passwords
+ vim_config_encrypted = ("admin_password", "nsx_password", "vcenter_password")
def __init__(self, db, msg, fs, lcm_tasks, ro_config, loop):
"""
@@ -56,7 +58,7 @@
vim_RO = deepcopy(vim_content)
vim_RO.pop("_id", None)
vim_RO.pop("_admin", None)
- vim_RO.pop("schema_version", None)
+ schema_version = vim_RO.pop("schema_version", None)
vim_RO.pop("schema_type", None)
vim_RO.pop("vim_tenant_name", None)
vim_RO["type"] = vim_RO.pop("vim_type")
@@ -72,6 +74,10 @@
db_vim_update["_admin.detailed-status"] = step
self.update_db_2("vim_accounts", vim_id, db_vim_update)
+ if vim_content.get("vim_password"):
+ vim_content["vim_password"] = self.db.decrypt(vim_content["vim_password"],
+ schema_version=schema_version,
+ salt=vim_id)
vim_account_RO = {"vim_tenant_name": vim_content["vim_tenant_name"],
"vim_username": vim_content["vim_user"],
"vim_password": vim_content["vim_password"]
@@ -82,6 +88,12 @@
del vim_account_RO["config"]["sdn-controller"]
if "sdn-port-mapping" in vim_account_RO["config"]:
del vim_account_RO["config"]["sdn-port-mapping"]
+ for p in self.vim_config_encrypted:
+ if vim_account_RO["config"].get(p):
+ vim_account_RO["config"][p] = self.db.decrypt(vim_account_RO["config"][p],
+ schema_version=schema_version,
+ salt=vim_id)
+
desc = await RO.attach_datacenter(RO_vim_id, descriptor=vim_account_RO)
db_vim_update["_admin.deployed.RO-account"] = desc["uuid"]
db_vim_update["_admin.operationalState"] = "ENABLED"
@@ -156,7 +168,7 @@
vim_RO = deepcopy(vim_content)
vim_RO.pop("_id", None)
vim_RO.pop("_admin", None)
- vim_RO.pop("schema_version", None)
+ schema_version = vim_RO.pop("schema_version", None)
vim_RO.pop("schema_type", None)
vim_RO.pop("vim_tenant_name", None)
if "vim_type" in vim_RO:
@@ -178,9 +190,23 @@
del vim_content["config"]["sdn-port-mapping"]
if not vim_content["config"]:
del vim_content["config"]
- for k in ("vim_tenant_name", "vim_password", "config"):
- if k in vim_content:
- vim_account_RO[k] = vim_content[k]
+ if "vim_tenant_name" in vim_content:
+ vim_account_RO["vim_tenant_name"] = vim_content["vim_tenant_name"]
+ if "vim_password" in vim_content:
+ vim_account_RO["vim_password"] = vim_content["vim_password"]
+ if vim_content.get("vim_password"):
+ vim_account_RO["vim_password"] = self.db.decrypt(vim_content["vim_password"],
+ schema_version=schema_version,
+ salt=vim_id)
+ if "config" in vim_content:
+ vim_account_RO["config"] = vim_content["config"]
+ if vim_content.get("config"):
+ for p in self.vim_config_encrypted:
+ if vim_content["config"].get(p):
+ vim_account_RO["config"][p] = self.db.decrypt(vim_content["config"][p],
+ schema_version=schema_version,
+ salt=vim_id)
+
if "vim_user" in vim_content:
vim_content["vim_username"] = vim_content["vim_user"]
# vim_account must be edited always even if empty in order to ensure changes are translated to RO
@@ -291,9 +317,12 @@
sdn_RO = deepcopy(sdn_content)
sdn_RO.pop("_id", None)
sdn_RO.pop("_admin", None)
- sdn_RO.pop("schema_version", None)
+ schema_version = sdn_RO.pop("schema_version", None)
sdn_RO.pop("schema_type", None)
sdn_RO.pop("description", None)
+ if sdn_RO.get("password"):
+ sdn_RO["password"] = self.db.decrypt(sdn_RO["password"], schema_version=schema_version, salt=sdn_id)
+
desc = await RO.create("sdn", descriptor=sdn_RO)
RO_sdn_id = desc["uuid"]
db_sdn_update["_admin.deployed.RO"] = RO_sdn_id
@@ -332,9 +361,11 @@
sdn_RO = deepcopy(sdn_content)
sdn_RO.pop("_id", None)
sdn_RO.pop("_admin", None)
- sdn_RO.pop("schema_version", None)
+ schema_version = sdn_RO.pop("schema_version", None)
sdn_RO.pop("schema_type", None)
sdn_RO.pop("description", None)
+ if sdn_RO.get("password"):
+ sdn_RO["password"] = self.db.decrypt(sdn_RO["password"], schema_version=schema_version, salt=sdn_id)
if sdn_RO:
await RO.edit("sdn", RO_sdn_id, descriptor=sdn_RO)
db_sdn_update["_admin.operationalState"] = "ENABLED"