Decrypt fields from DB for specific vim and cluster mgmt operations
Change-Id: I76853740ecd53a8d36c6ae0e30e97ae4a9a524e0
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
diff --git a/osm_lcm/lcm.py b/osm_lcm/lcm.py
index 44d5c88..a138565 100644
--- a/osm_lcm/lcm.py
+++ b/osm_lcm/lcm.py
@@ -647,13 +647,14 @@
op_params = params
db_vim = self.db.get_one("vim_accounts", {"_id": vim_id})
vim_config = db_vim.get("config", {})
- self.db.encrypt_decrypt_fields(
- vim_config.get("credentials"),
- "decrypt",
- ["password", "secret"],
- schema_version=db_vim["schema_version"],
- salt=vim_id,
- )
+ if command in ("create", "created", "edit", "edited"):
+ self.db.encrypt_decrypt_fields(
+ vim_config.get("credentials"),
+ "decrypt",
+ ["password", "secret"],
+ schema_version=db_vim["schema_version"],
+ salt=vim_id,
+ )
self.logger.debug("Db Vim: {}".format(db_vim))
if command in ("create", "created"):
self.logger.debug("Main config: {}".format(self.main_config.to_dict()))
@@ -761,6 +762,21 @@
op_id = params["operation_id"]
cluster_id = params["cluster_id"]
db_cluster = self.db.get_one("clusters", {"_id": cluster_id})
+ if command in (
+ "create",
+ "created",
+ "register",
+ "registered",
+ "upgrade",
+ "scale",
+ ):
+ self.db.encrypt_decrypt_fields(
+ db_cluster,
+ "decrypt",
+ ["age_pubkey", "age_privkey"],
+ schema_version="1.11",
+ salt=cluster_id,
+ )
op_params = self.get_operation_params(db_cluster, op_id)
db_content = {
"cluster": db_cluster,