age_privkey and age_pubkey encrypted in the DB
Change-Id: Ifd02b566002c277884d2dd9c2cc8640d26f20b11
Signed-off-by: rshri <shrinithi.r@tataelxsi.co.in>
diff --git a/osm_lcm/k8s.py b/osm_lcm/k8s.py
index 888f7b3..ce2a457 100644
--- a/osm_lcm/k8s.py
+++ b/osm_lcm/k8s.py
@@ -18,6 +18,7 @@
"Shahithya Y <shahithya.y@tataelxsi.co.in>",
)
+import copy
import logging
from time import time
import traceback
@@ -119,6 +120,23 @@
else:
return await self.check_dummy_operation(op_id, op_params, content)
+ def decrypting_key(self, content):
+ # This deep copy is for to be passed to ODU workflows.
+ cluster_copy = copy.deepcopy(content)
+
+ # decrypting the key
+ self.db.encrypt_decrypt_fields(
+ cluster_copy,
+ "decrypt",
+ ["age_pubkey", "age_privkey"],
+ schema_version="1.11",
+ salt=cluster_copy["_id"],
+ )
+ db_cluster_copy = {
+ "cluster": cluster_copy,
+ }
+ return db_cluster_copy
+
class ClusterLcm(GitOpsLcm):
db_collection = "clusters"
@@ -144,8 +162,14 @@
self.logger.info("cluster Create Enter")
db_cluster = content["cluster"]
+ db_cluster_copy = self.decrypting_key(db_cluster)
+
+ # vim account details
+ db_vim = self.db.get_one("vim_accounts", {"name": db_cluster["vim_account"]})
+ db_cluster_copy["vim_account"] = db_vim
+
_, workflow_name = await self.odu.launch_workflow(
- "create_cluster", op_id, op_params, content
+ "create_cluster", op_id, op_params, db_cluster_copy
)
self.logger.info("workflow_name is :{}".format(workflow_name))
@@ -169,7 +193,7 @@
# Clean items used in the workflow, no matter if the workflow succeeded
clean_status, clean_msg = await self.odu.clean_items_workflow(
- "create_cluster", op_id, op_params, content
+ "create_cluster", op_id, op_params, db_cluster_copy
)
self.logger.info(
f"clean_status is :{clean_status} and clean_msg is :{clean_msg}"
@@ -177,7 +201,7 @@
if workflow_status:
resource_status, resource_msg = await self.check_resource_status(
- "create_cluster", op_id, op_params, content
+ "create_cluster", op_id, op_params, db_cluster_copy
)
self.logger.info(
"resource_status is :{} and resource_msg is :{}".format(
@@ -291,6 +315,8 @@
db_profile["state"] = db_cluster["state"]
db_profile["resourceState"] = db_cluster["resourceState"]
db_profile["operatingState"] = db_cluster["operatingState"]
+ db_profile["age_pubkey"] = db_cluster["age_pubkey"]
+ db_profile["age_privkey"] = db_profile["age_privkey"]
db_profile = self.update_operation_history(
db_profile, workflow_status, resource_status
)
@@ -533,8 +559,10 @@
self.logger.info("cluster register enter")
db_cluster = content["cluster"]
+ db_cluster_copy = self.decrypting_key(db_cluster)
+
_, workflow_name = await self.odu.launch_workflow(
- "register_cluster", op_id, op_params, content
+ "register_cluster", op_id, op_params, db_cluster_copy
)
self.logger.info("workflow_name is :{}".format(workflow_name))
@@ -558,7 +586,7 @@
# Clean items used in the workflow, no matter if the workflow succeeded
clean_status, clean_msg = await self.odu.clean_items_workflow(
- "register_cluster", op_id, op_params, content
+ "register_cluster", op_id, op_params, db_cluster_copy
)
self.logger.info(
f"clean_status is :{clean_status} and clean_msg is :{clean_msg}"
@@ -566,7 +594,7 @@
if workflow_status:
resource_status, resource_msg = await self.check_resource_status(
- "register_cluster", op_id, op_params, content
+ "register_cluster", op_id, op_params, db_cluster_copy
)
self.logger.info(
"resource_status is :{} and resource_msg is :{}".format(
@@ -583,7 +611,6 @@
db_cluster, workflow_status, resource_status
)
self.db.set_one("clusters", {"_id": db_cluster["_id"]}, db_cluster)
- self.update_profile_state(db_cluster, workflow_status, resource_status)
return
async def deregister(self, op_id, op_params, content):
@@ -681,8 +708,14 @@
self.logger.info("Cluster update Enter")
db_cluster = content["cluster"]
+ db_cluster_copy = self.decrypting_key(db_cluster)
+
+ # vim account details
+ db_vim = self.db.get_one("vim_accounts", {"name": db_cluster["vim_account"]})
+ db_cluster_copy["vim_account"] = db_vim
+
_, workflow_name = await self.odu.launch_workflow(
- "update_cluster", op_id, op_params, content
+ "update_cluster", op_id, op_params, db_cluster_copy
)
workflow_status, workflow_msg = await self.odu.check_workflow_status(
workflow_name
@@ -705,14 +738,14 @@
# Clean items used in the workflow, no matter if the workflow succeeded
clean_status, clean_msg = await self.odu.clean_items_workflow(
- "update_cluster", op_id, op_params, content
+ "update_cluster", op_id, op_params, db_cluster_copy
)
self.logger.info(
f"clean_status is :{clean_status} and clean_msg is :{clean_msg}"
)
if workflow_status:
resource_status, resource_msg = await self.check_resource_status(
- "update_cluster", op_id, op_params, content
+ "update_cluster", op_id, op_params, db_cluster_copy
)
self.logger.info(
"Resource Status: {} Resource Message: {}".format(
diff --git a/osm_lcm/lcm.py b/osm_lcm/lcm.py
index f4c8f32..68bdda9 100644
--- a/osm_lcm/lcm.py
+++ b/osm_lcm/lcm.py
@@ -762,6 +762,7 @@
op_id = params["operation_id"]
cluster_id = params["cluster_id"]
db_cluster = self.db.get_one("clusters", {"_id": cluster_id})
+ """
if command in (
"create",
"created",
@@ -777,6 +778,7 @@
schema_version="1.11",
salt=cluster_id,
)
+ """
op_params = self.get_operation_params(db_cluster, op_id)
db_content = {
"cluster": db_cluster,
@@ -784,10 +786,12 @@
if command == "create" or command == "created":
self.logger.debug("cluster_id = {}".format(cluster_id))
# db_vim = self.db.get_one("vim_accounts", {"_id": db_cluster["vim_account"]})
+ """
db_vim = self.db.get_one(
"vim_accounts", {"name": db_cluster["vim_account"]}
)
db_content["vim_account"] = db_vim
+ """
task = asyncio.ensure_future(
self.cluster.create(op_id, op_params, db_content)
)