Add age keypair generation for clusters and profiles
Change-Id: I0b30129e46cd7d9bee4861943ff255aaa711e517
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
diff --git a/osm_nbi/base_topic.py b/osm_nbi/base_topic.py
index 10ad1d6..48fe1dc 100644
--- a/osm_nbi/base_topic.py
+++ b/osm_nbi/base_topic.py
@@ -13,6 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from pyrage import x25519
import logging
import random
import string
@@ -696,6 +697,13 @@
)
_id = self.db.create(self.topic, profile_create)
+ pubkey, privkey = self._generate_age_key()
+ profile_create["age_pubkey"] = self.db.encrypt(
+ pubkey, schema_version="1.11", salt=_id
+ )
+ profile_create["age_privkey"] = self.db.encrypt(
+ privkey, schema_version="1.11", salt=_id
+ )
rollback.append({"topic": self.topic, "_id": _id})
self.db.set_one(self.topic, {"_id": _id}, profile_create)
if op_id:
@@ -1006,3 +1014,12 @@
profile_ids.remove(_id)
update_dict = {profile_type: profile_ids}
self.db.set_one("clusters", filter_q, update_dict)
+
+ def _generate_age_key(self):
+ ident = x25519.Identity.generate()
+ # gets the public key
+ pubkey = ident.to_public()
+ # gets the private key
+ privkey = str(ident)
+ # return both public and private key
+ return pubkey, privkey
diff --git a/osm_nbi/k8s_topics.py b/osm_nbi/k8s_topics.py
index b065c12..2011187 100644
--- a/osm_nbi/k8s_topics.py
+++ b/osm_nbi/k8s_topics.py
@@ -228,6 +228,14 @@
operation_params,
)
_id = self.db.create(self.topic, cls_create)
+ pubkey, privkey = self._generate_age_key()
+ cls_create["age_pubkey"] = self.db.encrypt(
+ pubkey, schema_version="1.11", salt=_id
+ )
+ cls_create["age_privkey"] = self.db.encrypt(
+ privkey, schema_version="1.11", salt=_id
+ )
+ # TODO: set age_pubkey and age_privkey in the default profiles
rollback.append({"topic": self.topic, "_id": _id})
self.db.set_one("clusters", {"_id": _id}, cls_create)
self._send_msg("create", {"cluster_id": _id, "operation_id": op_id})
diff --git a/requirements.in b/requirements.in
index 9096b53..624c559 100644
--- a/requirements.in
+++ b/requirements.in
@@ -16,6 +16,7 @@
deepdiff
jsonschema>=3.2.0
python-keystoneclient
+pyrage
pyyaml>6
requests
tacacs_plus
diff --git a/requirements.txt b/requirements.txt
index a477552..a068e78 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -128,6 +128,8 @@
# via cherrypy
pyparsing==3.1.2
# via oslo-utils
+pyrage==1.1.2
+ # via -r requirements.in
python-dateutil==2.9.0.post0
# via tempora
python-keystoneclient==5.4.0
diff --git a/tox.ini b/tox.ini
index 3c0217e..0d7fe8c 100644
--- a/tox.ini
+++ b/tox.ini
@@ -65,7 +65,7 @@
-r{toxinidir}/requirements-test.txt
pylint
commands =
- pylint -E osm_nbi
+ pylint -E osm_nbi --extension-pkg-allow-list=pyrage
#######################################################################################