return True
return False
+ def decrypt_age_keys(self, content, fields=["age_pubkey", "age_privkey"]):
+ self.db.encrypt_decrypt_fields(
+ content,
+ "decrypt",
+ fields,
+ schema_version="1.11",
+ salt=content["_id"],
+ )
+
+ def encrypt_age_keys(self, content, fields=["age_pubkey", "age_privkey"]):
+ self.db.encrypt_decrypt_fields(
+ content,
+ "encrypt",
+ fields,
+ schema_version="1.11",
+ salt=content["_id"],
+ )
+
def decrypted_copy(self, content, fields=["age_pubkey", "age_privkey"]):
# This deep copy is intended to be passed to ODU workflows.
content_copy = copy.deepcopy(content)
op_params = self.get_operation_params(db_cluster, op_id)
# To copy the cluster content and decrypting fields to use in workflows
+ db_cluster_copy = self.decrypted_copy(db_cluster)
workflow_content = {
- "cluster": self.decrypted_copy(db_cluster),
+ "cluster": db_cluster_copy,
}
# To get the vim account details
# Update db_cluster
self.db.set_one("clusters", {"_id": db_cluster["_id"]}, db_cluster)
+ self.update_default_profile_agekeys(db_cluster_copy)
self.update_profile_state(db_cluster, workflow_status, resource_status)
# Register the cluster in k8sclusters collection
op_id, checkings_list, "clusters", db_cluster
)
+ def update_default_profile_agekeys(self, db_cluster):
+ profiles = [
+ "infra_controller_profiles",
+ "infra_config_profiles",
+ "app_profiles",
+ "resource_profiles",
+ ]
+ self.logger.debug("the db_cluster is :{}".format(db_cluster))
+ for profile_type in profiles:
+ profile_id = db_cluster[profile_type]
+ db_collection = self.profile_collection_mapping[profile_type]
+ db_profile = self.db.get_one(db_collection, {"_id": profile_id})
+ db_profile["age_pubkey"] = db_cluster["age_pubkey"]
+ db_profile["age_privkey"] = db_cluster["age_privkey"]
+ self.encrypt_age_keys(db_profile)
+ self.db.set_one(db_collection, {"_id": db_profile["_id"]}, db_profile)
+
def update_profile_state(self, db_cluster, workflow_status, resource_status):
profiles = [
"infra_controller_profiles",
"app_profiles",
"resource_profiles",
]
- """
- profiles_collection = {
- "infra_controller_profiles": "k8sinfra_controller",
- "infra_config_profiles": "k8sinfra_config",
- "app_profiles": "k8sapp",
- "resource_profiles": "k8sresource",
- }
- """
- self.logger.info("the db_cluster is :{}".format(db_cluster))
+ self.logger.debug("the db_cluster is :{}".format(db_cluster))
for profile_type in profiles:
profile_id = db_cluster[profile_type]
db_collection = self.profile_collection_mapping[profile_type]
db_profile["state"] = db_cluster["state"]
db_profile["resourceState"] = db_cluster["resourceState"]
db_profile["operatingState"] = db_cluster["operatingState"]
- db_profile["age_pubkey"] = db_cluster["age_pubkey"]
- db_profile["age_privkey"] = db_cluster["age_privkey"]
db_profile = self.update_operation_history(
db_profile, op_id, workflow_status, resource_status
)
profile_id = ksu_params["profile"]["_id"]
profile_collection = self.profile_collection_mapping[profile_type]
db_profile = self.db.get_one(profile_collection, {"_id": profile_id})
+ # db_profile is decrypted inline
+ # No need to use decrypted_copy because db_profile won't be updated.
+ self.decrypt_age_keys(db_profile)
ksu_params["profile"]["name"] = db_profile["name"]
ksu_params["profile"]["age_pubkey"] = db_profile.get("age_pubkey", "")
# Update ksu_params["oka"] with sw_catalog_path (when missing)
profile_id = ksu_params["profile"]["_id"]
profile_collection = self.profile_collection_mapping[profile_type]
db_profile = self.db.get_one(profile_collection, {"_id": profile_id})
+ # db_profile is decrypted inline
+ # No need to use decrypted_copy because db_profile won't be updated.
+ self.decrypt_age_keys(db_profile)
ksu_params["profile"]["name"] = db_profile["name"]
ksu_params["profile"]["age_pubkey"] = db_profile.get("age_pubkey", "")
# Update ksu_params["oka"] with sw_catalog_path (when missing)
ksu_params["profile"] = {}
ksu_params["profile"]["profile_type"] = db_ksu["profile"]["profile_type"]
ksu_params["profile"]["_id"] = db_ksu["profile"]["_id"]
- # Update ksu_params["profile"] with profile name and age-pubkey
+ # Update ksu_params["profile"] with profile name
profile_type = ksu_params["profile"]["profile_type"]
profile_id = ksu_params["profile"]["_id"]
profile_collection = self.profile_collection_mapping[profile_type]
db_profile = self.db.get_one(profile_collection, {"_id": profile_id})
ksu_params["profile"]["name"] = db_profile["name"]
- ksu_params["profile"]["age_pubkey"] = db_profile.get("age_pubkey", "")
op_params.append(ksu_params)
workflow_res, workflow_name = await self.odu.launch_workflow(
projects / osm / LCM.git / commitdiff