bug559 use of encrypt/decrypt methods

Change-Id: Ic0ac895136f547a63102ea92867fc5bcb4e9132a
Signed-off-by: tierno <alfonso.tiernosepulveda@telefonica.com>

diff --git a/Dockerfile.local b/Dockerfile.local
index be26cfe..3f841cf 100644 (file)
--- a/Dockerfile.local
+++ b/Dockerfile.local
@@ -57,6 +57,11 @@ ENV OSMLCM_VCA_SECRET:     secret
 ENV OSMLCM_DATABASE_DRIVER mongo
 ENV OSMLCM_DATABASE_HOST   mongo
 ENV OSMLCM_DATABASE_PORT   27017
+# ENV OSMLCM_DATABASE_USER  xxx
+# ENV OSMLCM_DATABASE_PASSWORD  xxx
+# ENV OSMLCM_DATABASE_MASTERPASSWORD  xxx
+
+#storage
 ENV OSMLCM_STORAGE_DRIVER  local
 ENV OSMLCM_STORAGE_PATH    /app/storage
 

diff --git a/osm_lcm/lcm.cfg b/osm_lcm/lcm.cfg
index e85ad71..3c9b1fd 100644 (file)
--- a/osm_lcm/lcm.cfg
+++ b/osm_lcm/lcm.cfg
@@ -12,7 +12,7 @@ RO:
     host:   ro          # hostname or IP
     port:   9090
     tenant: osm
-    loglevel: DEBUG
+    # loglevel: DEBUG
     # logfile:  /var/log/osm/lcm-ro.log
 
 #[VCA]
@@ -21,7 +21,7 @@ VCA:
     port:   17070
     user:   admin
     secret:   secret
-    loglevel: DEBUG
+    # loglevel: DEBUG
     # logfile:  /var/log/osm/lcm-vca.log
 
 #[database]
@@ -30,9 +30,10 @@ database:
     host:   mongo       # hostname or IP
     port:   27017
     name:   osm
-    user:   user
-    password:   password
-    loglevel: DEBUG
+    # user:   user
+    # password:   password
+    # masterpassword: "XXXXXX" # password used for encryption of sensible information
+    # loglevel: DEBUG
     # logfile:  /var/log/osm/lcm-database.log
 
 #[storage]
@@ -40,7 +41,7 @@ storage:
     driver: local       # local filesystem
     # for local provide file path
     path:   /app/storage
-    loglevel: DEBUG
+    # loglevel: DEBUG
     # logfile:  /var/log/osm/lcm-storage.log
 
 #[message]
@@ -51,5 +52,5 @@ message:
     # for kafka provide host and port
     host:   kafka
     port:   9092
-    loglevel: DEBUG
+    # loglevel: DEBUG
     # logfile:  /var/log/osm/lcm-message.log

diff --git a/osm_lcm/lcm.py b/osm_lcm/lcm.py
index d2e9b60..2a040af 100644 (file)
--- a/osm_lcm/lcm.py
+++ b/osm_lcm/lcm.py
@@ -25,7 +25,7 @@ from n2vc import version as n2vc_version
 __author__ = "Alfonso Tierno"
 min_RO_version = [0, 5, 72]
 min_n2vc_version = "0.0.2"
-min_common_version = "0.1.7"
+min_common_version = "0.1.11"
 # uncomment if LCM is installed as library and installed, and get them from __init__.py
 lcm_version = '0.1.18'
 lcm_version_date = '2018-10-11'
@@ -385,12 +385,14 @@ class Lcm:
                 if not k.startswith("OSMLCM_"):
                     continue
                 k_items = k.lower().split("_")
+                if len(k_items) < 3:
+                    continue
+                if k_items[1] in ("ro", "vca"):
+                    # put in capital letter
+                    k_items[1] = k_items[1].upper()
                 c = conf
                 try:
                     for k_item in k_items[1:-1]:
-                        if k_item in ("ro", "vca"):
-                            # put in capital letter
-                            k_item = k_item.upper()
                         c = c[k_item]
                     if k_items[-1] == "port":
                         c[k_items[-1]] = int(v)
@@ -440,14 +442,14 @@ if __name__ == '__main__':
                 assert False, "Unhandled option"
         if config_file:
             if not path.isfile(config_file):
-                print("configuration file '{}' that not exist".format(config_file), file=sys.stderr)
+                print("configuration file '{}' not exist".format(config_file), file=sys.stderr)
                 exit(1)
         else:
             for config_file in (__file__[:__file__.rfind(".")] + ".cfg", "./lcm.cfg", "/etc/osm/lcm.cfg"):
                 if path.isfile(config_file):
                     break
             else:
-                print("No configuration file 'nbi.cfg' found neither at local folder nor at /etc/osm/", file=sys.stderr)
+                print("No configuration file 'lcm.cfg' found neither at local folder nor at /etc/osm/", file=sys.stderr)
                 exit(1)
         lcm = Lcm(config_file)
         if health_check:

diff --git a/osm_lcm/vim_sdn.py b/osm_lcm/vim_sdn.py
index cf836bf..610bd97 100644 (file)
--- a/osm_lcm/vim_sdn.py
+++ b/osm_lcm/vim_sdn.py
@@ -13,6 +13,8 @@ __author__ = "Alfonso Tierno"
 
 
 class VimLcm(LcmBase):
+    # values that are encrypted at vim config because they are passwords
+    vim_config_encrypted = ("admin_password", "nsx_password", "vcenter_password")
 
     def __init__(self, db, msg, fs, lcm_tasks, ro_config, loop):
         """
@@ -56,7 +58,7 @@ class VimLcm(LcmBase):
             vim_RO = deepcopy(vim_content)
             vim_RO.pop("_id", None)
             vim_RO.pop("_admin", None)
-            vim_RO.pop("schema_version", None)
+            schema_version = vim_RO.pop("schema_version", None)
             vim_RO.pop("schema_type", None)
             vim_RO.pop("vim_tenant_name", None)
             vim_RO["type"] = vim_RO.pop("vim_type")
@@ -72,6 +74,10 @@ class VimLcm(LcmBase):
             db_vim_update["_admin.detailed-status"] = step
             self.update_db_2("vim_accounts", vim_id, db_vim_update)
 
+            if vim_content.get("vim_password"):
+                vim_content["vim_password"] = self.db.decrypt(vim_content["vim_password"],
+                                                              schema_version=schema_version,
+                                                              salt=vim_id)
             vim_account_RO = {"vim_tenant_name": vim_content["vim_tenant_name"],
                               "vim_username": vim_content["vim_user"],
                               "vim_password": vim_content["vim_password"]
@@ -82,6 +88,12 @@ class VimLcm(LcmBase):
                     del vim_account_RO["config"]["sdn-controller"]
                 if "sdn-port-mapping" in vim_account_RO["config"]:
                     del vim_account_RO["config"]["sdn-port-mapping"]
+                for p in self.vim_config_encrypted:
+                    if vim_account_RO["config"].get(p):
+                        vim_account_RO["config"][p] = self.db.decrypt(vim_account_RO["config"][p],
+                                                                      schema_version=schema_version,
+                                                                      salt=vim_id)
+
             desc = await RO.attach_datacenter(RO_vim_id, descriptor=vim_account_RO)
             db_vim_update["_admin.deployed.RO-account"] = desc["uuid"]
             db_vim_update["_admin.operationalState"] = "ENABLED"
@@ -156,7 +168,7 @@ class VimLcm(LcmBase):
                 vim_RO = deepcopy(vim_content)
                 vim_RO.pop("_id", None)
                 vim_RO.pop("_admin", None)
-                vim_RO.pop("schema_version", None)
+                schema_version = vim_RO.pop("schema_version", None)
                 vim_RO.pop("schema_type", None)
                 vim_RO.pop("vim_tenant_name", None)
                 if "vim_type" in vim_RO:
@@ -178,9 +190,23 @@ class VimLcm(LcmBase):
                         del vim_content["config"]["sdn-port-mapping"]
                     if not vim_content["config"]:
                         del vim_content["config"]
-                for k in ("vim_tenant_name", "vim_password", "config"):
-                    if k in vim_content:
-                        vim_account_RO[k] = vim_content[k]
+                if "vim_tenant_name" in vim_content:
+                    vim_account_RO["vim_tenant_name"] = vim_content["vim_tenant_name"]
+                if "vim_password" in vim_content:
+                    vim_account_RO["vim_password"] = vim_content["vim_password"]
+                if vim_content.get("vim_password"):
+                    vim_account_RO["vim_password"] = self.db.decrypt(vim_content["vim_password"],
+                                                                     schema_version=schema_version,
+                                                                     salt=vim_id)
+                if "config" in vim_content:
+                    vim_account_RO["config"] = vim_content["config"]
+                if vim_content.get("config"):
+                    for p in self.vim_config_encrypted:
+                        if vim_content["config"].get(p):
+                            vim_account_RO["config"][p] = self.db.decrypt(vim_content["config"][p],
+                                                                          schema_version=schema_version,
+                                                                          salt=vim_id)
+
                 if "vim_user" in vim_content:
                     vim_content["vim_username"] = vim_content["vim_user"]
                 # vim_account must be edited always even if empty in order to ensure changes are translated to RO
@@ -291,9 +317,12 @@ class SdnLcm(LcmBase):
             sdn_RO = deepcopy(sdn_content)
             sdn_RO.pop("_id", None)
             sdn_RO.pop("_admin", None)
-            sdn_RO.pop("schema_version", None)
+            schema_version = sdn_RO.pop("schema_version", None)
             sdn_RO.pop("schema_type", None)
             sdn_RO.pop("description", None)
+            if sdn_RO.get("password"):
+                sdn_RO["password"] = self.db.decrypt(sdn_RO["password"], schema_version=schema_version, salt=sdn_id)
+
             desc = await RO.create("sdn", descriptor=sdn_RO)
             RO_sdn_id = desc["uuid"]
             db_sdn_update["_admin.deployed.RO"] = RO_sdn_id
@@ -332,9 +361,11 @@ class SdnLcm(LcmBase):
                 sdn_RO = deepcopy(sdn_content)
                 sdn_RO.pop("_id", None)
                 sdn_RO.pop("_admin", None)
-                sdn_RO.pop("schema_version", None)
+                schema_version = sdn_RO.pop("schema_version", None)
                 sdn_RO.pop("schema_type", None)
                 sdn_RO.pop("description", None)
+                if sdn_RO.get("password"):
+                    sdn_RO["password"] = self.db.decrypt(sdn_RO["password"], schema_version=schema_version, salt=sdn_id)
                 if sdn_RO:
                     await RO.edit("sdn", RO_sdn_id, descriptor=sdn_RO)
                 db_sdn_update["_admin.operationalState"] = "ENABLED"