Bug 559 use schema_version 1.1 and encrypt passwds 70/6870/3
authortierno <alfonso.tiernosepulveda@telefonica.com>
Mon, 12 Nov 2018 14:22:37 +0000 (15:22 +0100)
committertierno <alfonso.tiernosepulveda@telefonica.com>
Thu, 15 Nov 2018 10:20:40 +0000 (11:20 +0100)
Change-Id: I8f949a0e68460b5d81fc0b7392fe700494a6c4be
Signed-off-by: tierno <alfonso.tiernosepulveda@telefonica.com>
Dockerfile.local
osm_nbi/admin_topics.py
osm_nbi/html_public/version
osm_nbi/nbi.cfg

index da13878..7096163 100644 (file)
@@ -56,7 +56,7 @@ ENV OSMNBI_DATABASE_HOST                        mongo
 ENV OSMNBI_DATABASE_PORT                        27017
 # ENV OSMNBI_DATABASE_USER                      xxx
 # ENV OSMNBI_DATABASE_PASSWORD                  xxx
-# ENV OSMNBI_DATABASE_MASTERPASSWORD            xxx
+# ENV OSMNBI_DATABASE_COMMONKEY                 xxx
 # web
 ENV OSMNBI_STATIC_DIR                           /app/osm_nbi/html_public
 # logs
@@ -67,7 +67,7 @@ ENV OSMNBI_MESSAGE_DRIVER                       kafka
 ENV OSMNBI_MESSAGE_HOST                         kafka
 ENV OSMNBI_MESSAGE_PORT                         9092
 # logs
-ENV OSMNBI_LOG_FILE                             /app/log/nbi.log
+ENV OSMNBI_LOG_FILE                             /app/log/nbi.log
 ENV OSMNBI_LOG_LEVEL                            DEBUG
 # authentication
 ENV OSMNBI_AUTHENTICATION_BACKEND               internal
index 3b5da53..091ac88 100644 (file)
@@ -128,6 +128,7 @@ class VimAccountTopic(BaseTopic):
     topic_msg = "vim_account"
     schema_new = vim_account_new_schema
     schema_edit = vim_account_edit_schema
+    vim_config_encrypted = ("admin_password", "nsx_password", "vcenter_password")
 
     def __init__(self, db, fs, msg):
         BaseTopic.__init__(self, db, fs, msg)
@@ -136,12 +137,35 @@ class VimAccountTopic(BaseTopic):
         self.check_unique_name(session, indata["name"], _id=None)
 
     def check_conflict_on_edit(self, session, final_content, edit_content, _id, force=False):
-        if edit_content.get("name"):
+        if not force and edit_content.get("name"):
             self.check_unique_name(session, edit_content["name"], _id=_id)
 
-    @staticmethod
-    def format_on_new(content, project_id=None, make_public=False):
-        BaseTopic.format_on_new(content, project_id=project_id, make_public=False)
+        # encrypt passwords
+        schema_version = final_content.get("schema_version")
+        if schema_version:
+            if edit_content.get("vim_password"):
+                final_content["vim_password"] = self.db.encrypt(edit_content["vim_password"],
+                                                                schema_version=schema_version, salt=_id)
+            if edit_content.get("config"):
+                for p in self.vim_config_encrypted:
+                    if edit_content["config"].get(p):
+                        final_content["config"][p] = self.db.encrypt(edit_content["config"][p],
+                                                                     schema_version=schema_version, salt=_id)
+
+    def format_on_new(self, content, project_id=None, make_public=False):
+        BaseTopic.format_on_new(content, project_id=project_id, make_public=make_public)
+        content["schema_version"] = schema_version = "1.1"
+
+        # encrypt passwords
+        if content.get("vim_password"):
+            content["vim_password"] = self.db.encrypt(content["vim_password"], schema_version=schema_version,
+                                                      salt=content["_id"])
+        if content.get("config"):
+            for p in self.vim_config_encrypted:
+                if content["config"].get(p):
+                    content["config"][p] = self.db.encrypt(content["config"][p], schema_version=schema_version,
+                                                           salt=content["_id"])
+
         content["_admin"]["operationalState"] = "PROCESSING"
 
     def delete(self, session, _id, force=False, dry_run=False):
@@ -176,12 +200,23 @@ class SdnTopic(BaseTopic):
         self.check_unique_name(session, indata["name"], _id=None)
 
     def check_conflict_on_edit(self, session, final_content, edit_content, _id, force=False):
-        if edit_content.get("name"):
+        if not force and edit_content.get("name"):
             self.check_unique_name(session, edit_content["name"], _id=_id)
 
-    @staticmethod
-    def format_on_new(content, project_id=None, make_public=False):
-        BaseTopic.format_on_new(content, project_id=project_id, make_public=False)
+        # encrypt passwords
+        schema_version = final_content.get("schema_version")
+        if schema_version and edit_content.get("password"):
+            final_content["password"] = self.db.encrypt(edit_content["password"], schema_version=schema_version,
+                                                        salt=_id)
+
+    def format_on_new(self, content, project_id=None, make_public=False):
+        BaseTopic.format_on_new(content, project_id=project_id, make_public=make_public)
+        content["schema_version"] = schema_version = "1.1"
+        # encrypt passwords
+        if content.get("password"):
+            content["password"] = self.db.encrypt(content["password"], schema_version=schema_version,
+                                                  salt=content["_id"])
+
         content["_admin"]["operationalState"] = "PROCESSING"
 
     def delete(self, session, _id, force=False, dry_run=False):
index f681730..80d6895 100644 (file)
@@ -1,2 +1,2 @@
-0.1.25
-2018-11-08
+0.1.26
+2018-11-15
index 215211d..1dbc9ca 100644 (file)
@@ -50,7 +50,7 @@ port: 27017
 name: "osm"
 # user: "user"
 # password: "password"
-# materpassword: "mpasswd"
+# commonkey: "commonkey"
 
 loglevel:  "DEBUG"
 #logfile: /var/log/osm/nbi-database.log