From c356494032f79d110b35ffcb5a29bfa3bf299529 Mon Sep 17 00:00:00 2001
From: rshri <shrinithi.r@tataelxsi.co.in>
Date: Tue, 12 Nov 2024 18:12:38 +0000
Subject: [PATCH] age_privkey and age_pubkey encrypted in the DB

Change-Id: Ifd02b566002c277884d2dd9c2cc8640d26f20b11
Signed-off-by: rshri <shrinithi.r@tataelxsi.co.in>
---
 osm_lcm/k8s.py | 53 ++++++++++++++++++++++++++++++++++++++++----------
 osm_lcm/lcm.py |  4 ++++
 2 files changed, 47 insertions(+), 10 deletions(-)

diff --git a/osm_lcm/k8s.py b/osm_lcm/k8s.py
index 888f7b3..ce2a457 100644
--- a/osm_lcm/k8s.py
+++ b/osm_lcm/k8s.py
@@ -18,6 +18,7 @@ __author__ = (
     "Shahithya Y <shahithya.y@tataelxsi.co.in>",
 )
 
+import copy
 import logging
 from time import time
 import traceback
@@ -119,6 +120,23 @@ class GitOpsLcm(LcmBase):
         else:
             return await self.check_dummy_operation(op_id, op_params, content)
 
+    def decrypting_key(self, content):
+        # This deep copy is for to be passed to ODU workflows.
+        cluster_copy = copy.deepcopy(content)
+
+        # decrypting the key
+        self.db.encrypt_decrypt_fields(
+            cluster_copy,
+            "decrypt",
+            ["age_pubkey", "age_privkey"],
+            schema_version="1.11",
+            salt=cluster_copy["_id"],
+        )
+        db_cluster_copy = {
+            "cluster": cluster_copy,
+        }
+        return db_cluster_copy
+
 
 class ClusterLcm(GitOpsLcm):
     db_collection = "clusters"
@@ -144,8 +162,14 @@ class ClusterLcm(GitOpsLcm):
         self.logger.info("cluster Create Enter")
         db_cluster = content["cluster"]
 
+        db_cluster_copy = self.decrypting_key(db_cluster)
+
+        # vim account details
+        db_vim = self.db.get_one("vim_accounts", {"name": db_cluster["vim_account"]})
+        db_cluster_copy["vim_account"] = db_vim
+
         _, workflow_name = await self.odu.launch_workflow(
-            "create_cluster", op_id, op_params, content
+            "create_cluster", op_id, op_params, db_cluster_copy
         )
         self.logger.info("workflow_name is :{}".format(workflow_name))
 
@@ -169,7 +193,7 @@ class ClusterLcm(GitOpsLcm):
 
         # Clean items used in the workflow, no matter if the workflow succeeded
         clean_status, clean_msg = await self.odu.clean_items_workflow(
-            "create_cluster", op_id, op_params, content
+            "create_cluster", op_id, op_params, db_cluster_copy
         )
         self.logger.info(
             f"clean_status is :{clean_status} and clean_msg is :{clean_msg}"
@@ -177,7 +201,7 @@ class ClusterLcm(GitOpsLcm):
 
         if workflow_status:
             resource_status, resource_msg = await self.check_resource_status(
-                "create_cluster", op_id, op_params, content
+                "create_cluster", op_id, op_params, db_cluster_copy
             )
             self.logger.info(
                 "resource_status is :{} and resource_msg is :{}".format(
@@ -291,6 +315,8 @@ class ClusterLcm(GitOpsLcm):
             db_profile["state"] = db_cluster["state"]
             db_profile["resourceState"] = db_cluster["resourceState"]
             db_profile["operatingState"] = db_cluster["operatingState"]
+            db_profile["age_pubkey"] = db_cluster["age_pubkey"]
+            db_profile["age_privkey"] = db_profile["age_privkey"]
             db_profile = self.update_operation_history(
                 db_profile, workflow_status, resource_status
             )
@@ -533,8 +559,10 @@ class ClusterLcm(GitOpsLcm):
         self.logger.info("cluster register enter")
         db_cluster = content["cluster"]
 
+        db_cluster_copy = self.decrypting_key(db_cluster)
+
         _, workflow_name = await self.odu.launch_workflow(
-            "register_cluster", op_id, op_params, content
+            "register_cluster", op_id, op_params, db_cluster_copy
         )
         self.logger.info("workflow_name is :{}".format(workflow_name))
 
@@ -558,7 +586,7 @@ class ClusterLcm(GitOpsLcm):
 
         # Clean items used in the workflow, no matter if the workflow succeeded
         clean_status, clean_msg = await self.odu.clean_items_workflow(
-            "register_cluster", op_id, op_params, content
+            "register_cluster", op_id, op_params, db_cluster_copy
         )
         self.logger.info(
             f"clean_status is :{clean_status} and clean_msg is :{clean_msg}"
@@ -566,7 +594,7 @@ class ClusterLcm(GitOpsLcm):
 
         if workflow_status:
             resource_status, resource_msg = await self.check_resource_status(
-                "register_cluster", op_id, op_params, content
+                "register_cluster", op_id, op_params, db_cluster_copy
             )
             self.logger.info(
                 "resource_status is :{} and resource_msg is :{}".format(
@@ -583,7 +611,6 @@ class ClusterLcm(GitOpsLcm):
             db_cluster, workflow_status, resource_status
         )
         self.db.set_one("clusters", {"_id": db_cluster["_id"]}, db_cluster)
-        self.update_profile_state(db_cluster, workflow_status, resource_status)
         return
 
     async def deregister(self, op_id, op_params, content):
@@ -681,8 +708,14 @@ class ClusterLcm(GitOpsLcm):
         self.logger.info("Cluster update Enter")
         db_cluster = content["cluster"]
 
+        db_cluster_copy = self.decrypting_key(db_cluster)
+
+        # vim account details
+        db_vim = self.db.get_one("vim_accounts", {"name": db_cluster["vim_account"]})
+        db_cluster_copy["vim_account"] = db_vim
+
         _, workflow_name = await self.odu.launch_workflow(
-            "update_cluster", op_id, op_params, content
+            "update_cluster", op_id, op_params, db_cluster_copy
         )
         workflow_status, workflow_msg = await self.odu.check_workflow_status(
             workflow_name
@@ -705,14 +738,14 @@ class ClusterLcm(GitOpsLcm):
 
         # Clean items used in the workflow, no matter if the workflow succeeded
         clean_status, clean_msg = await self.odu.clean_items_workflow(
-            "update_cluster", op_id, op_params, content
+            "update_cluster", op_id, op_params, db_cluster_copy
         )
         self.logger.info(
             f"clean_status is :{clean_status} and clean_msg is :{clean_msg}"
         )
         if workflow_status:
             resource_status, resource_msg = await self.check_resource_status(
-                "update_cluster", op_id, op_params, content
+                "update_cluster", op_id, op_params, db_cluster_copy
             )
             self.logger.info(
                 "Resource Status: {} Resource Message: {}".format(
diff --git a/osm_lcm/lcm.py b/osm_lcm/lcm.py
index f4c8f32..68bdda9 100644
--- a/osm_lcm/lcm.py
+++ b/osm_lcm/lcm.py
@@ -762,6 +762,7 @@ class Lcm:
                 op_id = params["operation_id"]
                 cluster_id = params["cluster_id"]
                 db_cluster = self.db.get_one("clusters", {"_id": cluster_id})
+                """
                 if command in (
                     "create",
                     "created",
@@ -777,6 +778,7 @@ class Lcm:
                         schema_version="1.11",
                         salt=cluster_id,
                     )
+                """
                 op_params = self.get_operation_params(db_cluster, op_id)
                 db_content = {
                     "cluster": db_cluster,
@@ -784,10 +786,12 @@ class Lcm:
             if command == "create" or command == "created":
                 self.logger.debug("cluster_id = {}".format(cluster_id))
                 # db_vim = self.db.get_one("vim_accounts", {"_id": db_cluster["vim_account"]})
+                """
                 db_vim = self.db.get_one(
                     "vim_accounts", {"name": db_cluster["vim_account"]}
                 )
                 db_content["vim_account"] = db_vim
+                """
                 task = asyncio.ensure_future(
                     self.cluster.create(op_id, op_params, db_content)
                 )
-- 
2.25.1