From e27def0d99cc73c5c0b7550a28e95abd6c1cd996 Mon Sep 17 00:00:00 2001 From: Benjamin Diaz Date: Thu, 15 Nov 2018 14:17:17 -0300 Subject: [PATCH] Adds support for OSMMON_DATABASE_COMMONKEY to decrypt vim passwords When vim_accounts msgs arrive in the Kafka bus, vim password is decrypted and stored in the SQL database. The ideal scenario would be to store it encrypted in the SQL DB and decrypt it on demand, but that would require to store the schema_version, instantiate a DbMongo client everywhere it is needed and a few other modifications that would severely pollute the codebase. There needs to be a modification in the future on the osm_common side to make this more doable. Signed-off-by: Benjamin Diaz --- docker/Dockerfile | 1 + osm_mon/common/common_db_client.py | 6 +++++- osm_mon/core/message_bus/common_consumer.py | 3 +++ osm_mon/core/settings.py | 1 + 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 2cf98cb..8c342db 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -47,6 +47,7 @@ ENV OSMMON_KAFKA_LOG_LEVEL INFO ENV OSMMON_VCA_HOST localhost ENV OSMMON_VCA_SECRET secret ENV OSMMON_VCA_USER admin +ENV OSMMON_DATABASE_COMMONKEY changeme EXPOSE 8662 8000 diff --git a/osm_mon/common/common_db_client.py b/osm_mon/common/common_db_client.py index 71d1306..716f170 100644 --- a/osm_mon/common/common_db_client.py +++ b/osm_mon/common/common_db_client.py @@ -32,7 +32,8 @@ class CommonDbClient: self.common_db = dbmongo.DbMongo() self.common_db.db_connect({'host': cfg.MONGO_URI.split(':')[0], 'port': int(cfg.MONGO_URI.split(':')[1]), - 'name': 'osm'}) + 'name': 'osm', + 'commonkey': cfg.OSMMON_DATABASE_COMMONKEY}) def get_vnfr(self, nsr_id: str, member_index: int): vnfr = self.common_db.get_one("vnfrs", @@ -68,3 +69,6 @@ class CommonDbClient: return vdur raise ValueError('vdur not found for nsr-id %s, member_index %s and vdu_name %s', nsr_id, member_index, vdu_name) + + def decrypt_vim_password(self, vim_password: str, schema_version: str, vim_id: str): + return self.common_db.decrypt(vim_password, schema_version, vim_id) diff --git a/osm_mon/core/message_bus/common_consumer.py b/osm_mon/core/message_bus/common_consumer.py index e32fa2b..3a95c76 100755 --- a/osm_mon/core/message_bus/common_consumer.py +++ b/osm_mon/core/message_bus/common_consumer.py @@ -121,6 +121,9 @@ class CommonConsumer: if message.topic == "vim_account": if message.key == "create" or message.key == "edit": + values['vim_password'] = self.common_db.decrypt_vim_password(values['vim_password'], + values['schema_version'], + values['_id']) self.auth_manager.store_auth_credentials(values) if message.key == "delete": self.auth_manager.delete_auth_credentials(values) diff --git a/osm_mon/core/settings.py b/osm_mon/core/settings.py index a7599cc..f8dfaa2 100644 --- a/osm_mon/core/settings.py +++ b/osm_mon/core/settings.py @@ -71,6 +71,7 @@ class Config(object): CfgParam('OSMMON_VCA_HOST', "localhost", six.text_type), CfgParam('OSMMON_VCA_SECRET', "secret", six.text_type), CfgParam('OSMMON_VCA_USER', "admin", six.text_type), + CfgParam('OSMMON_DATABASE_COMMONKEY', "changeme", six.text_type), ] _config_dict = {cfg.key: cfg for cfg in _configuration} -- 2.25.1