From 6e88d9c5c887a4a1a6c848ce77c8800f11454445 Mon Sep 17 00:00:00 2001
From: garciadeblas <gerardo.garciadeblas@telefonica.com>
Date: Thu, 15 Aug 2024 10:55:04 +0200
Subject: [PATCH] Add age keypair generation for clusters and profiles

Change-Id: I0b30129e46cd7d9bee4861943ff255aaa711e517
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
---
 osm_nbi/base_topic.py | 17 +++++++++++++++++
 osm_nbi/k8s_topics.py |  8 ++++++++
 requirements.in       |  1 +
 requirements.txt      |  2 ++
 tox.ini               |  2 +-
 5 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/osm_nbi/base_topic.py b/osm_nbi/base_topic.py
index 10ad1d6..48fe1dc 100644
--- a/osm_nbi/base_topic.py
+++ b/osm_nbi/base_topic.py
@@ -13,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+from pyrage import x25519
 import logging
 import random
 import string
@@ -696,6 +697,13 @@ class BaseTopic:
             )
 
             _id = self.db.create(self.topic, profile_create)
+            pubkey, privkey = self._generate_age_key()
+            profile_create["age_pubkey"] = self.db.encrypt(
+                pubkey, schema_version="1.11", salt=_id
+            )
+            profile_create["age_privkey"] = self.db.encrypt(
+                privkey, schema_version="1.11", salt=_id
+            )
             rollback.append({"topic": self.topic, "_id": _id})
             self.db.set_one(self.topic, {"_id": _id}, profile_create)
             if op_id:
@@ -1006,3 +1014,12 @@ class BaseTopic:
                     profile_ids.remove(_id)
                     update_dict = {profile_type: profile_ids}
                     self.db.set_one("clusters", filter_q, update_dict)
+
+    def _generate_age_key(self):
+        ident = x25519.Identity.generate()
+        # gets the public key
+        pubkey = ident.to_public()
+        # gets the private key
+        privkey = str(ident)
+        # return both public and private key
+        return pubkey, privkey
diff --git a/osm_nbi/k8s_topics.py b/osm_nbi/k8s_topics.py
index b065c12..2011187 100644
--- a/osm_nbi/k8s_topics.py
+++ b/osm_nbi/k8s_topics.py
@@ -228,6 +228,14 @@ class K8sTopic(BaseTopic):
                 operation_params,
             )
             _id = self.db.create(self.topic, cls_create)
+            pubkey, privkey = self._generate_age_key()
+            cls_create["age_pubkey"] = self.db.encrypt(
+                pubkey, schema_version="1.11", salt=_id
+            )
+            cls_create["age_privkey"] = self.db.encrypt(
+                privkey, schema_version="1.11", salt=_id
+            )
+            # TODO: set age_pubkey and age_privkey in the default profiles
             rollback.append({"topic": self.topic, "_id": _id})
             self.db.set_one("clusters", {"_id": _id}, cls_create)
             self._send_msg("create", {"cluster_id": _id, "operation_id": op_id})
diff --git a/requirements.in b/requirements.in
index 9096b53..624c559 100644
--- a/requirements.in
+++ b/requirements.in
@@ -16,6 +16,7 @@ CherryPy>=18.1.2
 deepdiff
 jsonschema>=3.2.0
 python-keystoneclient
+pyrage
 pyyaml>6
 requests
 tacacs_plus
diff --git a/requirements.txt b/requirements.txt
index a477552..a068e78 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -128,6 +128,8 @@ portend==3.2.0
     # via cherrypy
 pyparsing==3.1.2
     # via oslo-utils
+pyrage==1.1.2
+    # via -r requirements.in
 python-dateutil==2.9.0.post0
     # via tempora
 python-keystoneclient==5.4.0
diff --git a/tox.ini b/tox.ini
index 3c0217e..0d7fe8c 100644
--- a/tox.ini
+++ b/tox.ini
@@ -65,7 +65,7 @@ deps =  {[testenv]deps}
         -r{toxinidir}/requirements-test.txt
         pylint
 commands =
-        pylint -E osm_nbi
+        pylint -E osm_nbi --extension-pkg-allow-list=pyrage
 
 
 #######################################################################################
-- 
2.25.1