projects / osm / NBI.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fix bug 802 encrypt vrops_password at vim_account for schema_version=1.11
[osm/NBI.git] / osm_nbi / admin_topics.py
diff --git a/osm_nbi/admin_topics.py b/osm_nbi/admin_topics.py
index 7d1e85d..5008c60 100644 (file)
--- a/osm_nbi/admin_topics.py
+++ b/osm_nbi/admin_topics.py
@@ -18,16 +18,13 @@ from uuid import uuid4
 from hashlib import sha256
 from http import HTTPStatus
 from time import time
-from validation import user_new_schema, user_edit_schema, project_new_schema, project_edit_schema
-from validation import vim_account_new_schema, vim_account_edit_schema, sdn_new_schema, sdn_edit_schema
-from validation import wim_account_new_schema, wim_account_edit_schema, roles_new_schema, roles_edit_schema
-from validation import validate_input
-from validation import ValidationError
-from validation import is_valid_uuid    # To check that User/Project Names don't look like UUIDs
-from base_topic import BaseTopic, EngineException
+from osm_nbi.validation import user_new_schema, user_edit_schema, project_new_schema, project_edit_schema, \
+    vim_account_new_schema, vim_account_edit_schema, sdn_new_schema, sdn_edit_schema, \
+    wim_account_new_schema, wim_account_edit_schema, roles_new_schema, roles_edit_schema, \
+    validate_input, ValidationError, is_valid_uuid    # To check that User/Project Names don't look like UUIDs
+from osm_nbi.base_topic import BaseTopic, EngineException
+from osm_nbi.authconn import AuthconnNotFoundException, AuthconnConflictException
 from osm_common.dbbase import deep_update_rfc7396
-from authconn import AuthconnNotFoundException, AuthconnConflictException
-# from authconn_keystone import AuthconnKeystone
 
 __author__ = "Alfonso Tierno <alfonso.tiernosepulveda@telefonica.com>"
 
@@ -201,7 +198,7 @@ class ProjectTopic(BaseTopic):
 
 class CommonVimWimSdn(BaseTopic):
     """Common class for VIM, WIM SDN just to unify methods that are equal to all of them"""
-    config_to_encrypt = ()     # what keys at config must be encrypted because contains passwords
+    config_to_encrypt = {}     # what keys at config must be encrypted because contains passwords
     password_to_encrypt = ""   # key that contains a password
 
     @staticmethod
@@ -258,8 +255,10 @@ class CommonVimWimSdn(BaseTopic):
                 final_content[self.password_to_encrypt] = self.db.encrypt(edit_content[self.password_to_encrypt],
                                                                           schema_version=schema_version,
                                                                           salt=final_content["_id"])
-            if edit_content.get("config") and self.config_to_encrypt:
-                for p in self.config_to_encrypt:
+            config_to_encrypt_keys = self.config_to_encrypt.get(schema_version) or self.config_to_encrypt.get("default")
+            if edit_content.get("config") and config_to_encrypt_keys:
+
+                for p in config_to_encrypt_keys:
                     if edit_content["config"].get(p):
                         final_content["config"][p] = self.db.encrypt(edit_content["config"][p],
                                                                      schema_version=schema_version,
@@ -278,15 +277,16 @@ class CommonVimWimSdn(BaseTopic):
         :return: op_id: operation id on asynchronous operation, None otherwise. In addition content is modified
         """
         super().format_on_new(content, project_id=project_id, make_public=make_public)
-        content["schema_version"] = schema_version = "1.1"
+        content["schema_version"] = schema_version = "1.11"
 
         # encrypt passwords
         if content.get(self.password_to_encrypt):
             content[self.password_to_encrypt] = self.db.encrypt(content[self.password_to_encrypt],
                                                                 schema_version=schema_version,
                                                                 salt=content["_id"])
-        if content.get("config") and self.config_to_encrypt:
-            for p in self.config_to_encrypt:
+        config_to_encrypt_keys = self.config_to_encrypt.get(schema_version) or self.config_to_encrypt.get("default")
+        if content.get("config") and config_to_encrypt_keys:
+            for p in config_to_encrypt_keys:
                 if content["config"].get(p):
                     content["config"][p] = self.db.encrypt(content["config"][p],
                                                            schema_version=schema_version,
@@ -363,7 +363,8 @@ class VimAccountTopic(CommonVimWimSdn):
     schema_edit = vim_account_edit_schema
     multiproject = True
     password_to_encrypt = "vim_password"
-    config_to_encrypt = ("admin_password", "nsx_password", "vcenter_password")
+    config_to_encrypt = {"1.1": ("admin_password", "nsx_password", "vcenter_password"),
+                         "default": ("admin_password", "nsx_password", "vcenter_password", "vrops_password")}
 
 
 class WimAccountTopic(CommonVimWimSdn):
@@ -373,7 +374,7 @@ class WimAccountTopic(CommonVimWimSdn):
     schema_edit = wim_account_edit_schema
     multiproject = True
     password_to_encrypt = "wim_password"
-    config_to_encrypt = ()
+    config_to_encrypt = {}
 
 
 class SdnTopic(CommonVimWimSdn):
@@ -383,7 +384,7 @@ class SdnTopic(CommonVimWimSdn):
     schema_edit = sdn_edit_schema
     multiproject = True
     password_to_encrypt = "password"
-    config_to_encrypt = ()
+    config_to_encrypt = {}
 
 
 class UserTopicAuth(UserTopic):