diff --git a/etc/murano-api.conf b/etc/murano-api.conf index aa652b6b..85e9c351 100644 --- a/etc/murano-api.conf +++ b/etc/murano-api.conf @@ -45,13 +45,16 @@ ssl = False ca_certs = # RabbitMQ credentials. Fresh RabbitMQ installation has "guest" account with "guest" password -# It is recommended to create dedicated user account for Murano using RabbitMQ web console or command line utility -login = guest -password = guest +# It's assumed here that default credentials were changed in accordance with this config. +# You can use rabbitmqctl add_user ... command for that. +# It is recommended to change default credentials for Murano using RabbitMQ web console or command line utility. +login = muranouser +password = murano -#RabbitMQ virtual host (vhost). Fresh RabbitMQ installation has "/" vhost preconfigured. -# It is recommended to create dedicated vhost for Murano using RabbitMQ web console or command line utility -virtual_host = / +# RabbitMQ virtual host (vhost). Fresh RabbitMQ installation has "/" vhost preconfigured. +# It's assumed here that default vhost was changed in accordance with this config. +# You can use rabbitmqctl add_vhost ... command for that. +virtual_host = muranovhost [ssl] #Parameters to configure SSL for trusted HTTPS connection diff --git a/muranoapi/api/v1/services.py b/muranoapi/api/v1/services.py index e8566d04..9d68983f 100644 --- a/muranoapi/api/v1/services.py +++ b/muranoapi/api/v1/services.py @@ -19,6 +19,7 @@ from muranoapi import utils from muranoapi.db.services.core_services import CoreServices from muranoapi.openstack.common import wsgi from muranoapi.openstack.common import log as logging +from muranocommon.helpers.token_sanitizer import TokenSanitizer log = logging.getLogger(__name__) @@ -55,8 +56,9 @@ class Controller(object): @utils.verify_session @normalize_path def post(self, request, environment_id, path, body): + secure_data = TokenSanitizer().sanitize(body) log.debug(_('Services:Post '.format(environment_id, body, path))) + 'Body: {1}>'.format(environment_id, secure_data, path))) post_data = CoreServices.post_data session_id = request.context.session diff --git a/muranoapi/common/service.py b/muranoapi/common/service.py index 546c6bcc..29490b85 100644 --- a/muranoapi/common/service.py +++ b/muranoapi/common/service.py @@ -17,6 +17,7 @@ from muranoapi.db.models import Status, Session, Environment, Deployment from muranoapi.db.session import get_session from muranoapi.openstack.common import log as logging, timeutils, service from muranoapi.common import config +from muranocommon.helpers.token_sanitizer import TokenSanitizer from muranocommon.messaging import MqClient from sqlalchemy import desc import eventlet @@ -83,8 +84,9 @@ class TaskResultHandlerService(service.Service): def handle_result(message): try: environment_result = message.body + secure_result = TokenSanitizer().sanitize(environment_result) log.debug(_('Got result message from ' - 'orchestration engine:\n{0}'.format(environment_result))) + 'orchestration engine:\n{0}'.format(secure_result))) if 'deleted' in environment_result: log.debug(_('Result for environment {0} is dropped. Environment ' diff --git a/muranoapi/db/services/sessions.py b/muranoapi/db/services/sessions.py index 2face7f8..ffe6a6f9 100644 --- a/muranoapi/db/services/sessions.py +++ b/muranoapi/db/services/sessions.py @@ -19,7 +19,6 @@ from muranoapi.db.session import get_session from muranocommon.helpers.token_sanitizer import TokenSanitizer from muranocommon.messaging import MqClient, Message - rabbitmq = config.CONF.rabbitmq SessionState = namedtuple('SessionState', ['open', 'deploying', 'deployed'])( @@ -27,11 +26,6 @@ SessionState = namedtuple('SessionState', ['open', 'deploying', 'deployed'])( ) -def secure_description(description): - sanitizer = TokenSanitizer() - return sanitizer.sanitize(description) - - class SessionServices(object): @staticmethod def get_sessions(environment_id, state=None): @@ -131,7 +125,8 @@ class SessionServices(object): session.state = SessionState.deploying deployment = Deployment() deployment.environment_id = environment['id'] - deployment.description = secure_description(dict(session.description)) + deployment.description = TokenSanitizer().sanitize( + dict(session.description)) status = Status() status.text = "Deployment scheduled" status.level = "info" diff --git a/requirements.txt b/requirements.txt index 2bbe8f63..52d43e97 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,7 @@ d2to1>=0.2.10,<0.3 pbr>=0.5,<0.6 Babel -SQLAlchemy>=0.7,<=0.7.9 +SQLAlchemy>=0.7.5,<=0.7.9 anyjson eventlet>=0.9.12 PasteDeploy @@ -31,4 +31,4 @@ passlib jsonschema==2.0.0 python-keystoneclient>=0.2.0 oslo.config -http://tarballs.openstack.org/murano-common/murano-common-release-0.2.tar.gz#egg=muranocommon-dev \ No newline at end of file +murano-common>=0.2.2 \ No newline at end of file