Add password authentification in monasca-api with Cassandra

Add the support to configure user and password in monasca api and enforce
the authetification when connecting to cassandra db when the user and
password is set.

Change-Id: I9e6689e0e8e6e97d5cff3a59aecb53483ec320bd
story: 2001471
task: 6191

AUTHORS

@@ -8,6 +8,7 @@ Anh Tran <anhtt@vn.fujitsu.com>
 Artur Basiak <artur.basiak@ts.fujitsu.com>
 Ben Motz <bmotz@cray.com>
 Bertrand Lallau <bertrand.lallau@thalesgroup.com>
+Boris Bobrov <bbobrov@suse.com>
 Brad Klein <bradley.klein@twcable.com>
 Cao Xuan Hoang <hoangcx@vn.fujitsu.com>
 Christoph Held <christoph.held@est.fujitsu.com>
@@ -69,6 +70,7 @@ Ryan Bak <ryan.bak@twcable.com>
 Ryan Brandt <ryan.brandt@hp.com>
 SamKirsch10 <sam.kirsch@hp.com>
 Scott Grasley <scott.grasley@suse.com>
+Sean McGinnis <sean.mcginnis@huawei.com>
 Shinya Kawabata <s-kawabata@wx.jp.nec.com>
 Srinivas Sakhamuri <srini.openstack@gmail.com>
 Stefano Canepa <stefano.canepa@hp.com>
@@ -96,6 +98,7 @@ gecong1973 <ge.cong@zte.com.cn>
 haali1 <haneef.ali@hp.com>
 henriquetruta <henrique@lsd.ufcg.edu.br>
 hochmuth <roland.hochmuth@hp.com>
+inspurericzhang <zhanglf01@inspur.com>
 ji-xuepeng <ji.xuepeng@zte.com.cn>
 kaiyan-sheng <kaiyan.sheng@hp.com>
 liu-sheng <liusheng@huawei.com>

devstack/files/monasca-persister/persister.yml

@@ -64,8 +64,8 @@ cassandraDbConfiguration:
   contactPoints:
     - %CASSANDRADB_HOST%
   port: 9042
-  user: mon_persister
-  password: password
+  user: cassandra
+  password: cassandra
   keyspace: monasca
   localDataCenter: datacenter1
   maxConnections: 5

monasca_api/common/repositories/cassandra/metrics_repository.py

@@ -1,5 +1,5 @@
 # (C) Copyright 2015,2016 Hewlett Packard Enterprise Development Company LP
-# (C) Copyright 2017 SUSE LLC
+# (C) Copyright 2017-2018 SUSE LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
@@ -20,6 +20,7 @@ from datetime import timedelta
 import itertools
 import urllib
 
+from cassandra.auth import PlainTextAuthProvider
 from cassandra.cluster import Cluster
 from cassandra.query import FETCH_SIZE_UNSET
 from cassandra.query import SimpleStatement
@@ -107,7 +108,14 @@ class MetricsRepository(metrics_repository.AbstractMetricsRepository):
 
         try:
             self.conf = cfg.CONF
-            self.cluster = Cluster(self.conf.cassandra.contact_points)
+
+            if self.conf.cassandra.user:
+                auth_provider = PlainTextAuthProvider(username=self.conf.cassandra.user,
+                                                      password=self.conf.cassandra.password)
+            else:
+                auth_provider = None
+
+            self.cluster = Cluster(self.conf.cassandra.contact_points, auth_provider=auth_provider)
             self.session = self.cluster.connect(self.conf.cassandra.keyspace)
 
             self.dim_val_by_metric_stmt = self.session.prepare(DIMENSION_VALUE_BY_METRIC_CQL)

monasca_api/conf/cassandra.py

@@ -1,7 +1,7 @@
 # Copyright 2014 IBM Corp.
 # Copyright 2016-2017 FUJITSU LIMITED
 # (C) Copyright 2016-2017 Hewlett Packard Enterprise Development LP
-# (C) Copyright 2017 SUSE LLC
+# (C) Copyright 2017-2018 SUSE LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
@@ -28,6 +28,14 @@ Comma separated list of Cassandra node IP addresses
     cfg.StrOpt('keyspace', default='monasca',
                help='''
 keyspace where metric are stored
+'''),
+    cfg.StrOpt('user', default='',
+               help='''
+Cassandra user for monasca-api service
+'''),
+    cfg.StrOpt('password', default='', secret=True,
+               help='''
+Cassandra user password for monasca-api service
 ''')
 ]
 

monasca_api/tests/test_repositories.py

@@ -20,6 +20,7 @@ from collections import namedtuple
 from datetime import datetime
 
 import cassandra
+from cassandra.auth import PlainTextAuthProvider
 from mock import patch
 
 from oslo_config import cfg
@@ -213,6 +214,24 @@ class TestRepoMetricsCassandra(base.BaseTestCase):
         self.conf_default(contact_points='127.0.0.1',
                           group='cassandra')
 
+    @patch("monasca_api.common.repositories.cassandra."
+           "metrics_repository.Cluster.connect")
+    def test_init(self, cassandra_connect_mock):
+        repo = cassandra_repo.MetricsRepository()
+        self.assertIsNone(
+            repo.cluster.auth_provider,
+            'cassandra cluster auth provider is expected to None'
+        )
+
+        repo.conf.cassandra.user = 'cassandra'
+        repo.conf.cassandra.password = 'cassandra'
+        repo = cassandra_repo.MetricsRepository()
+        self.assertIsInstance(
+            repo.cluster.auth_provider,
+            PlainTextAuthProvider,
+            'cassandra cluster auth provider is expected to be PlainTextAuthProvider'
+        )
+
     @patch("monasca_api.common.repositories.cassandra."
            "metrics_repository.Cluster.connect")
     def test_list_metrics(self, cassandra_connect_mock):