2013-01-24 12:00:30 -06:00
|
|
|
# Copyright 2011-2013 OpenStack, LLC.
|
Keyring support for openstackclient.
Bug: 1030440
If password is defined in keyring, use it; otherwise, prompt for the
password. Keying is configured using command line switch,
--os-use-keyring or env(OS_USE_KEYRING).
* openstackclient/common/openstackkeyring.py
The abstract class for keyring, specifically for openstack. The
class is used to store encrypted password in keyring, without
prompting for keyring password. The encrypted password is
stored in ~/.openstack-keyring.cfg file.
* openstack-common.py
Update openstackkeyring library from openstack.common.
* openstackclient/shell.py
OpenStackClient.build_option_parser(): New boolean argument,
--os-use-keyring, default to env(OS_USE_KEYRING).
OpenStackClient.authenticate_user(): Get password from keyring,
if it is defined; otherwise, prompt for the password. If user
enter a password and keyring is enabled, store it in keyring.
OpenStackClient.init_keyring_backend(): New method to define
openstack backend for keyring.
OpenStackClient.get_password_from_keyring(): New method to
get password from keyring.
OpenStackClient.set_password_in_keyring(): New method go set
password in keyring.
* toos/pip-requires
Define keyring and pycrypto as one of dependent.
Change-Id: I36d3a63054658c0ef0553d68b38fefbc236930ef
2012-07-08 16:06:32 -07:00
|
|
|
#
|
2013-01-24 12:00:30 -06:00
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
|
|
# not use this file except in compliance with the License. You may obtain
|
|
|
|
|
# a copy of the License at
|
Keyring support for openstackclient.
Bug: 1030440
If password is defined in keyring, use it; otherwise, prompt for the
password. Keying is configured using command line switch,
--os-use-keyring or env(OS_USE_KEYRING).
* openstackclient/common/openstackkeyring.py
The abstract class for keyring, specifically for openstack. The
class is used to store encrypted password in keyring, without
prompting for keyring password. The encrypted password is
stored in ~/.openstack-keyring.cfg file.
* openstack-common.py
Update openstackkeyring library from openstack.common.
* openstackclient/shell.py
OpenStackClient.build_option_parser(): New boolean argument,
--os-use-keyring, default to env(OS_USE_KEYRING).
OpenStackClient.authenticate_user(): Get password from keyring,
if it is defined; otherwise, prompt for the password. If user
enter a password and keyring is enabled, store it in keyring.
OpenStackClient.init_keyring_backend(): New method to define
openstack backend for keyring.
OpenStackClient.get_password_from_keyring(): New method to
get password from keyring.
OpenStackClient.set_password_in_keyring(): New method go set
password in keyring.
* toos/pip-requires
Define keyring and pycrypto as one of dependent.
Change-Id: I36d3a63054658c0ef0553d68b38fefbc236930ef
2012-07-08 16:06:32 -07:00
|
|
|
#
|
2013-01-24 12:00:30 -06:00
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
Keyring support for openstackclient.
Bug: 1030440
If password is defined in keyring, use it; otherwise, prompt for the
password. Keying is configured using command line switch,
--os-use-keyring or env(OS_USE_KEYRING).
* openstackclient/common/openstackkeyring.py
The abstract class for keyring, specifically for openstack. The
class is used to store encrypted password in keyring, without
prompting for keyring password. The encrypted password is
stored in ~/.openstack-keyring.cfg file.
* openstack-common.py
Update openstackkeyring library from openstack.common.
* openstackclient/shell.py
OpenStackClient.build_option_parser(): New boolean argument,
--os-use-keyring, default to env(OS_USE_KEYRING).
OpenStackClient.authenticate_user(): Get password from keyring,
if it is defined; otherwise, prompt for the password. If user
enter a password and keyring is enabled, store it in keyring.
OpenStackClient.init_keyring_backend(): New method to define
openstack backend for keyring.
OpenStackClient.get_password_from_keyring(): New method to
get password from keyring.
OpenStackClient.set_password_in_keyring(): New method go set
password in keyring.
* toos/pip-requires
Define keyring and pycrypto as one of dependent.
Change-Id: I36d3a63054658c0ef0553d68b38fefbc236930ef
2012-07-08 16:06:32 -07:00
|
|
|
#
|
2013-01-24 12:00:30 -06:00
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
|
|
|
# License for the specific language governing permissions and limitations
|
|
|
|
|
# under the License.
|
Keyring support for openstackclient.
Bug: 1030440
If password is defined in keyring, use it; otherwise, prompt for the
password. Keying is configured using command line switch,
--os-use-keyring or env(OS_USE_KEYRING).
* openstackclient/common/openstackkeyring.py
The abstract class for keyring, specifically for openstack. The
class is used to store encrypted password in keyring, without
prompting for keyring password. The encrypted password is
stored in ~/.openstack-keyring.cfg file.
* openstack-common.py
Update openstackkeyring library from openstack.common.
* openstackclient/shell.py
OpenStackClient.build_option_parser(): New boolean argument,
--os-use-keyring, default to env(OS_USE_KEYRING).
OpenStackClient.authenticate_user(): Get password from keyring,
if it is defined; otherwise, prompt for the password. If user
enter a password and keyring is enabled, store it in keyring.
OpenStackClient.init_keyring_backend(): New method to define
openstack backend for keyring.
OpenStackClient.get_password_from_keyring(): New method to
get password from keyring.
OpenStackClient.set_password_in_keyring(): New method go set
password in keyring.
* toos/pip-requires
Define keyring and pycrypto as one of dependent.
Change-Id: I36d3a63054658c0ef0553d68b38fefbc236930ef
2012-07-08 16:06:32 -07:00
|
|
|
#
|
|
|
|
|
|
2014-02-13 16:42:04 +08:00
|
|
|
"""Keyring backend for OpenStack, to store encrypted password in a file."""
|
Keyring support for openstackclient.
Bug: 1030440
If password is defined in keyring, use it; otherwise, prompt for the
password. Keying is configured using command line switch,
--os-use-keyring or env(OS_USE_KEYRING).
* openstackclient/common/openstackkeyring.py
The abstract class for keyring, specifically for openstack. The
class is used to store encrypted password in keyring, without
prompting for keyring password. The encrypted password is
stored in ~/.openstack-keyring.cfg file.
* openstack-common.py
Update openstackkeyring library from openstack.common.
* openstackclient/shell.py
OpenStackClient.build_option_parser(): New boolean argument,
--os-use-keyring, default to env(OS_USE_KEYRING).
OpenStackClient.authenticate_user(): Get password from keyring,
if it is defined; otherwise, prompt for the password. If user
enter a password and keyring is enabled, store it in keyring.
OpenStackClient.init_keyring_backend(): New method to define
openstack backend for keyring.
OpenStackClient.get_password_from_keyring(): New method to
get password from keyring.
OpenStackClient.set_password_in_keyring(): New method go set
password in keyring.
* toos/pip-requires
Define keyring and pycrypto as one of dependent.
Change-Id: I36d3a63054658c0ef0553d68b38fefbc236930ef
2012-07-08 16:06:32 -07:00
|
|
|
|
|
|
|
|
from Crypto.Cipher import AES
|
|
|
|
|
|
|
|
|
|
import keyring
|
|
|
|
|
import os
|
|
|
|
|
|
2013-01-31 13:31:41 -06:00
|
|
|
|
Keyring support for openstackclient.
Bug: 1030440
If password is defined in keyring, use it; otherwise, prompt for the
password. Keying is configured using command line switch,
--os-use-keyring or env(OS_USE_KEYRING).
* openstackclient/common/openstackkeyring.py
The abstract class for keyring, specifically for openstack. The
class is used to store encrypted password in keyring, without
prompting for keyring password. The encrypted password is
stored in ~/.openstack-keyring.cfg file.
* openstack-common.py
Update openstackkeyring library from openstack.common.
* openstackclient/shell.py
OpenStackClient.build_option_parser(): New boolean argument,
--os-use-keyring, default to env(OS_USE_KEYRING).
OpenStackClient.authenticate_user(): Get password from keyring,
if it is defined; otherwise, prompt for the password. If user
enter a password and keyring is enabled, store it in keyring.
OpenStackClient.init_keyring_backend(): New method to define
openstack backend for keyring.
OpenStackClient.get_password_from_keyring(): New method to
get password from keyring.
OpenStackClient.set_password_in_keyring(): New method go set
password in keyring.
* toos/pip-requires
Define keyring and pycrypto as one of dependent.
Change-Id: I36d3a63054658c0ef0553d68b38fefbc236930ef
2012-07-08 16:06:32 -07:00
|
|
|
KEYRING_FILE = os.path.join(os.path.expanduser('~'), '.openstack-keyring.cfg')
|
|
|
|
|
|
|
|
|
|
|
2014-02-13 16:42:04 +08:00
|
|
|
class OpenStackKeyring(keyring.backends.file.BaseKeyring):
|
|
|
|
|
"""OpenStack Keyring to store encrypted password."""
|
Keyring support for openstackclient.
Bug: 1030440
If password is defined in keyring, use it; otherwise, prompt for the
password. Keying is configured using command line switch,
--os-use-keyring or env(OS_USE_KEYRING).
* openstackclient/common/openstackkeyring.py
The abstract class for keyring, specifically for openstack. The
class is used to store encrypted password in keyring, without
prompting for keyring password. The encrypted password is
stored in ~/.openstack-keyring.cfg file.
* openstack-common.py
Update openstackkeyring library from openstack.common.
* openstackclient/shell.py
OpenStackClient.build_option_parser(): New boolean argument,
--os-use-keyring, default to env(OS_USE_KEYRING).
OpenStackClient.authenticate_user(): Get password from keyring,
if it is defined; otherwise, prompt for the password. If user
enter a password and keyring is enabled, store it in keyring.
OpenStackClient.init_keyring_backend(): New method to define
openstack backend for keyring.
OpenStackClient.get_password_from_keyring(): New method to
get password from keyring.
OpenStackClient.set_password_in_keyring(): New method go set
password in keyring.
* toos/pip-requires
Define keyring and pycrypto as one of dependent.
Change-Id: I36d3a63054658c0ef0553d68b38fefbc236930ef
2012-07-08 16:06:32 -07:00
|
|
|
filename = KEYRING_FILE
|
|
|
|
|
|
|
|
|
|
def supported(self):
|
2013-01-31 13:31:41 -06:00
|
|
|
"""Applicable for all platforms, but not recommend."""
|
Keyring support for openstackclient.
Bug: 1030440
If password is defined in keyring, use it; otherwise, prompt for the
password. Keying is configured using command line switch,
--os-use-keyring or env(OS_USE_KEYRING).
* openstackclient/common/openstackkeyring.py
The abstract class for keyring, specifically for openstack. The
class is used to store encrypted password in keyring, without
prompting for keyring password. The encrypted password is
stored in ~/.openstack-keyring.cfg file.
* openstack-common.py
Update openstackkeyring library from openstack.common.
* openstackclient/shell.py
OpenStackClient.build_option_parser(): New boolean argument,
--os-use-keyring, default to env(OS_USE_KEYRING).
OpenStackClient.authenticate_user(): Get password from keyring,
if it is defined; otherwise, prompt for the password. If user
enter a password and keyring is enabled, store it in keyring.
OpenStackClient.init_keyring_backend(): New method to define
openstack backend for keyring.
OpenStackClient.get_password_from_keyring(): New method to
get password from keyring.
OpenStackClient.set_password_in_keyring(): New method go set
password in keyring.
* toos/pip-requires
Define keyring and pycrypto as one of dependent.
Change-Id: I36d3a63054658c0ef0553d68b38fefbc236930ef
2012-07-08 16:06:32 -07:00
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
def _init_crypter(self):
|
2013-01-31 13:31:41 -06:00
|
|
|
"""Initialize the crypter using the class name."""
|
Keyring support for openstackclient.
Bug: 1030440
If password is defined in keyring, use it; otherwise, prompt for the
password. Keying is configured using command line switch,
--os-use-keyring or env(OS_USE_KEYRING).
* openstackclient/common/openstackkeyring.py
The abstract class for keyring, specifically for openstack. The
class is used to store encrypted password in keyring, without
prompting for keyring password. The encrypted password is
stored in ~/.openstack-keyring.cfg file.
* openstack-common.py
Update openstackkeyring library from openstack.common.
* openstackclient/shell.py
OpenStackClient.build_option_parser(): New boolean argument,
--os-use-keyring, default to env(OS_USE_KEYRING).
OpenStackClient.authenticate_user(): Get password from keyring,
if it is defined; otherwise, prompt for the password. If user
enter a password and keyring is enabled, store it in keyring.
OpenStackClient.init_keyring_backend(): New method to define
openstack backend for keyring.
OpenStackClient.get_password_from_keyring(): New method to
get password from keyring.
OpenStackClient.set_password_in_keyring(): New method go set
password in keyring.
* toos/pip-requires
Define keyring and pycrypto as one of dependent.
Change-Id: I36d3a63054658c0ef0553d68b38fefbc236930ef
2012-07-08 16:06:32 -07:00
|
|
|
block_size = 32
|
|
|
|
|
padding = '0'
|
|
|
|
|
|
2014-02-07 13:25:43 +08:00
|
|
|
# init the cipher with the class name, up to block_size
|
Keyring support for openstackclient.
Bug: 1030440
If password is defined in keyring, use it; otherwise, prompt for the
password. Keying is configured using command line switch,
--os-use-keyring or env(OS_USE_KEYRING).
* openstackclient/common/openstackkeyring.py
The abstract class for keyring, specifically for openstack. The
class is used to store encrypted password in keyring, without
prompting for keyring password. The encrypted password is
stored in ~/.openstack-keyring.cfg file.
* openstack-common.py
Update openstackkeyring library from openstack.common.
* openstackclient/shell.py
OpenStackClient.build_option_parser(): New boolean argument,
--os-use-keyring, default to env(OS_USE_KEYRING).
OpenStackClient.authenticate_user(): Get password from keyring,
if it is defined; otherwise, prompt for the password. If user
enter a password and keyring is enabled, store it in keyring.
OpenStackClient.init_keyring_backend(): New method to define
openstack backend for keyring.
OpenStackClient.get_password_from_keyring(): New method to
get password from keyring.
OpenStackClient.set_password_in_keyring(): New method go set
password in keyring.
* toos/pip-requires
Define keyring and pycrypto as one of dependent.
Change-Id: I36d3a63054658c0ef0553d68b38fefbc236930ef
2012-07-08 16:06:32 -07:00
|
|
|
password = __name__[block_size:]
|
2013-01-31 13:31:41 -06:00
|
|
|
password = password + (block_size - len(password) %
|
|
|
|
|
block_size) * padding
|
Keyring support for openstackclient.
Bug: 1030440
If password is defined in keyring, use it; otherwise, prompt for the
password. Keying is configured using command line switch,
--os-use-keyring or env(OS_USE_KEYRING).
* openstackclient/common/openstackkeyring.py
The abstract class for keyring, specifically for openstack. The
class is used to store encrypted password in keyring, without
prompting for keyring password. The encrypted password is
stored in ~/.openstack-keyring.cfg file.
* openstack-common.py
Update openstackkeyring library from openstack.common.
* openstackclient/shell.py
OpenStackClient.build_option_parser(): New boolean argument,
--os-use-keyring, default to env(OS_USE_KEYRING).
OpenStackClient.authenticate_user(): Get password from keyring,
if it is defined; otherwise, prompt for the password. If user
enter a password and keyring is enabled, store it in keyring.
OpenStackClient.init_keyring_backend(): New method to define
openstack backend for keyring.
OpenStackClient.get_password_from_keyring(): New method to
get password from keyring.
OpenStackClient.set_password_in_keyring(): New method go set
password in keyring.
* toos/pip-requires
Define keyring and pycrypto as one of dependent.
Change-Id: I36d3a63054658c0ef0553d68b38fefbc236930ef
2012-07-08 16:06:32 -07:00
|
|
|
return AES.new(password, AES.MODE_CFB)
|
|
|
|
|
|
|
|
|
|
def encrypt(self, password):
|
2013-01-31 13:31:41 -06:00
|
|
|
"""Encrypt the given password."""
|
Keyring support for openstackclient.
Bug: 1030440
If password is defined in keyring, use it; otherwise, prompt for the
password. Keying is configured using command line switch,
--os-use-keyring or env(OS_USE_KEYRING).
* openstackclient/common/openstackkeyring.py
The abstract class for keyring, specifically for openstack. The
class is used to store encrypted password in keyring, without
prompting for keyring password. The encrypted password is
stored in ~/.openstack-keyring.cfg file.
* openstack-common.py
Update openstackkeyring library from openstack.common.
* openstackclient/shell.py
OpenStackClient.build_option_parser(): New boolean argument,
--os-use-keyring, default to env(OS_USE_KEYRING).
OpenStackClient.authenticate_user(): Get password from keyring,
if it is defined; otherwise, prompt for the password. If user
enter a password and keyring is enabled, store it in keyring.
OpenStackClient.init_keyring_backend(): New method to define
openstack backend for keyring.
OpenStackClient.get_password_from_keyring(): New method to
get password from keyring.
OpenStackClient.set_password_in_keyring(): New method go set
password in keyring.
* toos/pip-requires
Define keyring and pycrypto as one of dependent.
Change-Id: I36d3a63054658c0ef0553d68b38fefbc236930ef
2012-07-08 16:06:32 -07:00
|
|
|
crypter = self._init_crypter()
|
|
|
|
|
return crypter.encrypt(password)
|
|
|
|
|
|
|
|
|
|
def decrypt(self, password_encrypted):
|
2013-01-31 13:31:41 -06:00
|
|
|
"""Decrypt the given password."""
|
Keyring support for openstackclient.
Bug: 1030440
If password is defined in keyring, use it; otherwise, prompt for the
password. Keying is configured using command line switch,
--os-use-keyring or env(OS_USE_KEYRING).
* openstackclient/common/openstackkeyring.py
The abstract class for keyring, specifically for openstack. The
class is used to store encrypted password in keyring, without
prompting for keyring password. The encrypted password is
stored in ~/.openstack-keyring.cfg file.
* openstack-common.py
Update openstackkeyring library from openstack.common.
* openstackclient/shell.py
OpenStackClient.build_option_parser(): New boolean argument,
--os-use-keyring, default to env(OS_USE_KEYRING).
OpenStackClient.authenticate_user(): Get password from keyring,
if it is defined; otherwise, prompt for the password. If user
enter a password and keyring is enabled, store it in keyring.
OpenStackClient.init_keyring_backend(): New method to define
openstack backend for keyring.
OpenStackClient.get_password_from_keyring(): New method to
get password from keyring.
OpenStackClient.set_password_in_keyring(): New method go set
password in keyring.
* toos/pip-requires
Define keyring and pycrypto as one of dependent.
Change-Id: I36d3a63054658c0ef0553d68b38fefbc236930ef
2012-07-08 16:06:32 -07:00
|
|
|
crypter = self._init_crypter()
|
|
|
|
|
return crypter.decrypt(password_encrypted)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def os_keyring():
|
2013-01-31 13:31:41 -06:00
|
|
|
"""Initialize the openstack keyring."""
|
2014-02-13 16:42:04 +08:00
|
|
|
ring = 'openstackclient.common.openstackkeyring.OpenStackKeyring'
|
2014-01-23 09:33:06 -07:00
|
|
|
return keyring.core.load_keyring(None, ring)
|