Merge "add cdh plugin passwords to key manager"
This commit is contained in:
commit
f3e93763f6
|
@ -17,6 +17,8 @@ import abc
|
|||
|
||||
import six
|
||||
|
||||
from sahara.plugins.cdh import db_helper as dh
|
||||
|
||||
|
||||
@six.add_metaclass(abc.ABCMeta)
|
||||
class AbstractVersionHandler(object):
|
||||
|
@ -70,4 +72,4 @@ class AbstractVersionHandler(object):
|
|||
return
|
||||
|
||||
def on_terminate_cluster(self, cluster):
|
||||
pass
|
||||
dh.delete_passwords_from_keymanager(cluster)
|
||||
|
|
|
@ -19,26 +19,70 @@ import six
|
|||
|
||||
from sahara import conductor
|
||||
from sahara import context
|
||||
from sahara.service.castellan import utils as key_manager
|
||||
|
||||
CM_PASSWORD = 'cm_password'
|
||||
HIVE_DB_PASSWORD = 'hive_db_password'
|
||||
SENTRY_DB_PASSWORD = 'sentry_db_password'
|
||||
|
||||
conductor = conductor.API
|
||||
|
||||
|
||||
def delete_password_from_keymanager(cluster, pwname):
|
||||
"""delete the named password from the key manager
|
||||
|
||||
This function will lookup the named password in the cluster entry
|
||||
and delete it from the key manager.
|
||||
|
||||
:param cluster: The cluster record containing the password
|
||||
:param pwname: The name associated with the password
|
||||
"""
|
||||
ctx = context.ctx()
|
||||
cluster = conductor.cluster_get(ctx, cluster.id)
|
||||
key_id = cluster.extra.get(pwname) if cluster.extra else None
|
||||
if key_id is not None:
|
||||
key_manager.delete_key(key_id, ctx)
|
||||
|
||||
|
||||
def delete_passwords_from_keymanager(cluster):
|
||||
"""delete all passwords associated with a cluster
|
||||
|
||||
This function will remove all passwords stored in a cluster database
|
||||
entry from the key manager.
|
||||
|
||||
:param cluster: The cluster record containing the passwords
|
||||
"""
|
||||
delete_password_from_keymanager(cluster, CM_PASSWORD)
|
||||
delete_password_from_keymanager(cluster, HIVE_DB_PASSWORD)
|
||||
delete_password_from_keymanager(cluster, SENTRY_DB_PASSWORD)
|
||||
|
||||
|
||||
def get_password_from_db(cluster, pwname):
|
||||
"""return a password for the named entry
|
||||
|
||||
This function will return, or create and return, a password for the
|
||||
named entry. It will store the password in the key manager and use
|
||||
the ID in the database entry.
|
||||
|
||||
:param cluster: The cluster record containing the password
|
||||
:param pwname: The entry name associated with the password
|
||||
:returns: The cleartext password
|
||||
"""
|
||||
ctx = context.ctx()
|
||||
cluster = conductor.cluster_get(ctx, cluster.id)
|
||||
passwd = cluster.extra.get(pwname) if cluster.extra else None
|
||||
if passwd:
|
||||
return passwd
|
||||
return key_manager.get_secret(passwd, ctx)
|
||||
|
||||
passwd = six.text_type(uuid.uuid4())
|
||||
extra = cluster.extra.to_dict() if cluster.extra else {}
|
||||
extra[pwname] = passwd
|
||||
extra[pwname] = key_manager.store_secret(passwd, ctx)
|
||||
cluster = conductor.cluster_update(ctx, cluster, {'extra': extra})
|
||||
return passwd
|
||||
|
||||
|
||||
def get_cm_password(cluster):
|
||||
return get_password_from_db(cluster, 'cm_password')
|
||||
return get_password_from_db(cluster, CM_PASSWORD)
|
||||
|
||||
|
||||
def remote_execute_db_script(remote, script_content):
|
||||
|
|
|
@ -18,7 +18,7 @@ from sahara.utils import files
|
|||
|
||||
|
||||
def get_hive_db_password(cluster):
|
||||
return dh.get_password_from_db(cluster, 'hive_db_password')
|
||||
return dh.get_password_from_db(cluster, dh.HIVE_DB_PASSWORD)
|
||||
|
||||
|
||||
def create_hive_database(cluster, remote):
|
||||
|
|
|
@ -18,11 +18,11 @@ from sahara.utils import files
|
|||
|
||||
|
||||
def get_hive_db_password(cluster):
|
||||
return dh.get_password_from_db(cluster, 'hive_db_password')
|
||||
return dh.get_password_from_db(cluster, dh.HIVE_DB_PASSWORD)
|
||||
|
||||
|
||||
def get_sentry_db_password(cluster):
|
||||
return dh.get_password_from_db(cluster, 'sentry_db_password')
|
||||
return dh.get_password_from_db(cluster, dh.SENTRY_DB_PASSWORD)
|
||||
|
||||
|
||||
def create_hive_database(cluster, remote):
|
||||
|
|
|
@ -18,11 +18,11 @@ from sahara.utils import files
|
|||
|
||||
|
||||
def get_hive_db_password(cluster):
|
||||
return dh.get_password_from_db(cluster, 'hive_db_password')
|
||||
return dh.get_password_from_db(cluster, dh.HIVE_DB_PASSWORD)
|
||||
|
||||
|
||||
def get_sentry_db_password(cluster):
|
||||
return dh.get_password_from_db(cluster, 'sentry_db_password')
|
||||
return dh.get_password_from_db(cluster, dh.SENTRY_DB_PASSWORD)
|
||||
|
||||
|
||||
def create_hive_database(cluster, remote):
|
||||
|
|
Loading…
Reference in New Issue