Merge "Masks hashed password in VIM CRUD responses"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
daa7bf4e8e
@ -17,6 +17,7 @@
|
||||
import uuid
|
||||
|
||||
from oslo_db import exception
|
||||
from oslo_utils import strutils
|
||||
import sqlalchemy as sa
|
||||
from sqlalchemy import orm
|
||||
from sqlalchemy.orm import exc as orm_exc
|
||||
@ -65,13 +66,15 @@ class NfvoPluginDb(nfvo.NFVOPluginBase, db_base.CommonDbMixin):
|
||||
def _core_plugin(self):
|
||||
return manager.TackerManager.get_plugin()
|
||||
|
||||
def _make_vim_dict(self, vim_db, fields=None):
|
||||
def _make_vim_dict(self, vim_db, fields=None, mask_password=True):
|
||||
res = dict((key, vim_db[key]) for key in VIM_ATTRIBUTES)
|
||||
vim_auth_db = vim_db.vim_auth
|
||||
res['auth_url'] = vim_auth_db[0].auth_url
|
||||
res['vim_project'] = vim_auth_db[0].vim_project
|
||||
res['auth_cred'] = vim_auth_db[0].auth_cred
|
||||
res['auth_cred']['password'] = vim_auth_db[0].password
|
||||
if mask_password:
|
||||
res['auth_cred'] = strutils.mask_dict_password(res['auth_cred'])
|
||||
return self._fields(res, fields)
|
||||
|
||||
def _fields(self, resource, fields):
|
||||
@ -128,9 +131,9 @@ class NfvoPluginDb(nfvo.NFVOPluginBase, db_base.CommonDbMixin):
|
||||
raise nfvo.VimInUseException(vim_id=vim_id)
|
||||
return devices_db
|
||||
|
||||
def get_vim(self, context, vim_id, fields=None):
|
||||
def get_vim(self, context, vim_id, fields=None, mask_password=True):
|
||||
vim_db = self._get_resource(context, Vim, vim_id)
|
||||
return self._make_vim_dict(vim_db)
|
||||
return self._make_vim_dict(vim_db, mask_password=mask_password)
|
||||
|
||||
def get_vims(self, context, filters=None, fields=None):
|
||||
return self._get_collection(context, Vim, self._make_vim_dict,
|
||||
@ -150,9 +153,10 @@ class NfvoPluginDb(nfvo.NFVOPluginBase, db_base.CommonDbMixin):
|
||||
vim_project})
|
||||
return self.get_vim(context, vim_id)
|
||||
|
||||
def get_vim_by_name(self, context, vim_name, fields=None):
|
||||
def get_vim_by_name(self, context, vim_name, fields=None,
|
||||
mask_password=True):
|
||||
vim_db = self._get_by_name(context, Vim, vim_name)
|
||||
return self._make_vim_dict(vim_db)
|
||||
return self._make_vim_dict(vim_db, mask_password=mask_password)
|
||||
|
||||
def _get_by_name(self, context, model, name):
|
||||
try:
|
||||
|
||||
@ -201,12 +201,13 @@ class NFVOPluginBase(service_base.NFVPluginBase):
|
||||
pass
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_vim(self, context, vim_id, fields=None):
|
||||
def get_vim(self, context, vim_id, fields=None, mask_password=True):
|
||||
pass
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_vims(self, context, filters=None, fields=None):
|
||||
pass
|
||||
|
||||
def get_vim_by_name(self, context, vim_name, fields=None):
|
||||
def get_vim_by_name(self, context, vim_name, fields=None,
|
||||
mask_password=True):
|
||||
raise NotImplementedError()
|
||||
|
||||
@ -18,6 +18,8 @@ import yaml
|
||||
from tacker.tests.functional import base
|
||||
from tacker.tests.utils import read_file
|
||||
|
||||
SECRET_PASSWORD = '***'
|
||||
|
||||
|
||||
class VimTestCreate(base.BaseTackerTest):
|
||||
def _test_create_delete_vim(self, vim_file, name, description, vim_type,
|
||||
@ -62,6 +64,8 @@ class VimTestCreate(base.BaseTackerTest):
|
||||
self.assertIsNotNone(vim_instance['id'])
|
||||
self.assertEqual(vim_instance['auth_cred']['username'],
|
||||
config_data['username'])
|
||||
self.assertEqual(SECRET_PASSWORD,
|
||||
vim_instance['auth_cred']['password'])
|
||||
self.assertEqual(vim_instance['placement_attr']['regions'],
|
||||
expected_regions)
|
||||
if version:
|
||||
|
||||
@ -22,6 +22,8 @@ from tacker.db.nfvo import nfvo_db
|
||||
from tacker.nfvo import nfvo_plugin
|
||||
from tacker.tests.unit.db import base as db_base
|
||||
|
||||
SECRET_PASSWORD = '***'
|
||||
|
||||
|
||||
class FakeDriverManager(mock.Mock):
|
||||
def invoke(self, *args, **kwargs):
|
||||
@ -81,6 +83,7 @@ class TestNfvoPlugin(db_base.SqlTestCase):
|
||||
vim_obj=vim_dict[
|
||||
'vim'])
|
||||
self.assertIsNotNone(res)
|
||||
self.assertEqual(SECRET_PASSWORD, res['auth_cred']['password'])
|
||||
self.assertIn('id', res)
|
||||
self.assertIn('placement_attr', res)
|
||||
|
||||
@ -100,7 +103,6 @@ class TestNfvoPlugin(db_base.SqlTestCase):
|
||||
'password': 'new_password'}}}
|
||||
vim_type = 'openstack'
|
||||
vim_auth_username = vim_dict['vim']['auth_cred']['username']
|
||||
vim_auth_password = vim_dict['vim']['auth_cred']['password']
|
||||
vim_project = vim_dict['vim']['vim_project']
|
||||
self._insert_dummy_vim()
|
||||
res = self.nfvo_plugin.update_vim(self.context, vim_dict['vim']['id'],
|
||||
@ -113,4 +115,4 @@ class TestNfvoPlugin(db_base.SqlTestCase):
|
||||
self.assertIn('placement_attr', res)
|
||||
self.assertEqual(vim_project, res['vim_project'])
|
||||
self.assertEqual(vim_auth_username, res['auth_cred']['username'])
|
||||
self.assertEqual(vim_auth_password, res['auth_cred']['password'])
|
||||
self.assertEqual(SECRET_PASSWORD, res['auth_cred']['password'])
|
||||
|
||||
@ -50,13 +50,15 @@ class VimClient(object):
|
||||
if not vim_name:
|
||||
raise nfvo.VimDefaultNameNotDefined()
|
||||
try:
|
||||
vim_info = nfvo_plugin.get_vim_by_name(context, vim_name)
|
||||
vim_info = nfvo_plugin.get_vim_by_name(context, vim_name,
|
||||
mask_password=False)
|
||||
except Exception:
|
||||
raise nfvo.VimDefaultIdException(
|
||||
vim_name=vim_name)
|
||||
else:
|
||||
try:
|
||||
vim_info = nfvo_plugin.get_vim(context, vim_id)
|
||||
vim_info = nfvo_plugin.get_vim(context, vim_id,
|
||||
mask_password=False)
|
||||
except Exception:
|
||||
raise nfvo.VimNotFoundException(vim_id=vim_id)
|
||||
LOG.debug(_('VIM info found for vim id %s'), vim_id)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user