![Hiroo Kitamura](/assets/img/avatar_default.png)
This patch fixes a bug that caused many functinal-tests to fail with the following error: - tackerclient.common.exceptions.InternalServerError The bug occurs because the password is converted to bytes type when decrypting the password of vim_auth with python3. Change-Id: I021d1752fcf96dfba97faf21e849dc87019e4e57
138 lines
5.3 KiB
Python
138 lines
5.3 KiB
Python
|
|
# Copyright 2015-2016 Brocade Communications Systems Ine All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import os
|
|
|
|
from cryptography import fernet
|
|
from oslo_config import cfg
|
|
from oslo_log import log as logging
|
|
|
|
|
|
from tacker.common import utils
|
|
from tacker import context as t_context
|
|
from tacker.extensions import nfvo
|
|
from tacker.keymgr import API as KEYMGR_API
|
|
from tacker import manager
|
|
from tacker.plugins.common import constants
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
CONF = cfg.CONF
|
|
|
|
|
|
class VimClient(object):
|
|
def get_vim(self, context, vim_id=None, region_name=None):
|
|
"""Get Vim information for provided VIM id
|
|
|
|
Initiate the NFVO plugin, request VIM information for the provided
|
|
VIM id and validate region
|
|
"""
|
|
nfvo_plugin = manager.TackerManager.get_service_plugins().get(
|
|
constants.NFVO)
|
|
|
|
if not vim_id:
|
|
LOG.debug('VIM id not provided. Attempting to find default '
|
|
'VIM information')
|
|
try:
|
|
vim_info = nfvo_plugin.get_default_vim(context)
|
|
except Exception as ex:
|
|
LOG.debug('Fail to get default vim due to %s', ex)
|
|
raise nfvo.VimDefaultNotDefined()
|
|
else:
|
|
try:
|
|
vim_info = nfvo_plugin.get_vim(context, vim_id,
|
|
mask_password=False)
|
|
except Exception:
|
|
raise nfvo.VimNotFoundException(vim_id=vim_id)
|
|
LOG.debug('VIM info found for vim id %s', vim_id)
|
|
if region_name and not self.region_valid(vim_info['placement_attr']
|
|
['regions'], region_name):
|
|
raise nfvo.VimRegionNotFoundException(region_name=region_name)
|
|
|
|
vim_auth = self._build_vim_auth(vim_info)
|
|
vim_res = {'vim_auth': vim_auth, 'vim_id': vim_info['id'],
|
|
'vim_name': vim_info.get('name', vim_info['id']),
|
|
'vim_type': vim_info['type']}
|
|
return vim_res
|
|
|
|
@staticmethod
|
|
def region_valid(vim_regions, region_name):
|
|
return region_name in vim_regions
|
|
|
|
def _build_vim_auth(self, vim_info):
|
|
LOG.debug('VIM id is %s', vim_info['id'])
|
|
vim_auth = vim_info['auth_cred']
|
|
|
|
# decode password
|
|
if ('password' in vim_auth) and (vim_auth['password'] is not None):
|
|
vim_auth['password'] = self._decode_vim_auth(vim_info['id'],
|
|
vim_auth,
|
|
vim_auth['password'])
|
|
# decode bearer_token
|
|
if 'bearer_token' in vim_auth:
|
|
vim_auth['bearer_token'] = self.\
|
|
_decode_vim_auth(vim_info['id'],
|
|
vim_auth,
|
|
vim_auth['bearer_token'])
|
|
# decode ssl_ca_cert
|
|
if utils.none_from_string(vim_auth.get('ssl_ca_cert')) is not None:
|
|
vim_auth['ssl_ca_cert'] = self.\
|
|
_decode_vim_auth(vim_info['id'],
|
|
vim_auth,
|
|
vim_auth['ssl_ca_cert'])
|
|
|
|
vim_auth['auth_url'] = vim_info['auth_url']
|
|
|
|
# These attributes are needless for authentication
|
|
# from keystone, so we remove them.
|
|
needless_attrs = ['key_type', 'secret_uuid']
|
|
for attr in needless_attrs:
|
|
if attr in vim_auth:
|
|
vim_auth.pop(attr, None)
|
|
return vim_auth
|
|
|
|
def _decode_vim_auth(self, vim_id, auth, secret_value):
|
|
"""Decode Vim credentials
|
|
|
|
Decrypt VIM cred, get fernet Key from local_file_system or
|
|
barbican.
|
|
"""
|
|
cred = secret_value.encode('utf-8')
|
|
if auth.get('key_type') == 'barbican_key':
|
|
keystone_conf = CONF.keystone_authtoken
|
|
secret_uuid = auth['secret_uuid']
|
|
keymgr_api = KEYMGR_API(keystone_conf.auth_url)
|
|
k_context = t_context.generate_tacker_service_context()
|
|
secret_obj = keymgr_api.get(k_context, secret_uuid)
|
|
vim_key = secret_obj.payload
|
|
else:
|
|
vim_key = self._find_vim_key(vim_id)
|
|
|
|
f = fernet.Fernet(vim_key)
|
|
if not f:
|
|
LOG.warning('Unable to decode VIM auth')
|
|
raise nfvo.VimNotFoundException(vim_id=vim_id)
|
|
return f.decrypt(cred).decode('utf-8')
|
|
|
|
@staticmethod
|
|
def _find_vim_key(vim_id):
|
|
key_file = os.path.join(CONF.vim_keys.openstack, vim_id)
|
|
LOG.debug('Attempting to open key file for vim id %s', vim_id)
|
|
try:
|
|
with open(key_file, 'r') as f:
|
|
return f.read()
|
|
except Exception:
|
|
LOG.warning('VIM id invalid or key not found for %s', vim_id)
|
|
raise nfvo.VimKeyNotFoundException(vim_id=vim_id)
|