def _get_tenant_dict():
tenant_dict = utils.current_tenant.to_dict()
tenant_dict['rabbitmq_password'] = decrypt(
tenant_dict['rabbitmq_password'])
for to_remove in ['id', 'users', 'groups']:
tenant_dict.pop(to_remove)
return tenant_dict
def create_tenant_vhost_and_user(self, tenant):
"""
Create a new RabbitMQ vhost and user, and grant the user permissions
on the vhost
:param tenant: An SQLAlchemy Tenant object
:return: The updated tenant object
"""
vhost = tenant.rabbitmq_vhost or \
self.VHOST_NAME_PATTERN.format(tenant.name)
username = tenant.rabbitmq_username or \
self.USERNAME_PATTERN.format(tenant.name)
# The password is being stored encrypted in the DB
new_password = AMQPManager._generate_user_password()
password = decrypt(tenant.rabbitmq_password) \
if tenant.rabbitmq_password else new_password
encrypted_password = tenant.rabbitmq_password or encrypt(new_password)
self._client.create_vhost(vhost)
self._client.create_user(username, password)
self._client.set_vhost_permissions(vhost, username, '.*', '.*', '.*')
# TODO: Maybe won't be necessary in the future
self._client.set_vhost_permissions('/', username, '.*', '.*', '.*')
tenant.rabbitmq_vhost = vhost
tenant.rabbitmq_username = username
tenant.rabbitmq_password = encrypted_password
return tenant
def create_tenant_vhost_and_user(self, tenant):
"""
Create a new RabbitMQ vhost and user, and grant the user permissions
on the vhost
:param tenant: An SQLAlchemy Tenant object
:return: The updated tenant object
"""
vhost = tenant.rabbitmq_vhost or \
self.VHOST_NAME_PATTERN.format(tenant.name)
username = tenant.rabbitmq_username or \
self.USERNAME_PATTERN.format(tenant.name)
# The password is being stored encrypted in the DB
new_password = AMQPManager._generate_user_password()
password = decrypt(tenant.rabbitmq_password) \
if tenant.rabbitmq_password else new_password
encrypted_password = tenant.rabbitmq_password or encrypt(new_password)
self._client.create_vhost(vhost)
self._client.create_user(username, password)
self._client.set_vhost_permissions(vhost, username, '.*', '.*', '.*')
# Gives configure and write permissions to the specific exchanges of
# events, logs and monitoring
allowed_resources = '^cloudify-(events|logs|monitoring)$'
self._client.set_vhost_permissions('/',
username,
configure=allowed_resources,
write=allowed_resources)
tenant.rabbitmq_vhost = vhost
tenant.rabbitmq_username = username
tenant.rabbitmq_password = encrypted_password
return tenant
def get(self, key):
"""
Get secret by key
"""
rest_utils.validate_inputs({'key': key})
secret = get_storage_manager().get(models.Secret, key)
secret_dict = secret.to_dict()
if secret_dict['is_hidden_value'] and not \
self._is_hidden_value_permitted(secret):
# Hide the value of the secret
secret_dict['value'] = ''
else:
# Returns the decrypted value
secret_dict['value'] = decrypt(secret.value)
return secret_dict
def get(self, key):
"""
Get secret by key
"""
rest_utils.validate_inputs({'key': key})
secret = get_storage_manager().get(models.Secret, key)
secret_dict = secret.to_dict()
if secret_dict['is_hidden_value'] and not \
self._is_value_permitted(secret_dict['created_by']):
# Hide the value of the secret
secret_dict['value'] = ''
else:
# Returns the decrypted value
encryption_key = config.instance.security_encryption_key
secret_dict['value'] = cryptography_utils.decrypt(
encryption_key, secret.value)
return secret_dict
def get_secret(secret_key):
secret = storage_manager.get(Secret, secret_key)
decrypted_value = cryptography_utils.decrypt(secret.value)
return SecretType(secret_key, decrypted_value)
def get_secret(secret_key):
secret = storage_manager.get(Secret, secret_key)
encryption_key = config.instance.security_encryption_key
decrypted_value = cryptography_utils.decrypt(encryption_key,
secret.value)
return SecretType(secret_key, decrypted_value)
