def _get_credentials_dict(self, bnp_switch, func_name):
if not bnp_switch:
self._raise_ml2_error(wexc.HTTPNotFound, func_name)
db_context = neutron_context.get_admin_context()
creds_dict = {}
creds_dict["ip_address"] = bnp_switch.ip_address
prov_creds = bnp_switch.credentials
prov_protocol = bnp_switch.management_protocol
if hp_const.PROTOCOL_SNMP in prov_protocol:
if not uuidutils.is_uuid_like(prov_creds):
snmp_cred = db.get_snmp_cred_by_name(db_context, prov_creds)
snmp_cred = snmp_cred[0]
else:
snmp_cred = db.get_snmp_cred_by_id(db_context, prov_creds)
if not snmp_cred:
LOG.error(_LE("Credentials does not match"))
self._raise_ml2_error(wexc.HTTPNotFound, "")
creds_dict["write_community"] = snmp_cred.write_community
creds_dict["security_name"] = snmp_cred.security_name
creds_dict["security_level"] = snmp_cred.security_level
creds_dict["auth_protocol"] = snmp_cred.auth_protocol
creds_dict["management_protocol"] = prov_protocol
creds_dict["auth_key"] = snmp_cred.auth_key
creds_dict["priv_protocol"] = snmp_cred.priv_protocol
creds_dict["priv_key"] = snmp_cred.priv_key
else:
if not uuidutils.is_uuid_like(prov_creds):
netconf_cred = db.get_netconf_cred_by_name(db_context, prov_creds)
if netconf_cred.get("password"):
password = credential_manager.retrieve_secret(netconf_cred["password"])
netconf_cred["password"] = password
else:
netconf_cred = db.get_netconf_cred_by_id(db_context, prov_creds)
if netconf_cred.get("password"):
password = credential_manager.retrieve_secret(netconf_cred["password"])
netconf_cred["password"] = password
if not netconf_cred:
LOG.error(_LE("Credentials does not match"))
self._raise_ml2_error(wexc.HTTPNotFound, "")
creds_dict["user_name"] = netconf_cred.write_community
creds_dict["password"] = netconf_cred.security_name
creds_dict["key_path"] = netconf_cred.security_level
return creds_dict
def test_update_credential_netconf_soap_only_name(self):
credential = self._test_create_credential_for_netconf(
self.netconf_soap_data)
credential_id = credential["bnp_credential"]["id"]
update_data = {"bnp_credential": {"name": "NewCredName"}}
updated_dict = self._test_update_credential(update_data, credential_id)
updated_dict['password'] = credential_manager.retrieve_secret(
updated_dict['password'])
expected_dict = {"id": credential_id, "protocol_type": "netconf_soap",
"user_name": "FakeUserName",
"password": "******", "key_path": None,
"name": "NewCredName"}
self.assertDictEqual(updated_dict, expected_dict)
def test_update_credential_netconf_ssh(self):
credential = self._test_create_credential_for_netconf(
self.netconf_ssh_data)
credential_id = credential["bnp_credential"]["id"]
update_data = {"bnp_credential": {"netconf_ssh": {"user_name":
"NewFakeUserName",
"password":
"******",
"key_path": ("/home/"
"faked"
"ir/key"
"1.rsa")
}, "name":
"NewCredName"}}
updated_dict = self._test_update_credential_for_netconf_ssh(
update_data, credential_id)
updated_dict['password'] = credential_manager.retrieve_secret(
updated_dict['password'])
expected_dict = {"id": credential_id, "protocol_type": "netconf_ssh",
"user_name": "NewFakeUserName",
"password": "******", "key_path":
"/home/fakedir/key1.rsa", "name": "NewCredName"}
self.assertDictEqual(updated_dict, expected_dict)
def update(self, request, id, **kwargs):
context = request.context
self._check_admin(context)
body = validators.validate_request(request)
protocol = validators.validate_access_parameters_for_update(body)
key_list = ['name', 'snmpv1', 'snmpv2c',
'snmpv3', 'netconf_ssh', 'netconf_soap']
keys = body.keys()
validators.validate_attributes(keys, key_list)
if not uuidutils.is_uuid_like(id):
raise webob.exc.HTTPBadRequest(
_("Invalid Id"))
if not protocol:
switch_creds = db.get_snmp_cred_by_id(context, id)
if switch_creds:
switch_creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_snmp_cred_by_id(context, id, switch_creds_dict)
return switch_creds_dict
switch_creds = db.get_netconf_cred_by_id(context, id)
if switch_creds:
if switch_creds.get('password'):
password = credential_manager.retrieve_secret(
switch_creds['password'])
credential_manager.delete_secret(switch_creds['password'])
switch_creds['password'] = password
switch_creds_dict = self._update_dict(body, dict(switch_creds))
if switch_creds_dict.get('password'):
password = credential_manager.create_secret(
switch_creds_dict['password'])
switch_creds_dict['password'] = password
db.update_bnp_netconf_cred_by_id(
context, id, switch_creds_dict)
return switch_creds_dict
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
elif protocol in [const.SNMP_V1, const.SNMP_V2C]:
switch_creds = db.get_snmp_cred_by_id(context, id)
if not switch_creds:
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
self.check_creds_proto_type(switch_creds, id, protocol)
params = body.pop(protocol)
for key, value in params.iteritems():
body[key] = value
creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_snmp_cred_by_id(context, id, creds_dict)
return creds_dict
elif protocol == const.SNMP_V3:
switch_creds = db.get_snmp_cred_by_id(context, id)
if not switch_creds:
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
self.check_creds_proto_type(switch_creds, id, protocol)
params = body.pop(protocol)
if ('auth_protocol' in params.keys()) ^ (
'auth_key' in params.keys()):
if (not switch_creds['auth_protocol']) and (
not switch_creds['auth_key']):
raise webob.exc.HTTPBadRequest(
_("auth_protocol and auth_key values does not exist,"
" so both has to be provided"))
if ('priv_protocol' in params.keys()) ^ ('priv_key'
in params.keys()):
if (not switch_creds['priv_protocol']) and (
not switch_creds['priv_key']):
raise webob.exc.HTTPBadRequest(
_("priv_protocol and priv_key values does not exist,"
" so both has to be provided"))
for key, value in params.iteritems():
body[key] = value
creds_dict = self._update_dict(body, dict(switch_creds))
db.update_bnp_snmp_cred_by_id(context, id, creds_dict)
return creds_dict
elif protocol == const.NETCONF_SOAP:
switch_creds = db.get_netconf_cred_by_id(context, id)
if not switch_creds:
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
self.check_creds_proto_type(switch_creds, id, protocol)
params = body.pop(protocol)
for key, value in params.iteritems():
body[key] = value
if switch_creds.get('password'):
password = credential_manager.retrieve_secret(
switch_creds['password'])
credential_manager.delete_secret(switch_creds['password'])
switch_creds['password'] = password
creds_dict = self._update_dict(body, dict(switch_creds))
if creds_dict.get('password'):
creds_dict['password'] = credential_manager.create_secret(
creds_dict['password'])
db.update_bnp_netconf_cred_by_id(context, id, creds_dict)
return creds_dict
elif protocol == const.NETCONF_SSH:
switch_creds = db.get_netconf_cred_by_id(context, id)
if not switch_creds:
raise webob.exc.HTTPNotFound(
_("Credential with id=%s does not exist") % id)
self.check_creds_proto_type(switch_creds, id, protocol)
params = body.pop(protocol)
if ('user_name' in params.keys()) ^ ('password' in params.keys()):
if (not switch_creds['user_name']) and (
not switch_creds['password']):
raise webob.exc.HTTPBadRequest(
_("user_name and password values does not exist, so"
" both has to be provided"))
for key, value in params.iteritems():
body[key] = value
if switch_creds.get('password'):
password = credential_manager.retrieve_secret(
switch_creds['password'])
credential_manager.delete_secret(switch_creds['password'])
switch_creds['password'] = password
creds_dict = self._update_dict(body, dict(switch_creds))
if creds_dict.get('password'):
creds_dict['password'] = credential_manager.create_secret(
creds_dict['password'])
db.update_bnp_netconf_cred_by_id(context, id, creds_dict)
return creds_dict
