Ejemplo n.º 1
0
  def __getitem__(self, name):
    """
    - use Python types
    - enable lazy failure for unknown configs. 
    """
    try:
      value = super(ConfigDictionary, self).__getitem__(name)
    except KeyError:
      return UnknownConfiguration(name)

    value = ensure_decrypted(value)

    if value == "true":
      value = True
    elif value == "false":
      value = False
    
    return value
Ejemplo n.º 2
0
    def generateJceks(self, commandJson):
        """
    Generates the JCEKS file with passwords for the service specified in commandJson

    :param commandJson: command JSON
    :return: An exit value from the external process that generated the JCEKS file. None if
    there are no passwords in the JSON.
    """
        cmd_result = None
        roleCommand = None
        if 'roleCommand' in commandJson:
            roleCommand = commandJson['roleCommand']
        task_id = None
        if 'taskId' in commandJson:
            task_id = commandJson['taskId']

        logger.info(
            'Generating the JCEKS file: roleCommand={0} and taskId = {1}'.
            format(roleCommand, task_id))

        # Set up the variables for the external command to generate a JCEKS file
        java_home = commandJson['ambariLevelParams']['java_home']
        java_bin = '{java_home}/bin/java'.format(java_home=java_home)

        cs_lib_path = self.credential_shell_lib_path
        serviceName = commandJson['serviceName']

        # Gather the password values and remove them from the configuration
        configtype_credentials = self.getConfigTypeCredentials(commandJson)

        # CS is enabled but no config property is available for this command
        if len(configtype_credentials) == 0:
            logger.info(
                "Credential store is enabled but no property are found that can be encrypted."
            )
            commandJson['credentialStoreEnabled'] = "false"
        # CS is enabled and config properties are available
        else:
            commandJson['credentialStoreEnabled'] = "true"

        for config_type, credentials in configtype_credentials.items():
            config = commandJson['configurations'][config_type]
            if 'role' in commandJson and commandJson['role']:
                roleName = commandJson['role']
                file_path = os.path.join(self.getProviderDirectory(roleName),
                                         "{0}.jceks".format(config_type))
            else:
                file_path = os.path.join(
                    self.getProviderDirectory(serviceName),
                    "{0}.jceks".format(config_type))
            if os.path.exists(file_path):
                os.remove(file_path)
            provider_path = 'jceks://file{file_path}'.format(
                file_path=file_path)
            logger.info('provider_path={0}'.format(provider_path))
            for alias, pwd in credentials.items():
                logger.debug("config={0}".format(config))
                pwd = ensure_decrypted(pwd, self.encryption_key)
                protected_pwd = PasswordString(pwd)
                # Generate the JCEKS file
                cmd = (java_bin, '-cp', cs_lib_path, self.credential_shell_cmd,
                       'create', alias, '-value', protected_pwd, '-provider',
                       provider_path)
                logger.info(cmd)
                rmf_shell.checked_call(cmd)
                os.chmod(
                    file_path, 0644
                )  # group and others should have read access so that the service user can read
            # Add JCEKS provider path instead
            config[self.CREDENTIAL_PROVIDER_PROPERTY_NAME] = provider_path
            config[self.CREDENTIAL_STORE_CLASS_PATH_NAME] = cs_lib_path

        return cmd_result
Ejemplo n.º 3
0
 def test_attr_to_bitmask(self):
     encypted_value = '${enc=aes256_hex, value=616639333036363938646230613262383a3a32313537386561376136326362656436656135626165313664613265316336663a3a6361633666333432653532393863313364393064626133653562353663663235}'
     encyption_key = 'i%r041K%1VC!C5 K=('
     self.assertEquals('mysecret',
                       ensure_decrypted(encypted_value, encyption_key))