def data_source_update(self, context, id, values): """Update the Data Source or raise if it does not exist.""" values = copy.deepcopy(values) values["id"] = id # in cases where the credentials to access the data source are # stored with the record and the external key manager is being # used, we need to delete the old key from the manager and # create a new one. the other option here would be to retrieve # the previous key and check to see if it has changed, but it # seems less expensive to just delete the old and create a new # one. # it should be noted that the jsonschema validation ensures that # if the proxy domain is not in use then credentials must be # sent with this record. if (CONF.use_barbican_key_manager and not CONF.use_domain_for_proxy_users): # first we retrieve the original record to get the old key # uuid, and delete it. ds_record = self.data_source_get(context, id) if (ds_record.get('credentials') and ds_record['credentials'].get('password')): key_manager.delete_secret( ds_record['credentials']['password'], context) # next we create the new key. if (values.get('credentials') and values['credentials'].get('password')): values['credentials']['password'] = key_manager.store_secret( values['credentials']['password'], context) return self.db.data_source_update(context, values)
def job_binary_update(self, context, id, values): """Update a JobBinary from the values dictionary.""" values = copy.deepcopy(values) values['id'] = id # in cases where the credentials to access the job binary are # stored with the record and the external key manager is being # used, we need to delete the old key from the manager and # create a new one. the other option here would be to retrieve # the previous key and check to see if it has changed, but it # seems less expensive to just delete the old and create a new # one. if (CONF.use_barbican_key_manager and not CONF.use_domain_for_proxy_users): # first we retrieve the original record to get the old key # uuid, and delete it. jb_record = self.job_binary_get(context, id) if jb_record.get('extra') and jb_record['extra'].get('password'): key_manager.delete_secret(jb_record['extra']['password'], context) # next we create the new key. if values.get('extra') and values['extra'].get('password'): values['extra']['password'] = key_manager.store_secret( values['extra']['password'], context) return self.db.job_binary_update(context, values)
def job_binary_destroy(self, context, job_binary): """Destroy the JobBinary or raise if it does not exist.""" # in cases where the credentials to access the job binary are # stored with the record and the external key manager is being # used, we need to delete the key from the external manager. if (CONF.use_barbican_key_manager and not CONF.use_domain_for_proxy_users): jb_record = self.job_binary_get(context, job_binary) if jb_record.get('extra') and jb_record['extra'].get('password'): key_manager.delete_secret(jb_record['extra']['password'], context) self.db.job_binary_destroy(context, job_binary)
def data_source_destroy(self, context, data_source): """Destroy the Data Source or raise if it does not exist.""" # in cases where the credentials to access the data source are # stored with the record and the external key manager is being # used, we need to delete the key from the external manager. if (CONF.use_barbican_key_manager and not CONF.use_domain_for_proxy_users): ds_record = self.data_source_get(context, data_source) if (ds_record.get('credentials') and ds_record['credentials'].get('password')): key_manager.delete_secret( ds_record['credentials']['password'], context) return self.db.data_source_destroy(context, data_source)
def delete_proxy_user_for_cluster(cluster): '''Delete a proxy user based on a Cluster :param cluster: The cluster model with proxy user information ''' proxy_configs = cluster.cluster_configs.get('proxy_configs') if proxy_configs is not None: proxy_username = proxy_configs.get('proxy_username') proxy_trust_id = proxy_configs.get('proxy_trust_id') proxy_user = k.auth_for_proxy(proxy_username, key_manager.get_secret( proxy_configs.get('proxy_password')), proxy_trust_id) t.delete_trust(proxy_user, proxy_trust_id) proxy_user_delete(proxy_username) key_manager.delete_secret(proxy_configs.get('proxy_password')) update = {'cluster_configs': cluster.cluster_configs.to_dict()} del update['cluster_configs']['proxy_configs'] conductor.cluster_update(context.ctx(), cluster, update)
def delete_proxy_user_for_cluster(cluster): '''Delete a proxy user based on a Cluster :param cluster: The cluster model with proxy user information ''' proxy_configs = cluster.cluster_configs.get('proxy_configs') if proxy_configs is not None: proxy_username = proxy_configs.get('proxy_username') proxy_trust_id = proxy_configs.get('proxy_trust_id') proxy_user = k.auth_for_proxy( proxy_username, key_manager.get_secret(proxy_configs.get('proxy_password')), proxy_trust_id) t.delete_trust(proxy_user, proxy_trust_id) proxy_user_delete(proxy_username) key_manager.delete_secret(proxy_configs.get('proxy_password')) update = {'cluster_configs': cluster.cluster_configs.to_dict()} del update['cluster_configs']['proxy_configs'] conductor.cluster_update(context.ctx(), cluster, update)
def delete_proxy_user_for_job_execution(job_execution): '''Delete a proxy user based on a JobExecution :param job_execution: The job execution with proxy user information :returns: An updated job_configs dictionary or None ''' proxy_configs = job_execution.job_configs.get('proxy_configs') if proxy_configs is not None: proxy_username = proxy_configs.get('proxy_username') proxy_trust_id = proxy_configs.get('proxy_trust_id') proxy_user = k.auth_for_proxy( proxy_username, key_manager.get_secret(proxy_configs.get('proxy_password')), proxy_trust_id) t.delete_trust(proxy_user, proxy_trust_id) proxy_user_delete(proxy_username) key_manager.delete_secret(proxy_configs.get('proxy_password')) update = job_execution.job_configs.to_dict() del update['proxy_configs'] return update return None
def delete_proxy_user_for_job_execution(job_execution): '''Delete a proxy user based on a JobExecution :param job_execution: The job execution with proxy user information :returns: An updated job_configs dictionary or None ''' proxy_configs = job_execution.job_configs.get('proxy_configs') if proxy_configs is not None: proxy_username = proxy_configs.get('proxy_username') proxy_trust_id = proxy_configs.get('proxy_trust_id') proxy_user = k.auth_for_proxy(proxy_username, key_manager.get_secret( proxy_configs.get('proxy_password')), proxy_trust_id) t.delete_trust(proxy_user, proxy_trust_id) proxy_user_delete(proxy_username) key_manager.delete_secret(proxy_configs.get('proxy_password')) update = job_execution.job_configs.to_dict() del update['proxy_configs'] return update return None
def delete_oozie_password(cluster): extra = cluster.extra.to_dict() if 'oozie_pass_id' in extra: castellan.delete_secret(extra['oozie_pass_id']) else: LOG.warning(_LW("Cluster hasn't Oozie password"))
def delete_secret(id, ctx=None, **kwargs): castellan_utils.delete_secret(id, ctx=ctx)
def delete_hive_password(cluster): extra = cluster.extra.to_dict() if 'hive_pass_id' in extra: castellan.delete_secret(extra['hive_pass_id']) else: LOG.warning("Cluster hasn't hive password")