Example #1
0
    def data_source_update(self, context, id, values):
        """Update the Data Source or raise if it does not exist."""

        values = copy.deepcopy(values)
        values["id"] = id
        # in cases where the credentials to access the data source are
        # stored with the record and the external key manager is being
        # used, we need to delete the old key from the manager and
        # create a new one. the other option here would be to retrieve
        # the previous key and check to see if it has changed, but it
        # seems less expensive to just delete the old and create a new
        # one.
        # it should be noted that the jsonschema validation ensures that
        # if the proxy domain is not in use then credentials must be
        # sent with this record.
        if (CONF.use_barbican_key_manager and not
                CONF.use_domain_for_proxy_users):
            # first we retrieve the original record to get the old key
            # uuid, and delete it.
            ds_record = self.data_source_get(context, id)
            if (ds_record.get('credentials') and
                    ds_record['credentials'].get('password')):
                key_manager.delete_secret(
                    ds_record['credentials']['password'], context)
            # next we create the new key.
            if (values.get('credentials') and
                    values['credentials'].get('password')):
                values['credentials']['password'] = key_manager.store_secret(
                    values['credentials']['password'], context)
        return self.db.data_source_update(context, values)
Example #2
0
    def job_binary_update(self, context, id, values):
        """Update a JobBinary from the values dictionary."""

        values = copy.deepcopy(values)
        values['id'] = id
        # in cases where the credentials to access the job binary are
        # stored with the record and the external key manager is being
        # used, we need to delete the old key from the manager and
        # create a new one. the other option here would be to retrieve
        # the previous key and check to see if it has changed, but it
        # seems less expensive to just delete the old and create a new
        # one.
        if (CONF.use_barbican_key_manager and not
                CONF.use_domain_for_proxy_users):
            # first we retrieve the original record to get the old key
            # uuid, and delete it.
            jb_record = self.job_binary_get(context, id)
            if jb_record.get('extra') and jb_record['extra'].get('password'):
                key_manager.delete_secret(jb_record['extra']['password'],
                                          context)
            # next we create the new key.
            if values.get('extra') and values['extra'].get('password'):
                values['extra']['password'] = key_manager.store_secret(
                    values['extra']['password'], context)
        return self.db.job_binary_update(context, values)
Example #3
0
    def job_binary_destroy(self, context, job_binary):
        """Destroy the JobBinary or raise if it does not exist."""

        # in cases where the credentials to access the job binary are
        # stored with the record and the external key manager is being
        # used, we need to delete the key from the external manager.
        if (CONF.use_barbican_key_manager and not
                CONF.use_domain_for_proxy_users):
            jb_record = self.job_binary_get(context, job_binary)
            if jb_record.get('extra') and jb_record['extra'].get('password'):
                key_manager.delete_secret(jb_record['extra']['password'],
                                          context)
        self.db.job_binary_destroy(context, job_binary)
Example #4
0
    def data_source_destroy(self, context, data_source):
        """Destroy the Data Source or raise if it does not exist."""

        # in cases where the credentials to access the data source are
        # stored with the record and the external key manager is being
        # used, we need to delete the key from the external manager.
        if (CONF.use_barbican_key_manager and not
                CONF.use_domain_for_proxy_users):
            ds_record = self.data_source_get(context, data_source)
            if (ds_record.get('credentials') and
                    ds_record['credentials'].get('password')):
                key_manager.delete_secret(
                    ds_record['credentials']['password'], context)
        return self.db.data_source_destroy(context, data_source)
Example #5
0
def delete_proxy_user_for_cluster(cluster):
    '''Delete a proxy user based on a Cluster

    :param cluster: The cluster model with proxy user information

    '''
    proxy_configs = cluster.cluster_configs.get('proxy_configs')
    if proxy_configs is not None:
        proxy_username = proxy_configs.get('proxy_username')
        proxy_trust_id = proxy_configs.get('proxy_trust_id')
        proxy_user = k.auth_for_proxy(proxy_username,
                                      key_manager.get_secret(
                                          proxy_configs.get('proxy_password')),
                                      proxy_trust_id)
        t.delete_trust(proxy_user, proxy_trust_id)
        proxy_user_delete(proxy_username)
        key_manager.delete_secret(proxy_configs.get('proxy_password'))
        update = {'cluster_configs': cluster.cluster_configs.to_dict()}
        del update['cluster_configs']['proxy_configs']
        conductor.cluster_update(context.ctx(), cluster, update)
Example #6
0
def delete_proxy_user_for_cluster(cluster):
    '''Delete a proxy user based on a Cluster

    :param cluster: The cluster model with proxy user information

    '''
    proxy_configs = cluster.cluster_configs.get('proxy_configs')
    if proxy_configs is not None:
        proxy_username = proxy_configs.get('proxy_username')
        proxy_trust_id = proxy_configs.get('proxy_trust_id')
        proxy_user = k.auth_for_proxy(
            proxy_username,
            key_manager.get_secret(proxy_configs.get('proxy_password')),
            proxy_trust_id)
        t.delete_trust(proxy_user, proxy_trust_id)
        proxy_user_delete(proxy_username)
        key_manager.delete_secret(proxy_configs.get('proxy_password'))
        update = {'cluster_configs': cluster.cluster_configs.to_dict()}
        del update['cluster_configs']['proxy_configs']
        conductor.cluster_update(context.ctx(), cluster, update)
Example #7
0
def delete_proxy_user_for_job_execution(job_execution):
    '''Delete a proxy user based on a JobExecution

    :param job_execution: The job execution with proxy user information
    :returns: An updated job_configs dictionary or None

    '''
    proxy_configs = job_execution.job_configs.get('proxy_configs')
    if proxy_configs is not None:
        proxy_username = proxy_configs.get('proxy_username')
        proxy_trust_id = proxy_configs.get('proxy_trust_id')
        proxy_user = k.auth_for_proxy(
            proxy_username,
            key_manager.get_secret(proxy_configs.get('proxy_password')),
            proxy_trust_id)
        t.delete_trust(proxy_user, proxy_trust_id)
        proxy_user_delete(proxy_username)
        key_manager.delete_secret(proxy_configs.get('proxy_password'))
        update = job_execution.job_configs.to_dict()
        del update['proxy_configs']
        return update
    return None
Example #8
0
def delete_proxy_user_for_job_execution(job_execution):
    '''Delete a proxy user based on a JobExecution

    :param job_execution: The job execution with proxy user information
    :returns: An updated job_configs dictionary or None

    '''
    proxy_configs = job_execution.job_configs.get('proxy_configs')
    if proxy_configs is not None:
        proxy_username = proxy_configs.get('proxy_username')
        proxy_trust_id = proxy_configs.get('proxy_trust_id')
        proxy_user = k.auth_for_proxy(proxy_username,
                                      key_manager.get_secret(
                                          proxy_configs.get('proxy_password')),
                                      proxy_trust_id)
        t.delete_trust(proxy_user, proxy_trust_id)
        proxy_user_delete(proxy_username)
        key_manager.delete_secret(proxy_configs.get('proxy_password'))
        update = job_execution.job_configs.to_dict()
        del update['proxy_configs']
        return update
    return None
Example #9
0
def delete_oozie_password(cluster):
    extra = cluster.extra.to_dict()
    if 'oozie_pass_id' in extra:
        castellan.delete_secret(extra['oozie_pass_id'])
    else:
        LOG.warning(_LW("Cluster hasn't Oozie password"))
Example #10
0
def delete_secret(id, ctx=None, **kwargs):
    castellan_utils.delete_secret(id, ctx=ctx)
Example #11
0
def delete_secret(id, ctx=None, **kwargs):
    castellan_utils.delete_secret(id, ctx=ctx)
Example #12
0
def delete_oozie_password(cluster):
    extra = cluster.extra.to_dict()
    if 'oozie_pass_id' in extra:
        castellan.delete_secret(extra['oozie_pass_id'])
    else:
        LOG.warning(_LW("Cluster hasn't Oozie password"))
Example #13
0
def delete_hive_password(cluster):
    extra = cluster.extra.to_dict()
    if 'hive_pass_id' in extra:
        castellan.delete_secret(extra['hive_pass_id'])
    else:
        LOG.warning("Cluster hasn't hive password")