def createAccountSettings(tree,account,key,endpoint,aikey=None):
XmlUtil.setXmlValue(tree,'Accounts/Account',"account",account,['isDefault','true'])
XmlUtil.setXmlValue(tree,'Accounts/Account',"key",key,['isDefault','true'])
XmlUtil.setXmlValue(tree,'Accounts/Account',"tableEndpoint",endpoint,['isDefault','true'])
if aikey:
AIUtil.createAccountElement(tree,aikey)
def createAccountSettings(tree, account, key, token, endpoint, aikey=None):
"""
Update the MDSD configuration Account element with Azure table storage properties.
Exactly one of (key, token) must be provided. If an aikey is passed, then add a new Account element for Application
Insights with the application insights key.
:param tree: The XML doc to be updated.
:param account: Storage account to which LAD should write data
:param key: Shared key secret for the storage account, if present
:param token: SAS token to access the storage account, if present
:param endpoint: Identifies the Azure instance (public or specific sovereign cloud) where the storage account is
:param aikey: Key for accessing AI, if present
"""
assert key or token, "Either key or token must be given."
def get_handler_cert_pkey_paths():
handler_settings = hutil.get_handler_settings()
thumbprint = handler_settings['protectedSettingsCertThumbprint']
cert_path = waagent.LibDir + '/' + thumbprint + '.crt'
pkey_path = waagent.LibDir + '/' + thumbprint + '.prv'
return cert_path, pkey_path
def encrypt_secret_with_cert(cert_path, secret):
encrypted_secret_tmp_file_path = os.path.join(WorkDir, "mdsd_secret.bin")
cmd = "echo -n '{0}' | openssl smime -encrypt -outform DER -out {1} {2}"
cmd_to_run = cmd.format(secret, encrypted_secret_tmp_file_path, cert_path)
ret_status, ret_msg = RunGetOutput(cmd_to_run, should_log=False)
if ret_status is not 0:
hutil.error("Encrypting storage secret failed with the following message: " + ret_msg)
return None
with open(encrypted_secret_tmp_file_path, 'rb') as f:
encrypted_secret = f.read()
os.remove(encrypted_secret_tmp_file_path)
return binascii.b2a_hex(encrypted_secret).upper()
handler_cert_path, handler_pkey_path = get_handler_cert_pkey_paths()
if key:
key = encrypt_secret_with_cert(handler_cert_path, key)
XmlUtil.setXmlValue(tree, 'Accounts/Account', "account", account, ['isDefault', 'true'])
XmlUtil.setXmlValue(tree, 'Accounts/Account', "key", key, ['isDefault', 'true'])
XmlUtil.setXmlValue(tree, 'Accounts/Account', "decryptKeyPath", handler_pkey_path, ['isDefault', 'true'])
XmlUtil.setXmlValue(tree, 'Accounts/Account', "tableEndpoint", endpoint, ['isDefault', 'true'])
XmlUtil.removeElement(tree, 'Accounts', 'SharedAccessSignature')
else: # token
token = encrypt_secret_with_cert(handler_cert_path, token)
XmlUtil.setXmlValue(tree, 'Accounts/SharedAccessSignature', "account", account, ['isDefault', 'true'])
XmlUtil.setXmlValue(tree, 'Accounts/SharedAccessSignature', "key", token, ['isDefault', 'true'])
XmlUtil.setXmlValue(tree, 'Accounts/SharedAccessSignature', "decryptKeyPath", handler_pkey_path,
['isDefault', 'true'])
XmlUtil.setXmlValue(tree, 'Accounts/SharedAccessSignature', "tableEndpoint", endpoint, ['isDefault', 'true'])
XmlUtil.removeElement(tree, 'Accounts', 'Account')
if aikey:
AIUtil.createAccountElement(tree, aikey)
def _update_account_settings(self, account, key, token, endpoint, aikey=None):
"""
Update the MDSD configuration Account element with Azure table storage properties.
Exactly one of (key, token) must be provided. If an aikey is passed, then add a new Account element for Application
Insights with the application insights key.
:param account: Storage account to which LAD should write data
:param key: Shared key secret for the storage account, if present
:param token: SAS token to access the storage account, if present
:param endpoint: Identifies the Azure instance (public or specific sovereign cloud) where the storage account is
:param aikey: Key for accessing AI, if present
"""
assert key or token, "Either key or token must be given."
assert self._mdsd_config_xml_tree is not None
handler_cert_path, handler_pkey_path = self._get_handler_cert_pkey_paths(self._ext_settings.get_handler_settings())
if key:
key = self._encrypt_secret_with_cert(handler_cert_path, key)
XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/Account',
"account", account, ['isDefault', 'true'])
XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/Account',
"key", key, ['isDefault', 'true'])
XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/Account',
"decryptKeyPath", handler_pkey_path, ['isDefault', 'true'])
XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/Account',
"tableEndpoint", endpoint, ['isDefault', 'true'])
XmlUtil.removeElement(self._mdsd_config_xml_tree, 'Accounts', 'SharedAccessSignature')
else: # token
token = self._encrypt_secret_with_cert(handler_cert_path, token)
XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/SharedAccessSignature',
"account", account, ['isDefault', 'true'])
XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/SharedAccessSignature',
"key", token, ['isDefault', 'true'])
XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/SharedAccessSignature',
"decryptKeyPath", handler_pkey_path, ['isDefault', 'true'])
XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/SharedAccessSignature',
"tableEndpoint", endpoint, ['isDefault', 'true'])
XmlUtil.removeElement(self._mdsd_config_xml_tree, 'Accounts', 'Account')
if aikey:
AIUtil.createAccountElement(self._mdsd_config_xml_tree, aikey)
