def _update_account_settings(self, account, token, endpoints): """ Update the MDSD configuration Account element with Azure table storage properties. Exactly one of (key, token) must be provided. :param account: Storage account to which LAD should write data :param token: SAS token to access the storage account :param endpoints: Identifies the Azure storage endpoints (public or specific sovereign cloud) where the storage account is """ assert token, "Token must be given." assert self._mdsd_config_xml_tree is not None token = self._encrypt_secret_with_cert(token) assert token, "Could not encrypt token" XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/SharedAccessSignature', "account", account, ['isDefault', 'true']) XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/SharedAccessSignature', "key", token, ['isDefault', 'true']) XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/SharedAccessSignature', "decryptKeyPath", self._pkey_path, ['isDefault', 'true']) XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/SharedAccessSignature', "tableEndpoint", endpoints[0], ['isDefault', 'true']) XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/SharedAccessSignature', "blobEndpoint", endpoints[1], ['isDefault', 'true']) XmlUtil.removeElement(self._mdsd_config_xml_tree, 'Accounts', 'Account')
def createAccountSettings(tree, account, key, token, endpoint, aikey=None): """ Update the MDSD configuration Account element with Azure table storage properties. Exactly one of (key, token) must be provided. If an aikey is passed, then add a new Account element for Application Insights with the application insights key. :param tree: The XML doc to be updated. :param account: Storage account to which LAD should write data :param key: Shared key secret for the storage account, if present :param token: SAS token to access the storage account, if present :param endpoint: Identifies the Azure instance (public or specific sovereign cloud) where the storage account is :param aikey: Key for accessing AI, if present """ assert key or token, "Either key or token must be given." def get_handler_cert_pkey_paths(): handler_settings = hutil.get_handler_settings() thumbprint = handler_settings['protectedSettingsCertThumbprint'] cert_path = waagent.LibDir + '/' + thumbprint + '.crt' pkey_path = waagent.LibDir + '/' + thumbprint + '.prv' return cert_path, pkey_path def encrypt_secret_with_cert(cert_path, secret): encrypted_secret_tmp_file_path = os.path.join(WorkDir, "mdsd_secret.bin") cmd = "echo -n '{0}' | openssl smime -encrypt -outform DER -out {1} {2}" cmd_to_run = cmd.format(secret, encrypted_secret_tmp_file_path, cert_path) ret_status, ret_msg = RunGetOutput(cmd_to_run, should_log=False) if ret_status is not 0: hutil.error("Encrypting storage secret failed with the following message: " + ret_msg) return None with open(encrypted_secret_tmp_file_path, 'rb') as f: encrypted_secret = f.read() os.remove(encrypted_secret_tmp_file_path) return binascii.b2a_hex(encrypted_secret).upper() handler_cert_path, handler_pkey_path = get_handler_cert_pkey_paths() if key: key = encrypt_secret_with_cert(handler_cert_path, key) XmlUtil.setXmlValue(tree, 'Accounts/Account', "account", account, ['isDefault', 'true']) XmlUtil.setXmlValue(tree, 'Accounts/Account', "key", key, ['isDefault', 'true']) XmlUtil.setXmlValue(tree, 'Accounts/Account', "decryptKeyPath", handler_pkey_path, ['isDefault', 'true']) XmlUtil.setXmlValue(tree, 'Accounts/Account', "tableEndpoint", endpoint, ['isDefault', 'true']) XmlUtil.removeElement(tree, 'Accounts', 'SharedAccessSignature') else: # token token = encrypt_secret_with_cert(handler_cert_path, token) XmlUtil.setXmlValue(tree, 'Accounts/SharedAccessSignature', "account", account, ['isDefault', 'true']) XmlUtil.setXmlValue(tree, 'Accounts/SharedAccessSignature', "key", token, ['isDefault', 'true']) XmlUtil.setXmlValue(tree, 'Accounts/SharedAccessSignature', "decryptKeyPath", handler_pkey_path, ['isDefault', 'true']) XmlUtil.setXmlValue(tree, 'Accounts/SharedAccessSignature', "tableEndpoint", endpoint, ['isDefault', 'true']) XmlUtil.removeElement(tree, 'Accounts', 'Account') if aikey: AIUtil.createAccountElement(tree, aikey)
def _update_account_settings(self, account, key, token, endpoint, aikey=None): """ Update the MDSD configuration Account element with Azure table storage properties. Exactly one of (key, token) must be provided. If an aikey is passed, then add a new Account element for Application Insights with the application insights key. :param account: Storage account to which LAD should write data :param key: Shared key secret for the storage account, if present :param token: SAS token to access the storage account, if present :param endpoint: Identifies the Azure instance (public or specific sovereign cloud) where the storage account is :param aikey: Key for accessing AI, if present """ assert key or token, "Either key or token must be given." assert self._mdsd_config_xml_tree is not None handler_cert_path, handler_pkey_path = self._get_handler_cert_pkey_paths(self._ext_settings.get_handler_settings()) if key: key = self._encrypt_secret_with_cert(handler_cert_path, key) XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/Account', "account", account, ['isDefault', 'true']) XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/Account', "key", key, ['isDefault', 'true']) XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/Account', "decryptKeyPath", handler_pkey_path, ['isDefault', 'true']) XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/Account', "tableEndpoint", endpoint, ['isDefault', 'true']) XmlUtil.removeElement(self._mdsd_config_xml_tree, 'Accounts', 'SharedAccessSignature') else: # token token = self._encrypt_secret_with_cert(handler_cert_path, token) XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/SharedAccessSignature', "account", account, ['isDefault', 'true']) XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/SharedAccessSignature', "key", token, ['isDefault', 'true']) XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/SharedAccessSignature', "decryptKeyPath", handler_pkey_path, ['isDefault', 'true']) XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/SharedAccessSignature', "tableEndpoint", endpoint, ['isDefault', 'true']) XmlUtil.removeElement(self._mdsd_config_xml_tree, 'Accounts', 'Account') if aikey: AIUtil.createAccountElement(self._mdsd_config_xml_tree, aikey)
def _update_account_settings(self, account, token, endpoint): """ Update the MDSD configuration Account element with Azure table storage properties. Exactly one of (key, token) must be provided. :param account: Storage account to which LAD should write data :param token: SAS token to access the storage account :param endpoint: Identifies the Azure instance (public or specific sovereign cloud) where the storage account is """ assert token, "Token must be given." assert self._mdsd_config_xml_tree is not None token = self._encrypt_secret_with_cert(token) assert token, "Could not encrypt token" XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/SharedAccessSignature', "account", account, ['isDefault', 'true']) XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/SharedAccessSignature', "key", token, ['isDefault', 'true']) XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/SharedAccessSignature', "decryptKeyPath", self._pkey_path, ['isDefault', 'true']) XmlUtil.setXmlValue(self._mdsd_config_xml_tree, 'Accounts/SharedAccessSignature', "tableEndpoint", endpoint, ['isDefault', 'true']) XmlUtil.removeElement(self._mdsd_config_xml_tree, 'Accounts', 'Account')