def test_create_tenant_rabbitmq_password_encrypted(self): self.client.tenants.create('tenant_1') password_encrypted = self._select( "SELECT rabbitmq_password FROM tenants WHERE name='tenant_1'" )[0][0] security_conf = self.read_manager_file(SECURITY_FILE_LOCATION) security_conf = json.loads(security_conf) # Validate the rabbitmq_password is being stored encrypted in the DB decrypt(password_encrypted, security_conf['encryption_key']) assert len(password_encrypted) > 32
def create_tenant_vhost_and_user(self, tenant): """ Create a new RabbitMQ vhost and user, and grant the user permissions on the vhost :param tenant: An SQLAlchemy Tenant object :return: The updated tenant object """ vhost = tenant.rabbitmq_vhost or \ self.VHOST_NAME_PATTERN.format(tenant.name) username = tenant.rabbitmq_username or \ self.USERNAME_PATTERN.format(tenant.name) # The password is being stored encrypted in the DB new_password = AMQPManager._generate_user_password() password = decrypt(tenant.rabbitmq_password) \ if tenant.rabbitmq_password else new_password encrypted_password = tenant.rabbitmq_password or encrypt(new_password) self._client.create_vhost(vhost) self._client.create_user(username, password) self._client.set_vhost_permissions(vhost, username, '.*', '.*', '.*') # Gives configure and write permissions to the specific exchanges of # events, logs and monitoring allowed_resources = '^cloudify-(events|logs|monitoring)$' self._client.set_vhost_permissions('/', username, configure=allowed_resources, write=allowed_resources) tenant.rabbitmq_vhost = vhost tenant.rabbitmq_username = username tenant.rabbitmq_password = encrypted_password return tenant
def _get_tenant_dict(): tenant_dict = utils.current_tenant.to_dict() tenant_dict['rabbitmq_password'] = decrypt( tenant_dict['rabbitmq_password']) for to_remove in ['id', 'users', 'groups']: tenant_dict.pop(to_remove) return tenant_dict
def _encrypt_value(valid_value, valid_encrypt, encrypted, key, secret_errors, secret): if valid_value and valid_encrypt: if encrypted and key: secret['value'] = decrypt(secret['value'], key) elif encrypted and not key: secret_errors['No passphrase'] = 'The secret is encrypted ' \ 'but no passphrase was given'
def _get_tenant_dict(): tenant_dict = utils.current_tenant.to_dict() tenant_dict['rabbitmq_password'] = decrypt( tenant_dict['rabbitmq_password'] ) for to_remove in ['id', 'users', 'groups']: tenant_dict.pop(to_remove) return tenant_dict
def get(self, name): """ Get agent by name """ validate_inputs({'name': name}) agent = get_storage_manager().get(models.Agent, name) agent_dict = agent.to_dict() if agent.rabbitmq_password: agent_dict['rabbitmq_password'] = decrypt(agent.rabbitmq_password) return agent_dict
def get(self, name): """ Get agent by name """ validate_inputs({'name': name}) agent = get_storage_manager().get(models.Agent, name) agent_dict = agent.to_dict() if agent.rabbitmq_password: agent_dict['rabbitmq_password'] = decrypt(agent.rabbitmq_password) return agent_dict
def _create_rabbitmq_user(self, resource): username = resource.rabbitmq_username or \ USERNAME_PATTERN.format(resource.name) # The password is being stored encrypted in the DB new_password = generate_user_password() password = decrypt(resource.rabbitmq_password) \ if resource.rabbitmq_password else new_password encrypted_password = resource.rabbitmq_password or \ encrypt(new_password) self._client.create_user(username, password) return username, encrypted_password
def get(self, key): """ Get secret by key """ rest_utils.validate_inputs({'key': key}) secret = get_storage_manager().get(models.Secret, key) secret_dict = secret.to_dict() if secret_dict['is_hidden_value'] and not \ self._is_hidden_value_permitted(secret): # Hide the value of the secret secret_dict['value'] = '' else: # Returns the decrypted value secret_dict['value'] = decrypt(secret.value) return secret_dict
def get(self, key): """ Get secret by key """ rest_utils.validate_inputs({'key': key}) secret = get_storage_manager().get(models.Secret, key) secret_dict = secret.to_dict() if secret_dict['is_hidden_value'] and not \ self._is_hidden_value_permitted(secret): # Hide the value of the secret secret_dict['value'] = '' else: # Returns the decrypted value secret_dict['value'] = decrypt(secret.value) return secret_dict
def _create_export_response(self, secrets, password): secrets_list = [] for secret in secrets.items: if secret.is_hidden_value and not \ rest_utils.is_hidden_value_permitted(secret): continue new_secret = {'key': secret.key, 'value': decrypt(secret.value), 'visibility': secret.visibility, 'tenant_name': secret.tenant_name, 'is_hidden_value': secret.is_hidden_value, 'encrypted': False} secrets_list.append(new_secret) if password: self._encrypt_values(secrets_list, password) return secrets_list
def get(self, tenant_name, multi_tenancy=None): """Get details for a single tenant On community, only getting the default tenant is allowed. """ if multi_tenancy: rest_utils.validate_inputs({'tenant_name': tenant_name}) return multi_tenancy.get_tenant(tenant_name) else: if tenant_name != constants.DEFAULT_TENANT_NAME: raise MissingPremiumPackage() tenant = get_storage_manager().get(models.Tenant, None, filters={'name': tenant_name}) if is_user_action_allowed('tenant_rabbitmq_credentials', tenant_name): tenant.rabbitmq_password = decrypt(tenant.rabbitmq_password) else: tenant.rabbitmq_username = None tenant.rabbitmq_password = None tenant.rabbitmq_vhost = None return tenant
def get_secret_method(secret_key): sm = get_storage_manager() secret = sm.get(Secret, secret_key) decrypted_value = cryptography_utils.decrypt(secret.value) return SecretType(secret_key, decrypted_value)
def _decrypt_value(secret, encryption_key, secret_errors): if encryption_key: secret['value'] = decrypt(secret['value'], encryption_key) else: secret_errors['No passphrase'] = 'The secret is encrypted ' \ 'but no passphrase was given'
def get_secret(secret_key): secret = storage_manager.get(Secret, secret_key) decrypted_value = cryptography_utils.decrypt(secret.value) return SecretType(secret_key, decrypted_value)
def get_secret(secret_key): secret = storage_manager.get(Secret, secret_key) decrypted_value = cryptography_utils.decrypt(secret.value) return SecretType(secret_key, decrypted_value)
def get_secret(self, secret_key): secret = self.sm.get(Secret, secret_key) decrypted_value = cryptography_utils.decrypt(secret.value) return SecretType(secret_key, decrypted_value)