def __getitem__(self, name):
"""
- use Python types
- enable lazy failure for unknown configs.
"""
try:
value = super(ConfigDictionary, self).__getitem__(name)
except KeyError:
return UnknownConfiguration(name)
value = ensure_decrypted(value)
if value == "true":
value = True
elif value == "false":
value = False
return value
def generateJceks(self, commandJson):
"""
Generates the JCEKS file with passwords for the service specified in commandJson
:param commandJson: command JSON
:return: An exit value from the external process that generated the JCEKS file. None if
there are no passwords in the JSON.
"""
cmd_result = None
roleCommand = None
if 'roleCommand' in commandJson:
roleCommand = commandJson['roleCommand']
task_id = None
if 'taskId' in commandJson:
task_id = commandJson['taskId']
logger.info(
'Generating the JCEKS file: roleCommand={0} and taskId = {1}'.
format(roleCommand, task_id))
# Set up the variables for the external command to generate a JCEKS file
java_home = commandJson['ambariLevelParams']['java_home']
java_bin = '{java_home}/bin/java'.format(java_home=java_home)
cs_lib_path = self.credential_shell_lib_path
serviceName = commandJson['serviceName']
# Gather the password values and remove them from the configuration
configtype_credentials = self.getConfigTypeCredentials(commandJson)
# CS is enabled but no config property is available for this command
if len(configtype_credentials) == 0:
logger.info(
"Credential store is enabled but no property are found that can be encrypted."
)
commandJson['credentialStoreEnabled'] = "false"
# CS is enabled and config properties are available
else:
commandJson['credentialStoreEnabled'] = "true"
for config_type, credentials in configtype_credentials.items():
config = commandJson['configurations'][config_type]
if 'role' in commandJson and commandJson['role']:
roleName = commandJson['role']
file_path = os.path.join(self.getProviderDirectory(roleName),
"{0}.jceks".format(config_type))
else:
file_path = os.path.join(
self.getProviderDirectory(serviceName),
"{0}.jceks".format(config_type))
if os.path.exists(file_path):
os.remove(file_path)
provider_path = 'jceks://file{file_path}'.format(
file_path=file_path)
logger.info('provider_path={0}'.format(provider_path))
for alias, pwd in credentials.items():
logger.debug("config={0}".format(config))
pwd = ensure_decrypted(pwd, self.encryption_key)
protected_pwd = PasswordString(pwd)
# Generate the JCEKS file
cmd = (java_bin, '-cp', cs_lib_path, self.credential_shell_cmd,
'create', alias, '-value', protected_pwd, '-provider',
provider_path)
logger.info(cmd)
rmf_shell.checked_call(cmd)
os.chmod(
file_path, 0644
) # group and others should have read access so that the service user can read
# Add JCEKS provider path instead
config[self.CREDENTIAL_PROVIDER_PROPERTY_NAME] = provider_path
config[self.CREDENTIAL_STORE_CLASS_PATH_NAME] = cs_lib_path
return cmd_result
def test_attr_to_bitmask(self):
encypted_value = '${enc=aes256_hex, value=616639333036363938646230613262383a3a32313537386561376136326362656436656135626165313664613265316336663a3a6361633666333432653532393863313364393064626133653562353663663235}'
encyption_key = 'i%r041K%1VC!C5 K=('
self.assertEquals('mysecret',
ensure_decrypted(encypted_value, encyption_key))