def encode_vim_auth(self, vim_id, auth):
"""Encode VIM credentials
Store VIM auth using fernet key encryption
"""
fernet_key, fernet_obj = self.kubernetes.create_fernet_key()
if ('password' in auth) and (auth['password'] is not None):
encoded_auth = fernet_obj.encrypt(auth['password'].encode('utf-8'))
auth['password'] = encoded_auth
if 'bearer_token' in auth:
encoded_auth = fernet_obj.encrypt(
auth['bearer_token'].encode('utf-8'))
auth['bearer_token'] = encoded_auth
if auth.get('ssl_ca_cert', ''):
encoded_auth = fernet_obj.encrypt(
auth['ssl_ca_cert'].encode('utf-8'))
auth['ssl_ca_cert'] = encoded_auth
if CONF.k8s_vim.use_barbican:
try:
k_context = t_context.generate_tacker_service_context()
keystone_conf = CONF.keystone_authtoken
keymgr_api = KEYMGR_API(keystone_conf.auth_url)
secret_uuid = keymgr_api.store(k_context, fernet_key)
auth['key_type'] = 'barbican_key'
auth['secret_uuid'] = secret_uuid
LOG.debug('VIM auth successfully stored for vim %s', vim_id)
except Exception as exception:
LOG.warning('VIM key creation failed for vim %s due to %s',
vim_id, exception)
raise
else:
raise nfvo.VimEncryptKeyError(vim_id=vim_id)
def delete_vim_auth(self, context, vim_id, auth):
"""Delete kubernetes vim information
Delete vim key stored in file system
"""
if 'secret_uuid' in auth:
# Delete secret id of barbican
LOG.debug('Attempting to delete key for vim id %s', vim_id)
if auth.get('key_type') == 'barbican_key':
try:
keystone_conf = CONF.keystone_authtoken
secret_uuid = auth['secret_uuid']
keymgr_api = KEYMGR_API(keystone_conf.auth_url)
keymgr_api.delete(context, secret_uuid)
LOG.debug('VIM key deleted successfully for vim %s',
vim_id)
except Exception as exception:
LOG.warning('VIM key deletion failed for vim %s due to %s',
vim_id, exception)
raise
else:
raise nfvo.VimEncryptKeyError(vim_id=vim_id)