Esempio n. 1
0
    def job_binary_update(self, context, id, values):
        """Update a JobBinary from the values dictionary."""

        values = copy.deepcopy(values)
        values['id'] = id
        # in cases where the credentials to access the job binary are
        # stored with the record and the external key manager is being
        # used, we need to delete the old key from the manager and
        # create a new one. the other option here would be to retrieve
        # the previous key and check to see if it has changed, but it
        # seems less expensive to just delete the old and create a new
        # one.
        if CONF.use_barbican_key_manager:
            # first we retrieve the original record to get the old key
            # uuid, and delete it.
            # next we create the new key.
            jb_record = self.job_binary_get(context, id)
            if not CONF.use_domain_for_proxy_users:
                if (jb_record.get('extra') and
                        jb_record['extra'].get('password')):
                    key_manager.delete_secret(jb_record['extra']['password'],
                                              context)
                if values.get('extra') and values['extra'].get('password'):
                    values['extra']['password'] = key_manager.store_secret(
                        values['extra']['password'], context)
            if jb_record.get('extra') and jb_record['extra'].get('secretkey'):
                key_manager.delete_secret(jb_record['extra']['secretkey'],
                                          context)
            if values.get('extra') and values['extra'].get('secretkey'):
                values['extra']['secretkey'] = key_manager.store_secret(
                    values['extra']['secretkey'], context)
        return self.db.job_binary_update(context, values)
Esempio n. 2
0
    def job_binary_update(self, context, id, values):
        """Update a JobBinary from the values dictionary."""

        values = copy.deepcopy(values)
        values['id'] = id
        # in cases where the credentials to access the job binary are
        # stored with the record and the external key manager is being
        # used, we need to delete the old key from the manager and
        # create a new one. the other option here would be to retrieve
        # the previous key and check to see if it has changed, but it
        # seems less expensive to just delete the old and create a new
        # one.
        if CONF.use_barbican_key_manager:
            # first we retrieve the original record to get the old key
            # uuid, and delete it.
            # next we create the new key.
            jb_record = self.job_binary_get(context, id)
            if not CONF.use_domain_for_proxy_users:
                if (jb_record.get('extra')
                        and jb_record['extra'].get('password')):
                    key_manager.delete_secret(jb_record['extra']['password'],
                                              context)
                if values.get('extra') and values['extra'].get('password'):
                    values['extra']['password'] = key_manager.store_secret(
                        values['extra']['password'], context)
            if jb_record.get('extra') and jb_record['extra'].get('secretkey'):
                key_manager.delete_secret(jb_record['extra']['secretkey'],
                                          context)
            if values.get('extra') and values['extra'].get('secretkey'):
                values['extra']['secretkey'] = key_manager.store_secret(
                    values['extra']['secretkey'], context)
        return self.db.job_binary_update(context, values)
Esempio n. 3
0
    def job_binary_create(self, context, values):
        """Create a JobBinary from the values dictionary."""

        values = copy.deepcopy(values)
        values = _apply_defaults(values, JOB_BINARY_DEFAULTS)
        values['tenant_id'] = context.tenant_id
        # if credentials are being passed in, we use the key_manager
        # to store the password.
        if values.get('extra') and values['extra'].get('password'):
            values['extra']['password'] = key_manager.store_secret(
                values['extra']['password'], context)
        if values.get('extra') and values['extra'].get('secretkey'):
            values['extra']['secretkey'] = key_manager.store_secret(
                values['extra']['secretkey'], context)
        return self.db.job_binary_create(context, values)
Esempio n. 4
0
    def job_binary_create(self, context, values):
        """Create a JobBinary from the values dictionary."""

        values = copy.deepcopy(values)
        values = _apply_defaults(values, JOB_BINARY_DEFAULTS)
        values['tenant_id'] = context.tenant_id
        # if credentials are being passed in, we use the key_manager
        # to store the password.
        if values.get('extra') and values['extra'].get('password'):
            values['extra']['password'] = key_manager.store_secret(
                values['extra']['password'], context)
        if values.get('extra') and values['extra'].get('secretkey'):
            values['extra']['secretkey'] = key_manager.store_secret(
                values['extra']['secretkey'], context)
        return self.db.job_binary_create(context, values)
Esempio n. 5
0
    def data_source_update(self, context, id, values):
        """Update the Data Source or raise if it does not exist."""

        values = copy.deepcopy(values)
        values["id"] = id
        # in cases where the credentials to access the data source are
        # stored with the record and the external key manager is being
        # used, we need to delete the old key from the manager and
        # create a new one. the other option here would be to retrieve
        # the previous key and check to see if it has changed, but it
        # seems less expensive to just delete the old and create a new
        # one.
        # it should be noted that the jsonschema validation ensures that
        # if the proxy domain is not in use then credentials must be
        # sent with this record.
        if (CONF.use_barbican_key_manager and not
                CONF.use_domain_for_proxy_users):
            # first we retrieve the original record to get the old key
            # uuid, and delete it.
            ds_record = self.data_source_get(context, id)
            if (ds_record.get('credentials') and
                    ds_record['credentials'].get('password')):
                key_manager.delete_secret(
                    ds_record['credentials']['password'], context)
            # next we create the new key.
            if (values.get('credentials') and
                    values['credentials'].get('password')):
                values['credentials']['password'] = key_manager.store_secret(
                    values['credentials']['password'], context)
        return self.db.data_source_update(context, values)
Esempio n. 6
0
    def data_source_create(self, context, values):
        """Create a Data Source from the values dictionary."""

        values = copy.deepcopy(values)
        values = _apply_defaults(values, DATA_SOURCE_DEFAULTS)
        values['tenant_id'] = context.tenant_id
        # if credentials are being passed in, we use the key_manager
        # to store the password.
        if (values.get('credentials') and
                values['credentials'].get('password')):
            values['credentials']['password'] = key_manager.store_secret(
                values['credentials']['password'], context)
        if (values.get('credentials') and
                values['credentials'].get('secretkey')):
            values['credentials']['secretkey'] = key_manager.store_secret(
                values['credentials']['secretkey'], context)
        return self.db.data_source_create(context, values)
Esempio n. 7
0
    def data_source_create(self, context, values):
        """Create a Data Source from the values dictionary."""

        values = copy.deepcopy(values)
        values = _apply_defaults(values, DATA_SOURCE_DEFAULTS)
        values['tenant_id'] = context.tenant_id
        # if credentials are being passed in, we use the key_manager
        # to store the password.
        if (values.get('credentials')
                and values['credentials'].get('password')):
            values['credentials']['password'] = key_manager.store_secret(
                values['credentials']['password'], context)
        if (values.get('credentials')
                and values['credentials'].get('secretkey')):
            values['credentials']['secretkey'] = key_manager.store_secret(
                values['credentials']['secretkey'], context)
        return self.db.data_source_create(context, values)
Esempio n. 8
0
def get_server_password(cluster):
    if using_existing_kdc(cluster):
        return get_admin_password(cluster)
    ctx = context.ctx()
    cluster = conductor.cluster_get(ctx, cluster)
    extra = cluster.extra.to_dict() if cluster.extra else {}
    passwd_key = 'admin-passwd-kdc'
    if passwd_key not in extra:
        passwd = _get_short_uuid()
        key_id = key_manager.store_secret(passwd, ctx)
        extra[passwd_key] = key_id
        cluster = conductor.cluster_update(ctx, cluster, {'extra': extra})
    passwd = key_manager.get_secret(extra.get(passwd_key), ctx)
    return passwd
Esempio n. 9
0
def get_server_password(cluster):
    if using_existing_kdc(cluster):
        return get_admin_password(cluster)
    ctx = context.ctx()
    cluster = conductor.cluster_get(ctx, cluster)
    extra = cluster.extra.to_dict() if cluster.extra else {}
    passwd_key = 'admin-passwd-kdc'
    if passwd_key not in extra:
        passwd = _get_short_uuid()
        key_id = key_manager.store_secret(passwd, ctx)
        extra[passwd_key] = key_id
        cluster = conductor.cluster_update(ctx, cluster, {'extra': extra})
    passwd = key_manager.get_secret(extra.get(passwd_key), ctx)
    return passwd
Esempio n. 10
0
def create_proxy_user_for_job_execution(job_execution):
    '''Creates a proxy user and adds the credentials to the job execution

    :param job_execution: The job execution model to update

    '''
    username = '******'.format(job_execution.id)
    password = key_manager.store_secret(proxy_user_create(username))
    current_user = k.auth()
    proxy_user = k.auth_for_proxy(username, password)
    trust_id = t.create_trust(trustor=current_user,
                              trustee=proxy_user,
                              role_names=CONF.proxy_user_role_names)
    update = {'job_configs': job_execution.job_configs.to_dict()}
    update['job_configs']['proxy_configs'] = {
        'proxy_username': username,
        'proxy_password': password,
        'proxy_trust_id': trust_id
        }
    conductor.job_execution_update(context.ctx(), job_execution, update)
Esempio n. 11
0
def create_proxy_user_for_job_execution(job_execution):
    '''Creates a proxy user and adds the credentials to the job execution

    :param job_execution: The job execution model to update

    '''
    username = '******'.format(job_execution.id)
    password = key_manager.store_secret(proxy_user_create(username))
    current_user = k.auth()
    proxy_user = k.auth_for_proxy(username, password)
    trust_id = t.create_trust(trustor=current_user,
                              trustee=proxy_user,
                              role_names=CONF.proxy_user_role_names)
    update = {'job_configs': job_execution.job_configs.to_dict()}
    update['job_configs']['proxy_configs'] = {
        'proxy_username': username,
        'proxy_password': password,
        'proxy_trust_id': trust_id
    }
    conductor.job_execution_update(context.ctx(), job_execution, update)
Esempio n. 12
0
def get_password(cluster, pw_name):
    """return a password for the named entry

    This function will return, or create and return, a password for the
    named entry. It will store the password in the key manager and use
    the ID in the database entry.

    :param cluster: The cluster record containing the password
    :param pw_name: The entry name associated with the password
    :returns: The cleartext password
    """
    ctx = context.ctx()
    cluster = conductor.cluster_get(ctx, cluster.id)
    passwd = cluster.extra.get(pw_name) if cluster.extra else None
    if passwd:
        return key_manager.get_secret(passwd, ctx)

    passwd = six.text_type(uuid.uuid4())
    extra = cluster.extra.to_dict() if cluster.extra else {}
    extra[pw_name] = key_manager.store_secret(passwd, ctx)
    cluster = conductor.cluster_update(ctx, cluster, {'extra': extra})
    return passwd
Esempio n. 13
0
def create_proxy_user_for_cluster(cluster):
    '''Creates a proxy user and adds the credentials to the cluster

    :param cluster: The cluster model to update

    '''
    if cluster.cluster_configs.get('proxy_configs'):
        return cluster
    username = '******'.format(cluster.id)
    password = key_manager.store_secret(proxy_user_create(username))
    current_user = k.auth()
    proxy_user = k.auth_for_proxy(username, password)
    trust_id = t.create_trust(trustor=current_user,
                              trustee=proxy_user,
                              role_names=CONF.proxy_user_role_names)
    update = {'cluster_configs': cluster.cluster_configs.to_dict()}
    update['cluster_configs']['proxy_configs'] = {
        'proxy_username': username,
        'proxy_password': password,
        'proxy_trust_id': trust_id
    }
    return conductor.cluster_update(context.ctx(), cluster, update)
Esempio n. 14
0
def get_password(cluster, pw_name):
    """return a password for the named entry

    This function will return, or create and return, a password for the
    named entry. It will store the password in the key manager and use
    the ID in the database entry.

    :param cluster: The cluster record containing the password
    :param pw_name: The entry name associated with the password
    :returns: The cleartext password
    """
    ctx = context.ctx()
    cluster = conductor.cluster_get(ctx, cluster.id)
    passwd = cluster.extra.get(pw_name) if cluster.extra else None
    if passwd:
        return key_manager.get_secret(passwd, ctx)

    passwd = six.text_type(uuid.uuid4())
    extra = cluster.extra.to_dict() if cluster.extra else {}
    extra[pw_name] = key_manager.store_secret(passwd, ctx)
    cluster = conductor.cluster_update(ctx, cluster, {'extra': extra})
    return passwd
Esempio n. 15
0
def create_proxy_user_for_cluster(cluster):
    '''Creates a proxy user and adds the credentials to the cluster

    :param cluster: The cluster model to update

    '''
    if cluster.cluster_configs.get('proxy_configs'):
        return cluster
    username = '******'.format(cluster.id)
    password = key_manager.store_secret(proxy_user_create(username))
    current_user = k.auth()
    proxy_user = k.auth_for_proxy(username, password)
    trust_id = t.create_trust(trustor=current_user,
                              trustee=proxy_user,
                              role_names=CONF.proxy_user_role_names)
    update = {'cluster_configs': cluster.cluster_configs.to_dict()}
    update['cluster_configs']['proxy_configs'] = {
        'proxy_username': username,
        'proxy_password': password,
        'proxy_trust_id': trust_id
        }
    return conductor.cluster_update(context.ctx(), cluster, update)
Esempio n. 16
0
def generate_random_password():
    password = six.text_type(uuid.uuid4())
    return castellan.store_secret(password)
Esempio n. 17
0
def store_secret(secret, ctx=None, **kwargs):
    return castellan_utils.store_secret(secret)
Esempio n. 18
0
def generate_random_password():
    password = uuidutils.generate_uuid()
    return castellan.store_secret(password)
Esempio n. 19
0
def store_secret(secret, ctx=None, **kwargs):
    return castellan_utils.store_secret(secret)