def _get_credentials_dict(self, bnp_switch, func_name): if not bnp_switch: self._raise_ml2_error(wexc.HTTPNotFound, func_name) db_context = neutron_context.get_admin_context() creds_dict = {} creds_dict["ip_address"] = bnp_switch.ip_address prov_creds = bnp_switch.credentials prov_protocol = bnp_switch.management_protocol if hp_const.PROTOCOL_SNMP in prov_protocol: if not uuidutils.is_uuid_like(prov_creds): snmp_cred = db.get_snmp_cred_by_name(db_context, prov_creds) snmp_cred = snmp_cred[0] else: snmp_cred = db.get_snmp_cred_by_id(db_context, prov_creds) if not snmp_cred: LOG.error(_LE("Credentials does not match")) self._raise_ml2_error(wexc.HTTPNotFound, "") creds_dict["write_community"] = snmp_cred.write_community creds_dict["security_name"] = snmp_cred.security_name creds_dict["security_level"] = snmp_cred.security_level creds_dict["auth_protocol"] = snmp_cred.auth_protocol creds_dict["management_protocol"] = prov_protocol creds_dict["auth_key"] = snmp_cred.auth_key creds_dict["priv_protocol"] = snmp_cred.priv_protocol creds_dict["priv_key"] = snmp_cred.priv_key else: if not uuidutils.is_uuid_like(prov_creds): netconf_cred = db.get_netconf_cred_by_name(db_context, prov_creds) if netconf_cred.get("password"): password = credential_manager.retrieve_secret(netconf_cred["password"]) netconf_cred["password"] = password else: netconf_cred = db.get_netconf_cred_by_id(db_context, prov_creds) if netconf_cred.get("password"): password = credential_manager.retrieve_secret(netconf_cred["password"]) netconf_cred["password"] = password if not netconf_cred: LOG.error(_LE("Credentials does not match")) self._raise_ml2_error(wexc.HTTPNotFound, "") creds_dict["user_name"] = netconf_cred.write_community creds_dict["password"] = netconf_cred.security_name creds_dict["key_path"] = netconf_cred.security_level return creds_dict
def test_update_credential_netconf_soap_only_name(self): credential = self._test_create_credential_for_netconf( self.netconf_soap_data) credential_id = credential["bnp_credential"]["id"] update_data = {"bnp_credential": {"name": "NewCredName"}} updated_dict = self._test_update_credential(update_data, credential_id) updated_dict['password'] = credential_manager.retrieve_secret( updated_dict['password']) expected_dict = {"id": credential_id, "protocol_type": "netconf_soap", "user_name": "FakeUserName", "password": "******", "key_path": None, "name": "NewCredName"} self.assertDictEqual(updated_dict, expected_dict)
def test_update_credential_netconf_ssh(self): credential = self._test_create_credential_for_netconf( self.netconf_ssh_data) credential_id = credential["bnp_credential"]["id"] update_data = {"bnp_credential": {"netconf_ssh": {"user_name": "NewFakeUserName", "password": "******", "key_path": ("/home/" "faked" "ir/key" "1.rsa") }, "name": "NewCredName"}} updated_dict = self._test_update_credential_for_netconf_ssh( update_data, credential_id) updated_dict['password'] = credential_manager.retrieve_secret( updated_dict['password']) expected_dict = {"id": credential_id, "protocol_type": "netconf_ssh", "user_name": "NewFakeUserName", "password": "******", "key_path": "/home/fakedir/key1.rsa", "name": "NewCredName"} self.assertDictEqual(updated_dict, expected_dict)
def update(self, request, id, **kwargs): context = request.context self._check_admin(context) body = validators.validate_request(request) protocol = validators.validate_access_parameters_for_update(body) key_list = ['name', 'snmpv1', 'snmpv2c', 'snmpv3', 'netconf_ssh', 'netconf_soap'] keys = body.keys() validators.validate_attributes(keys, key_list) if not uuidutils.is_uuid_like(id): raise webob.exc.HTTPBadRequest( _("Invalid Id")) if not protocol: switch_creds = db.get_snmp_cred_by_id(context, id) if switch_creds: switch_creds_dict = self._update_dict(body, dict(switch_creds)) db.update_bnp_snmp_cred_by_id(context, id, switch_creds_dict) return switch_creds_dict switch_creds = db.get_netconf_cred_by_id(context, id) if switch_creds: if switch_creds.get('password'): password = credential_manager.retrieve_secret( switch_creds['password']) credential_manager.delete_secret(switch_creds['password']) switch_creds['password'] = password switch_creds_dict = self._update_dict(body, dict(switch_creds)) if switch_creds_dict.get('password'): password = credential_manager.create_secret( switch_creds_dict['password']) switch_creds_dict['password'] = password db.update_bnp_netconf_cred_by_id( context, id, switch_creds_dict) return switch_creds_dict raise webob.exc.HTTPNotFound( _("Credential with id=%s does not exist") % id) elif protocol in [const.SNMP_V1, const.SNMP_V2C]: switch_creds = db.get_snmp_cred_by_id(context, id) if not switch_creds: raise webob.exc.HTTPNotFound( _("Credential with id=%s does not exist") % id) self.check_creds_proto_type(switch_creds, id, protocol) params = body.pop(protocol) for key, value in params.iteritems(): body[key] = value creds_dict = self._update_dict(body, dict(switch_creds)) db.update_bnp_snmp_cred_by_id(context, id, creds_dict) return creds_dict elif protocol == const.SNMP_V3: switch_creds = db.get_snmp_cred_by_id(context, id) if not switch_creds: raise webob.exc.HTTPNotFound( _("Credential with id=%s does not exist") % id) self.check_creds_proto_type(switch_creds, id, protocol) params = body.pop(protocol) if ('auth_protocol' in params.keys()) ^ ( 'auth_key' in params.keys()): if (not switch_creds['auth_protocol']) and ( not switch_creds['auth_key']): raise webob.exc.HTTPBadRequest( _("auth_protocol and auth_key values does not exist," " so both has to be provided")) if ('priv_protocol' in params.keys()) ^ ('priv_key' in params.keys()): if (not switch_creds['priv_protocol']) and ( not switch_creds['priv_key']): raise webob.exc.HTTPBadRequest( _("priv_protocol and priv_key values does not exist," " so both has to be provided")) for key, value in params.iteritems(): body[key] = value creds_dict = self._update_dict(body, dict(switch_creds)) db.update_bnp_snmp_cred_by_id(context, id, creds_dict) return creds_dict elif protocol == const.NETCONF_SOAP: switch_creds = db.get_netconf_cred_by_id(context, id) if not switch_creds: raise webob.exc.HTTPNotFound( _("Credential with id=%s does not exist") % id) self.check_creds_proto_type(switch_creds, id, protocol) params = body.pop(protocol) for key, value in params.iteritems(): body[key] = value if switch_creds.get('password'): password = credential_manager.retrieve_secret( switch_creds['password']) credential_manager.delete_secret(switch_creds['password']) switch_creds['password'] = password creds_dict = self._update_dict(body, dict(switch_creds)) if creds_dict.get('password'): creds_dict['password'] = credential_manager.create_secret( creds_dict['password']) db.update_bnp_netconf_cred_by_id(context, id, creds_dict) return creds_dict elif protocol == const.NETCONF_SSH: switch_creds = db.get_netconf_cred_by_id(context, id) if not switch_creds: raise webob.exc.HTTPNotFound( _("Credential with id=%s does not exist") % id) self.check_creds_proto_type(switch_creds, id, protocol) params = body.pop(protocol) if ('user_name' in params.keys()) ^ ('password' in params.keys()): if (not switch_creds['user_name']) and ( not switch_creds['password']): raise webob.exc.HTTPBadRequest( _("user_name and password values does not exist, so" " both has to be provided")) for key, value in params.iteritems(): body[key] = value if switch_creds.get('password'): password = credential_manager.retrieve_secret( switch_creds['password']) credential_manager.delete_secret(switch_creds['password']) switch_creds['password'] = password creds_dict = self._update_dict(body, dict(switch_creds)) if creds_dict.get('password'): creds_dict['password'] = credential_manager.create_secret( creds_dict['password']) db.update_bnp_netconf_cred_by_id(context, id, creds_dict) return creds_dict