コード例 #1
0
def _get_tenant_dict():
    tenant_dict = utils.current_tenant.to_dict()
    tenant_dict['rabbitmq_password'] = decrypt(
        tenant_dict['rabbitmq_password'])
    for to_remove in ['id', 'users', 'groups']:
        tenant_dict.pop(to_remove)
    return tenant_dict
コード例 #2
0
    def create_tenant_vhost_and_user(self, tenant):
        """
        Create a new RabbitMQ vhost and user, and grant the user permissions
        on the vhost
        :param tenant: An SQLAlchemy Tenant object
        :return: The updated tenant object
        """
        vhost = tenant.rabbitmq_vhost or \
            self.VHOST_NAME_PATTERN.format(tenant.name)
        username = tenant.rabbitmq_username or \
            self.USERNAME_PATTERN.format(tenant.name)

        # The password is being stored encrypted in the DB
        new_password = AMQPManager._generate_user_password()
        password = decrypt(tenant.rabbitmq_password) \
            if tenant.rabbitmq_password else new_password
        encrypted_password = tenant.rabbitmq_password or encrypt(new_password)

        self._client.create_vhost(vhost)
        self._client.create_user(username, password)
        self._client.set_vhost_permissions(vhost, username, '.*', '.*', '.*')

        # TODO: Maybe won't be necessary in the future
        self._client.set_vhost_permissions('/', username, '.*', '.*', '.*')

        tenant.rabbitmq_vhost = vhost
        tenant.rabbitmq_username = username
        tenant.rabbitmq_password = encrypted_password

        return tenant
コード例 #3
0
    def create_tenant_vhost_and_user(self, tenant):
        """
        Create a new RabbitMQ vhost and user, and grant the user permissions
        on the vhost
        :param tenant: An SQLAlchemy Tenant object
        :return: The updated tenant object
        """
        vhost = tenant.rabbitmq_vhost or \
            self.VHOST_NAME_PATTERN.format(tenant.name)
        username = tenant.rabbitmq_username or \
            self.USERNAME_PATTERN.format(tenant.name)

        # The password is being stored encrypted in the DB
        new_password = AMQPManager._generate_user_password()
        password = decrypt(tenant.rabbitmq_password) \
            if tenant.rabbitmq_password else new_password
        encrypted_password = tenant.rabbitmq_password or encrypt(new_password)

        self._client.create_vhost(vhost)
        self._client.create_user(username, password)
        self._client.set_vhost_permissions(vhost, username, '.*', '.*', '.*')

        # Gives configure and write permissions to the specific exchanges of
        # events, logs and monitoring
        allowed_resources = '^cloudify-(events|logs|monitoring)$'
        self._client.set_vhost_permissions('/',
                                           username,
                                           configure=allowed_resources,
                                           write=allowed_resources)
        tenant.rabbitmq_vhost = vhost
        tenant.rabbitmq_username = username
        tenant.rabbitmq_password = encrypted_password

        return tenant
コード例 #4
0
 def get(self, key):
     """
     Get secret by key
     """
     rest_utils.validate_inputs({'key': key})
     secret = get_storage_manager().get(models.Secret, key)
     secret_dict = secret.to_dict()
     if secret_dict['is_hidden_value'] and not \
             self._is_hidden_value_permitted(secret):
         # Hide the value of the secret
         secret_dict['value'] = ''
     else:
         # Returns the decrypted value
         secret_dict['value'] = decrypt(secret.value)
     return secret_dict
コード例 #5
0
ファイル: secrets.py プロジェクト: vbohinc/cloudify-manager
 def get(self, key):
     """
     Get secret by key
     """
     rest_utils.validate_inputs({'key': key})
     secret = get_storage_manager().get(models.Secret, key)
     secret_dict = secret.to_dict()
     if secret_dict['is_hidden_value'] and not \
             self._is_value_permitted(secret_dict['created_by']):
         # Hide the value of the secret
         secret_dict['value'] = ''
     else:
         # Returns the decrypted value
         encryption_key = config.instance.security_encryption_key
         secret_dict['value'] = cryptography_utils.decrypt(
             encryption_key, secret.value)
     return secret_dict
コード例 #6
0
 def get_secret(secret_key):
     secret = storage_manager.get(Secret, secret_key)
     decrypted_value = cryptography_utils.decrypt(secret.value)
     return SecretType(secret_key, decrypted_value)
コード例 #7
0
 def get_secret(secret_key):
     secret = storage_manager.get(Secret, secret_key)
     encryption_key = config.instance.security_encryption_key
     decrypted_value = cryptography_utils.decrypt(encryption_key,
                                                  secret.value)
     return SecretType(secret_key, decrypted_value)