class EncryptionConfig(object): def __init__(self, encryption_environment,logger): self.encryptionEnvironment = encryption_environment self.passphrase_file_name = None self.bek_filesystem = None self.volume_type = None self.secret_id = None self.encryption_config = ConfigUtil(encryption_environment.encryption_config_file_path,'azure_crypt_config',logger) def config_file_exists(self): return self.encryption_config.config_file_exists() def get_bek_filename(self): return self.encryption_config.get_config(CommonVariables.PassphraseFileNameKey) def get_bek_filesystem(self): return self.encryption_config.get_config(CommonVariables.BekVolumeFileSystemKey) def get_secret_id(self): return self.encryption_config.get_config(CommonVariables.SecretUriKey) def commit(self): key_value_pairs = [] command = ConfigKeyValuePair(CommonVariables.PassphraseFileNameKey,self.passphrase_file_name) key_value_pairs.append(command) bek_file_system = ConfigKeyValuePair(CommonVariables.BekVolumeFileSystemKey,CommonVariables.BekVolumeFileSystem) key_value_pairs.append(bek_file_system) parameters = ConfigKeyValuePair(CommonVariables.SecretUriKey,self.secret_id) key_value_pairs.append(parameters) self.encryption_config.save_configs(key_value_pairs)
class EncryptionConfig(object): def __init__(self, encryption_environment, logger): self.encryption_environment = encryption_environment self.passphrase_file_name = None self.volume_type = None self.secret_id = None self.secret_seq_num = None self.encryption_config = ConfigUtil(encryption_environment.encryption_config_file_path, 'azure_crypt_config', logger) self.logger = logger def config_file_exists(self): return self.encryption_config.config_file_exists() def get_bek_filename(self): return self.encryption_config.get_config(CommonVariables.PassphraseFileNameKey) def get_volume_type(self): return self.encryption_config.get_config(CommonVariables.VolumeTypeKey) def get_secret_id(self): return self.encryption_config.get_config(CommonVariables.SecretUriKey) def get_secret_seq_num(self): return self.encryption_config.get_config(CommonVariables.SecretSeqNum) def commit(self): key_value_pairs = [] command = ConfigKeyValuePair(CommonVariables.PassphraseFileNameKey, self.passphrase_file_name) key_value_pairs.append(command) volume_type = ConfigKeyValuePair(CommonVariables.VolumeTypeKey, self.volume_type) key_value_pairs.append(volume_type) parameters = ConfigKeyValuePair(CommonVariables.SecretUriKey, self.secret_id) key_value_pairs.append(parameters) parameters = ConfigKeyValuePair(CommonVariables.SecretSeqNum, self.secret_seq_num) key_value_pairs.append(parameters) self.encryption_config.save_configs(key_value_pairs) def clear_config(self): try: if os.path.exists(self.encryption_environment.encryption_config_file_path): self.logger.log(msg="archiving the encryption config file: {0}".format(self.encryption_environment.encryption_config_file_path)) time_stamp = datetime.datetime.now() new_name = "{0}_{1}".format(self.encryption_environment.encryption_config_file_path, time_stamp) os.rename(self.encryption_environment.encryption_config_file_path, new_name) else: self.logger.log(msg=("the config file not exist: {0}".format(self.encryption_environment.encryption_config_file_path)), level = CommonVariables.WarningLevel) return True except OSError as e: self.logger.log("Failed to archive encryption config with error: {0}, stack trace: {1}".format(e, traceback.format_exc())) return False
class EncryptionConfig(object): def __init__(self, encryption_environment, logger): self.encryptionEnvironment = encryption_environment self.passphrase_file_name = None self.bek_filesystem = None self.volume_type = None self.secret_id = None self.encryption_config = ConfigUtil( encryption_environment.encryption_config_file_path, 'azure_crypt_config', logger) def config_file_exists(self): return self.encryption_config.config_file_exists() def get_bek_filename(self): return self.encryption_config.get_config( CommonVariables.PassphraseFileNameKey) def get_bek_filesystem(self): return self.encryption_config.get_config( CommonVariables.BekVolumeFileSystemKey) def get_secret_id(self): return self.encryption_config.get_config(CommonVariables.SecretUriKey) def commit(self): key_value_pairs = [] command = ConfigKeyValuePair(CommonVariables.PassphraseFileNameKey, self.passphrase_file_name) key_value_pairs.append(command) bek_file_system = ConfigKeyValuePair( CommonVariables.BekVolumeFileSystemKey, CommonVariables.BekVolumeFileSystem) key_value_pairs.append(bek_file_system) parameters = ConfigKeyValuePair(CommonVariables.SecretUriKey, self.secret_id) key_value_pairs.append(parameters) self.encryption_config.save_configs(key_value_pairs)
class ExtensionParameter(object): def __init__(self, hutil, logger, distro_patcher, encryption_environment, protected_settings, public_settings): """ TODO: we should validate the parameter first """ self.hutil = hutil self.logger = logger self.distro_patcher = distro_patcher self.encryption_environment = encryption_environment self.disk_util = DiskUtil( hutil=hutil, patching=distro_patcher, logger=logger, encryption_environment=encryption_environment) self.bek_util = BekUtil(self.disk_util, logger) self.encryption_config = EncryptionConfig(encryption_environment, logger) self.command = public_settings.get( CommonVariables.EncryptionEncryptionOperationKey) self.KeyEncryptionKeyURL = public_settings.get( CommonVariables.KeyEncryptionKeyURLKey) self.KeyVaultURL = public_settings.get(CommonVariables.KeyVaultURLKey) self.AADClientID = public_settings.get(CommonVariables.AADClientIDKey) self.AADClientCertThumbprint = public_settings.get( CommonVariables.AADClientCertThumbprintKey) keyEncryptionAlgorithm = public_settings.get( CommonVariables.KeyEncryptionAlgorithmKey) if keyEncryptionAlgorithm is not None and keyEncryptionAlgorithm != "": self.KeyEncryptionAlgorithm = keyEncryptionAlgorithm else: self.KeyEncryptionAlgorithm = 'RSA-OAEP' self.VolumeType = public_settings.get(CommonVariables.VolumeTypeKey) self.DiskFormatQuery = public_settings.get( CommonVariables.DiskFormatQuerykey) """ private settings """ self.AADClientSecret = protected_settings.get( CommonVariables.AADClientSecretKey) if self.AADClientSecret is None: self.AADClientSecret = '' self.passphrase = protected_settings.get(CommonVariables.PassphraseKey) self.DiskEncryptionKeyFileName = "LinuxPassPhraseFileName" # parse the query from the array self.params_config = ConfigUtil( encryption_environment.extension_parameter_file_path, 'azure_extension_params', logger) def config_file_exists(self): return self.params_config.config_file_exists() def get_command(self): return self.params_config.get_config( CommonVariables.EncryptionEncryptionOperationKey) def get_kek_url(self): return self.params_config.get_config( CommonVariables.KeyEncryptionKeyURLKey) def get_keyvault_url(self): return self.params_config.get_config(CommonVariables.KeyVaultURLKey) def get_aad_client_id(self): return self.params_config.get_config(CommonVariables.AADClientIDKey) def get_aad_client_secret(self): return self.params_config.get_config( CommonVariables.AADClientSecretKey) def get_aad_client_cert(self): return self.params_config.get_config( CommonVariables.AADClientCertThumbprintKey) def get_kek_algorithm(self): return self.params_config.get_config( CommonVariables.KeyEncryptionAlgorithmKey) def get_volume_type(self): return self.params_config.get_config(CommonVariables.VolumeTypeKey) def get_disk_format_query(self): return self.params_config.get_config( CommonVariables.DiskFormatQuerykey) def get_bek_filename(self): return self.DiskEncryptionKeyFileName def commit(self): key_value_pairs = [] command = ConfigKeyValuePair( CommonVariables.EncryptionEncryptionOperationKey, self.command) key_value_pairs.append(command) KeyEncryptionKeyURL = ConfigKeyValuePair( CommonVariables.KeyEncryptionKeyURLKey, self.KeyEncryptionKeyURL) key_value_pairs.append(KeyEncryptionKeyURL) KeyVaultURL = ConfigKeyValuePair(CommonVariables.KeyVaultURLKey, self.KeyVaultURL) key_value_pairs.append(KeyVaultURL) AADClientID = ConfigKeyValuePair(CommonVariables.AADClientIDKey, self.AADClientID) key_value_pairs.append(AADClientID) AADClientSecret = ConfigKeyValuePair( CommonVariables.AADClientSecretKey, hashlib.sha256(self.AADClientSecret.encode("utf-8")).hexdigest()) key_value_pairs.append(AADClientSecret) AADClientCertThumbprint = ConfigKeyValuePair( CommonVariables.AADClientCertThumbprintKey, self.AADClientCertThumbprint) key_value_pairs.append(AADClientCertThumbprint) KeyEncryptionAlgorithm = ConfigKeyValuePair( CommonVariables.KeyEncryptionAlgorithmKey, self.KeyEncryptionAlgorithm) key_value_pairs.append(KeyEncryptionAlgorithm) VolumeType = ConfigKeyValuePair(CommonVariables.VolumeTypeKey, self.VolumeType) key_value_pairs.append(VolumeType) DiskFormatQuery = ConfigKeyValuePair( CommonVariables.DiskFormatQuerykey, self.DiskFormatQuery) key_value_pairs.append(DiskFormatQuery) self.params_config.save_configs(key_value_pairs) def clear_config(self): try: if os.path.exists( self.encryption_environment.encryption_config_file_path): self.logger.log( msg="archiving the encryption config file: {0}".format( self.encryption_environment.encryption_config_file_path )) time_stamp = datetime.datetime.now() new_name = "{0}_{1}".format( self.encryption_environment.encryption_config_file_path, time_stamp) os.rename( self.encryption_environment.encryption_config_file_path, new_name) else: self.logger.log(msg=("the config file not exist: {0}".format( self.encryption_environment.encryption_config_file_path)), level=CommonVariables.WarningLevel) return True except OSError as e: self.logger.log( "Failed to archive encryption config with error: {0}, stack trace: {1}" .format(e, traceback.format_exc())) return False def _is_encrypt_command(self, command): return command in [ CommonVariables.EnableEncryption, CommonVariables.EnableEncryptionFormat, CommonVariables.EnableEncryptionFormatAll ] def config_changed(self): if (self.command or self.get_command()) and \ (self.command != self.get_command() and \ # Even if the commands are not exactly the same, if they're both encrypt commands, don't consider this a change not (self._is_encrypt_command(self.command) and self._is_encrypt_command(self.get_command()))): self.logger.log( 'Current config command {0} differs from effective config command {1}' .format(self.command, self.get_command())) return True if (self.KeyEncryptionKeyURL or self.get_kek_url()) and \ (self.KeyEncryptionKeyURL != self.get_kek_url()): self.logger.log( 'Current config KeyEncryptionKeyURL {0} differs from effective config KeyEncryptionKeyURL {1}' .format(self.KeyEncryptionKeyURL, self.get_kek_url())) return True if (self.KeyVaultURL or self.get_keyvault_url()) and \ (self.KeyVaultURL != self.get_keyvault_url()): self.logger.log( 'Current config KeyVaultURL {0} differs from effective config KeyVaultURL {1}' .format(self.KeyVaultURL, self.get_keyvault_url())) return True if (self.AADClientID or self.get_aad_client_id()) and \ (self.AADClientID != self.get_aad_client_id()): self.logger.log( 'Current config AADClientID {0} differs from effective config AADClientID {1}' .format(self.AADClientID, self.get_aad_client_id())) return True if (self.AADClientSecret or self.get_aad_client_secret()) and \ (hashlib.sha256(self.AADClientSecret.encode("utf-8")).hexdigest() != self.get_aad_client_secret()): self.logger.log( 'Current config AADClientSecret {0} differs from effective config AADClientSecret {1}' .format( hashlib.sha256( self.AADClientSecret.encode("utf-8")).hexdigest(), self.get_aad_client_secret())) return True if (self.AADClientCertThumbprint or self.get_aad_client_cert()) and \ (self.AADClientCertThumbprint != self.get_aad_client_cert()): self.logger.log( 'Current config AADClientCertThumbprint {0} differs from effective config AADClientCertThumbprint {1}' .format(self.AADClientCertThumbprint, self.get_aad_client_cert())) return True if (self.KeyEncryptionAlgorithm or self.get_kek_algorithm()) and \ (self.KeyEncryptionAlgorithm != self.get_kek_algorithm()): self.logger.log( 'Current config KeyEncryptionAlgorithm {0} differs from effective config KeyEncryptionAlgorithm {1}' .format(self.KeyEncryptionAlgorithm, self.get_kek_algorithm())) return True bek_passphrase_file = self.bek_util.get_bek_passphrase_file( self.encryption_config) bek_passphrase = file(bek_passphrase_file).read() if (self.passphrase and bek_passphrase) and \ (self.passphrase != bek_passphrase): self.logger.log( 'Current config passphrase differs from effective config passphrase' ) return True self.logger.log( 'Current config is not different from effective config') return False
class OnGoingItemConfig(object): def __init__(self, encryption_environment,logger): self.encryption_environment = encryption_environment self.logger = logger self.original_dev_name_path = None self.original_dev_path = None self.mapper_name = None self.luks_header_file_path = None self.phase = None self.file_system = None self.mount_point = None self.device_size = None self.from_end = None self.header_slice_file_path = None self.current_block_size = None self.current_source_path = None self.current_total_copy_size = None self.current_slice_index = None self.current_destination = None self.ongoing_item_config = ConfigUtil(encryption_environment.azure_crypt_ongoing_item_config_path, 'azure_crypt_ongoing_item_config', logger) def config_file_exists(self): return self.ongoing_item_config.config_file_exists() def get_original_dev_name_path(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemOriginalDevNamePathKey) def get_original_dev_path(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemOriginalDevPathKey) def get_mapper_name(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemMapperNameKey) def get_header_file_path(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemHeaderFilePathKey) def get_phase(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemPhaseKey) def get_header_slice_file_path(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemHeaderSliceFilePathKey) def get_file_system(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemFileSystemKey) def get_mount_point(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemMountPointKey) def get_device_size(self): device_size_value = self.ongoing_item_config.get_config(CommonVariables.OngoingItemDeviceSizeKey) if(device_size_value is None or device_size_value == ""): return None else: return long(device_size_value) def get_current_slice_index(self): current_slice_index_value = self.ongoing_item_config.get_config(CommonVariables.OngoingItemCurrentSliceIndexKey) if(current_slice_index_value is None or current_slice_index_value == ""): return None else: return long(current_slice_index_value) def get_from_end(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemFromEndKey) def get_current_block_size(self): block_size_value = self.ongoing_item_config.get_config(CommonVariables.OngoingItemCurrentBlockSizeKey) if(block_size_value is None or block_size_value == ""): return None else: return long(block_size_value) def get_current_source_path(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemCurrentSourcePathKey) def get_current_destination(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemCurrentDestinationKey) def get_current_total_copy_size(self): total_copy_size_value = self.ongoing_item_config.get_config(CommonVariables.OngoingItemCurrentTotalCopySizeKey) if(total_copy_size_value is None or total_copy_size_value == ""): return None else: return long(total_copy_size_value) def get_luks_header_file_path(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemCurrentLuksHeaderFilePathKey) def load_value_from_file(self): self.original_dev_name_path = self.get_original_dev_name_path() self.original_dev_path = self.get_original_dev_path() self.mapper_name = self.get_mapper_name() self.luks_header_file_path = self.get_luks_header_file_path() self.phase = self.get_phase() self.file_system = self.get_file_system() self.mount_point = self.get_mount_point() self.device_size = self.get_device_size() self.from_end = self.get_from_end() self.header_slice_file_path = self.get_header_slice_file_path() self.current_block_size = self.get_current_block_size() self.current_source_path = self.get_current_source_path() self.current_total_copy_size = self.get_current_total_copy_size() self.current_slice_index = self.get_current_slice_index() self.current_destination = self.get_current_destination() def commit(self): key_value_pairs = [] original_dev_name_path_pair = ConfigKeyValuePair(CommonVariables.OngoingItemOriginalDevNamePathKey, self.original_dev_name_path) key_value_pairs.append(original_dev_name_path_pair) original_dev_path_pair = ConfigKeyValuePair(CommonVariables.OngoingItemOriginalDevPathKey, self.original_dev_path) key_value_pairs.append(original_dev_path_pair) mapper_name_pair = ConfigKeyValuePair(CommonVariables.OngoingItemMapperNameKey, self.mapper_name) key_value_pairs.append(mapper_name_pair) header_file_pair = ConfigKeyValuePair(CommonVariables.OngoingItemHeaderFilePathKey, self.luks_header_file_path) key_value_pairs.append(header_file_pair) phase_pair = ConfigKeyValuePair(CommonVariables.OngoingItemPhaseKey, self.phase) key_value_pairs.append(phase_pair) header_slice_file_pair = ConfigKeyValuePair(CommonVariables.OngoingItemHeaderSliceFilePathKey, self.header_slice_file_path) key_value_pairs.append(header_slice_file_pair) file_system_pair = ConfigKeyValuePair(CommonVariables.OngoingItemFileSystemKey, self.file_system) key_value_pairs.append(file_system_pair) mount_point_pair = ConfigKeyValuePair(CommonVariables.OngoingItemMountPointKey, self.mount_point) key_value_pairs.append(mount_point_pair) device_size_pair = ConfigKeyValuePair(CommonVariables.OngoingItemDeviceSizeKey, self.device_size) key_value_pairs.append(device_size_pair) current_slice_index_pair = ConfigKeyValuePair(CommonVariables.OngoingItemCurrentSliceIndexKey, self.current_slice_index) key_value_pairs.append(current_slice_index_pair) from_end_pair = ConfigKeyValuePair(CommonVariables.OngoingItemFromEndKey, self.from_end) key_value_pairs.append(from_end_pair) current_source_path_pair = ConfigKeyValuePair(CommonVariables.OngoingItemCurrentSourcePathKey, self.current_source_path) key_value_pairs.append(current_source_path_pair) current_destination_pair = ConfigKeyValuePair(CommonVariables.OngoingItemCurrentDestinationKey, self.current_destination) key_value_pairs.append(current_destination_pair) current_total_copy_size_pair = ConfigKeyValuePair(CommonVariables.OngoingItemCurrentTotalCopySizeKey, self.current_total_copy_size) key_value_pairs.append(current_total_copy_size_pair) current_block_size_pair = ConfigKeyValuePair(CommonVariables.OngoingItemCurrentBlockSizeKey, self.current_block_size) key_value_pairs.append(current_block_size_pair) self.ongoing_item_config.save_configs(key_value_pairs) def clear_config(self): try: if(os.path.exists(self.encryption_environment.azure_crypt_ongoing_item_config_path)): self.logger.log(msg="archive the config file: {0}".format(self.encryption_environment.azure_crypt_ongoing_item_config_path)) time_stamp = datetime.datetime.now() new_name = "{0}_{1}".format(self.encryption_environment.azure_crypt_ongoing_item_config_path, time_stamp) os.rename(self.encryption_environment.azure_crypt_ongoing_item_config_path, new_name) else: self.logger.log(msg=("the config file not exist: {0}".format(self.encryption_environment.azure_crypt_ongoing_item_config_path)), level = CommonVariables.WarningLevel) return True except OSError as e: self.logger.log("Failed to archive_backup_config with error: {0}, stack trace: {1}".format(e, traceback.format_exc())) return False def __str__(self): return "dev_uuid_path is {0}, mapper_name is {1}, luks_header_file_path is {2}, phase is {3}, header_slice_file_path is {4}, file system is {5}, mount_point is {6}, device size is {7}"\ .format(self.original_dev_path,self.mapper_name,self.luks_header_file_path,self.phase,self.header_slice_file_path,self.file_system,self.mount_point,self.device_size)
class OnGoingItemConfig(object): def __init__(self, encryption_environment, logger): self.encryption_environment = encryption_environment self.logger = logger self.original_dev_name_path = None self.original_dev_path = None self.mapper_name = None self.luks_header_file_path = None self.phase = None self.file_system = None self.mount_point = None self.device_size = None self.from_end = None self.header_slice_file_path = None self.current_block_size = None self.current_source_path = None self.current_total_copy_size = None self.current_slice_index = None self.current_destination = None self.ongoing_item_config = ConfigUtil( encryption_environment.azure_crypt_ongoing_item_config_path, 'azure_crypt_ongoing_item_config', logger) def config_file_exists(self): return self.ongoing_item_config.config_file_exists() def get_original_dev_name_path(self): return self.ongoing_item_config.get_config( CommonVariables.OngoingItemOriginalDevNamePathKey) def get_original_dev_path(self): return self.ongoing_item_config.get_config( CommonVariables.OngoingItemOriginalDevPathKey) def get_mapper_name(self): return self.ongoing_item_config.get_config( CommonVariables.OngoingItemMapperNameKey) def get_header_file_path(self): return self.ongoing_item_config.get_config( CommonVariables.OngoingItemHeaderFilePathKey) def get_phase(self): return self.ongoing_item_config.get_config( CommonVariables.OngoingItemPhaseKey) def get_header_slice_file_path(self): return self.ongoing_item_config.get_config( CommonVariables.OngoingItemHeaderSliceFilePathKey) def get_file_system(self): return self.ongoing_item_config.get_config( CommonVariables.OngoingItemFileSystemKey) def get_mount_point(self): return self.ongoing_item_config.get_config( CommonVariables.OngoingItemMountPointKey) def get_device_size(self): device_size_value = self.ongoing_item_config.get_config( CommonVariables.OngoingItemDeviceSizeKey) if device_size_value is None or device_size_value == "": return None else: return long(device_size_value) def get_current_slice_index(self): current_slice_index_value = self.ongoing_item_config.get_config( CommonVariables.OngoingItemCurrentSliceIndexKey) if current_slice_index_value is None or current_slice_index_value == "": return None else: return long(current_slice_index_value) def get_from_end(self): return self.ongoing_item_config.get_config( CommonVariables.OngoingItemFromEndKey) def get_current_block_size(self): block_size_value = self.ongoing_item_config.get_config( CommonVariables.OngoingItemCurrentBlockSizeKey) if block_size_value is None or block_size_value == "": return None else: return long(block_size_value) def get_current_source_path(self): return self.ongoing_item_config.get_config( CommonVariables.OngoingItemCurrentSourcePathKey) def get_current_destination(self): return self.ongoing_item_config.get_config( CommonVariables.OngoingItemCurrentDestinationKey) def get_current_total_copy_size(self): total_copy_size_value = self.ongoing_item_config.get_config( CommonVariables.OngoingItemCurrentTotalCopySizeKey) if total_copy_size_value is None or total_copy_size_value == "": return None else: return long(total_copy_size_value) def get_luks_header_file_path(self): return self.ongoing_item_config.get_config( CommonVariables.OngoingItemCurrentLuksHeaderFilePathKey) def load_value_from_file(self): self.original_dev_name_path = self.get_original_dev_name_path() self.original_dev_path = self.get_original_dev_path() self.mapper_name = self.get_mapper_name() self.luks_header_file_path = self.get_luks_header_file_path() self.phase = self.get_phase() self.file_system = self.get_file_system() self.mount_point = self.get_mount_point() self.device_size = self.get_device_size() self.from_end = self.get_from_end() self.header_slice_file_path = self.get_header_slice_file_path() self.current_block_size = self.get_current_block_size() self.current_source_path = self.get_current_source_path() self.current_total_copy_size = self.get_current_total_copy_size() self.current_slice_index = self.get_current_slice_index() self.current_destination = self.get_current_destination() def commit(self): key_value_pairs = [] original_dev_name_path_pair = ConfigKeyValuePair( CommonVariables.OngoingItemOriginalDevNamePathKey, self.original_dev_name_path) key_value_pairs.append(original_dev_name_path_pair) original_dev_path_pair = ConfigKeyValuePair( CommonVariables.OngoingItemOriginalDevPathKey, self.original_dev_path) key_value_pairs.append(original_dev_path_pair) mapper_name_pair = ConfigKeyValuePair( CommonVariables.OngoingItemMapperNameKey, self.mapper_name) key_value_pairs.append(mapper_name_pair) header_file_pair = ConfigKeyValuePair( CommonVariables.OngoingItemHeaderFilePathKey, self.luks_header_file_path) key_value_pairs.append(header_file_pair) phase_pair = ConfigKeyValuePair(CommonVariables.OngoingItemPhaseKey, self.phase) key_value_pairs.append(phase_pair) header_slice_file_pair = ConfigKeyValuePair( CommonVariables.OngoingItemHeaderSliceFilePathKey, self.header_slice_file_path) key_value_pairs.append(header_slice_file_pair) file_system_pair = ConfigKeyValuePair( CommonVariables.OngoingItemFileSystemKey, self.file_system) key_value_pairs.append(file_system_pair) mount_point_pair = ConfigKeyValuePair( CommonVariables.OngoingItemMountPointKey, self.mount_point) key_value_pairs.append(mount_point_pair) device_size_pair = ConfigKeyValuePair( CommonVariables.OngoingItemDeviceSizeKey, self.device_size) key_value_pairs.append(device_size_pair) current_slice_index_pair = ConfigKeyValuePair( CommonVariables.OngoingItemCurrentSliceIndexKey, self.current_slice_index) key_value_pairs.append(current_slice_index_pair) from_end_pair = ConfigKeyValuePair( CommonVariables.OngoingItemFromEndKey, self.from_end) key_value_pairs.append(from_end_pair) current_source_path_pair = ConfigKeyValuePair( CommonVariables.OngoingItemCurrentSourcePathKey, self.current_source_path) key_value_pairs.append(current_source_path_pair) current_destination_pair = ConfigKeyValuePair( CommonVariables.OngoingItemCurrentDestinationKey, self.current_destination) key_value_pairs.append(current_destination_pair) current_total_copy_size_pair = ConfigKeyValuePair( CommonVariables.OngoingItemCurrentTotalCopySizeKey, self.current_total_copy_size) key_value_pairs.append(current_total_copy_size_pair) current_block_size_pair = ConfigKeyValuePair( CommonVariables.OngoingItemCurrentBlockSizeKey, self.current_block_size) key_value_pairs.append(current_block_size_pair) self.ongoing_item_config.save_configs(key_value_pairs) def clear_config(self): try: if os.path.exists(self.encryption_environment. azure_crypt_ongoing_item_config_path): self.logger.log(msg="archive the config file: {0}".format( self.encryption_environment. azure_crypt_ongoing_item_config_path)) time_stamp = datetime.datetime.now() new_name = "{0}_{1}".format( self.encryption_environment. azure_crypt_ongoing_item_config_path, time_stamp) os.rename( self.encryption_environment. azure_crypt_ongoing_item_config_path, new_name) else: self.logger.log(msg=("the config file not exist: {0}".format( self.encryption_environment. azure_crypt_ongoing_item_config_path)), level=CommonVariables.WarningLevel) return True except OSError as e: self.logger.log( "Failed to archive_backup_config with error: {0}, stack trace: {1}" .format(e, traceback.format_exc())) return False def __str__(self): return "dev_uuid_path is {0}, mapper_name is {1}, luks_header_file_path is {2}, phase is {3}, header_slice_file_path is {4}, file system is {5}, mount_point is {6}, device size is {7}"\ .format(self.original_dev_path, self.mapper_name, self.luks_header_file_path, self.phase, self.header_slice_file_path, self.file_system, self.mount_point, self.device_size)
class ExtensionParameter(object): def __init__(self, hutil, logger, distro_patcher, encryption_environment, protected_settings, public_settings): """ TODO: we should validate the parameter first """ self.hutil = hutil self.logger = logger self.distro_patcher = distro_patcher self.encryption_environment = encryption_environment self.disk_util = DiskUtil(hutil=hutil, patching=distro_patcher, logger=logger, encryption_environment=encryption_environment) self.bek_util = BekUtil(self.disk_util, logger) self.encryption_config = EncryptionConfig(encryption_environment, logger) self.command = public_settings.get(CommonVariables.EncryptionEncryptionOperationKey) self.KeyEncryptionKeyURL = public_settings.get(CommonVariables.KeyEncryptionKeyURLKey) self.KeyVaultURL = public_settings.get(CommonVariables.KeyVaultURLKey) self.AADClientID = public_settings.get(CommonVariables.AADClientIDKey) self.AADClientCertThumbprint = public_settings.get(CommonVariables.AADClientCertThumbprintKey) keyEncryptionAlgorithm = public_settings.get(CommonVariables.KeyEncryptionAlgorithmKey) if keyEncryptionAlgorithm is not None and keyEncryptionAlgorithm !="": self.KeyEncryptionAlgorithm = keyEncryptionAlgorithm else: self.KeyEncryptionAlgorithm = 'RSA-OAEP' self.VolumeType = public_settings.get(CommonVariables.VolumeTypeKey) self.DiskFormatQuery = public_settings.get(CommonVariables.DiskFormatQuerykey) """ private settings """ self.AADClientSecret = protected_settings.get(CommonVariables.AADClientSecretKey) if self.AADClientSecret is None: self.AADClientSecret = '' self.passphrase = protected_settings.get(CommonVariables.PassphraseKey) self.DiskEncryptionKeyFileName = "LinuxPassPhraseFileName" # parse the query from the array self.params_config = ConfigUtil(encryption_environment.extension_parameter_file_path, 'azure_extension_params', logger) def config_file_exists(self): return self.params_config.config_file_exists() def get_command(self): return self.params_config.get_config(CommonVariables.EncryptionEncryptionOperationKey) def get_kek_url(self): return self.params_config.get_config(CommonVariables.KeyEncryptionKeyURLKey) def get_keyvault_url(self): return self.params_config.get_config(CommonVariables.KeyVaultURLKey) def get_aad_client_id(self): return self.params_config.get_config(CommonVariables.AADClientIDKey) def get_aad_client_secret(self): return self.params_config.get_config(CommonVariables.AADClientSecretKey) def get_aad_client_cert(self): return self.params_config.get_config(CommonVariables.AADClientCertThumbprintKey) def get_kek_algorithm(self): return self.params_config.get_config(CommonVariables.KeyEncryptionAlgorithmKey) def get_volume_type(self): return self.params_config.get_config(CommonVariables.VolumeTypeKey) def get_disk_format_query(self): return self.params_config.get_config(CommonVariables.DiskFormatQuerykey) def get_bek_filename(self): return self.DiskEncryptionKeyFileName def commit(self): key_value_pairs = [] command = ConfigKeyValuePair(CommonVariables.EncryptionEncryptionOperationKey, self.command) key_value_pairs.append(command) KeyEncryptionKeyURL = ConfigKeyValuePair(CommonVariables.KeyEncryptionKeyURLKey, self.KeyEncryptionKeyURL) key_value_pairs.append(KeyEncryptionKeyURL) KeyVaultURL = ConfigKeyValuePair(CommonVariables.KeyVaultURLKey, self.KeyVaultURL) key_value_pairs.append(KeyVaultURL) AADClientID = ConfigKeyValuePair(CommonVariables.AADClientIDKey, self.AADClientID) key_value_pairs.append(AADClientID) AADClientSecret = ConfigKeyValuePair(CommonVariables.AADClientSecretKey, hashlib.sha256(self.AADClientSecret.encode("utf-8")).hexdigest()) key_value_pairs.append(AADClientSecret) AADClientCertThumbprint = ConfigKeyValuePair(CommonVariables.AADClientCertThumbprintKey, self.AADClientCertThumbprint) key_value_pairs.append(AADClientCertThumbprint) KeyEncryptionAlgorithm = ConfigKeyValuePair(CommonVariables.KeyEncryptionAlgorithmKey, self.KeyEncryptionAlgorithm) key_value_pairs.append(KeyEncryptionAlgorithm) VolumeType = ConfigKeyValuePair(CommonVariables.VolumeTypeKey, self.VolumeType) key_value_pairs.append(VolumeType) DiskFormatQuery = ConfigKeyValuePair(CommonVariables.DiskFormatQuerykey, self.DiskFormatQuery) key_value_pairs.append(DiskFormatQuery) self.params_config.save_configs(key_value_pairs) def clear_config(self): try: if os.path.exists(self.encryption_environment.encryption_config_file_path): self.logger.log(msg="archiving the encryption config file: {0}".format(self.encryption_environment.encryption_config_file_path)) time_stamp = datetime.datetime.now() new_name = "{0}_{1}".format(self.encryption_environment.encryption_config_file_path, time_stamp) os.rename(self.encryption_environment.encryption_config_file_path, new_name) else: self.logger.log(msg=("the config file not exist: {0}".format(self.encryption_environment.encryption_config_file_path)), level = CommonVariables.WarningLevel) return True except OSError as e: self.logger.log("Failed to archive encryption config with error: {0}, stack trace: {1}".format(e, traceback.format_exc())) return False def _is_encrypt_command(self, command): return command in [CommonVariables.EnableEncryption, CommonVariables.EnableEncryptionFormat, CommonVariables.EnableEncryptionFormatAll] def config_changed(self): if (self.command or self.get_command()) and \ (self.command != self.get_command() and \ # Even if the commands are not exactly the same, if they're both encrypt commands, don't consider this a change not (self._is_encrypt_command(self.command) and self._is_encrypt_command(self.get_command()))): self.logger.log('Current config command {0} differs from effective config command {1}'.format(self.command, self.get_command())) return True if (self.KeyEncryptionKeyURL or self.get_kek_url()) and \ (self.KeyEncryptionKeyURL != self.get_kek_url()): self.logger.log('Current config KeyEncryptionKeyURL {0} differs from effective config KeyEncryptionKeyURL {1}'.format(self.KeyEncryptionKeyURL, self.get_kek_url())) return True if (self.KeyVaultURL or self.get_keyvault_url()) and \ (self.KeyVaultURL != self.get_keyvault_url()): self.logger.log('Current config KeyVaultURL {0} differs from effective config KeyVaultURL {1}'.format(self.KeyVaultURL, self.get_keyvault_url())) return True if (self.AADClientID or self.get_aad_client_id()) and \ (self.AADClientID != self.get_aad_client_id()): self.logger.log('Current config AADClientID {0} differs from effective config AADClientID {1}'.format(self.AADClientID, self.get_aad_client_id())) return True if (self.AADClientSecret or self.get_aad_client_secret()) and \ (hashlib.sha256(self.AADClientSecret.encode("utf-8")).hexdigest() != self.get_aad_client_secret()): self.logger.log('Current config AADClientSecret {0} differs from effective config AADClientSecret {1}'.format(hashlib.sha256(self.AADClientSecret.encode("utf-8")).hexdigest(), self.get_aad_client_secret())) return True if (self.AADClientCertThumbprint or self.get_aad_client_cert()) and \ (self.AADClientCertThumbprint != self.get_aad_client_cert()): self.logger.log('Current config AADClientCertThumbprint {0} differs from effective config AADClientCertThumbprint {1}'.format(self.AADClientCertThumbprint, self.get_aad_client_cert())) return True if (self.KeyEncryptionAlgorithm or self.get_kek_algorithm()) and \ (self.KeyEncryptionAlgorithm != self.get_kek_algorithm()): self.logger.log('Current config KeyEncryptionAlgorithm {0} differs from effective config KeyEncryptionAlgorithm {1}'.format(self.KeyEncryptionAlgorithm, self.get_kek_algorithm())) return True bek_passphrase_file_name = self.bek_util.get_bek_passphrase_file(self.encryption_config) bek_passphrase = None if bek_passphrase_file_name is not None and os.path.exists(bek_passphrase_file_name): bek_passphrase = file(bek_passphrase_file_name).read() if (self.passphrase and bek_passphrase) and \ (self.passphrase != bek_passphrase): self.logger.log('Current config passphrase differs from effective config passphrase') return True self.logger.log('Current config is not different from effective config') return False
class EncryptionConfig(object): def __init__(self, encryption_environment, logger): self.encryptionEnvironment = encryption_environment self.passphrase_file_name = None self.volume_type = None self.secret_id = None self.encryption_config = ConfigUtil( encryption_environment.encryption_config_file_path, 'azure_crypt_config', logger) self.logger = logger def config_file_exists(self): return self.encryption_config.config_file_exists() def get_bek_filename(self): return self.encryption_config.get_config( CommonVariables.PassphraseFileNameKey) def get_volume_type(self): return self.encryption_config.get_config(CommonVariables.VolumeTypeKey) def get_secret_id(self): return self.encryption_config.get_config(CommonVariables.SecretUriKey) def commit(self): key_value_pairs = [] command = ConfigKeyValuePair(CommonVariables.PassphraseFileNameKey, self.passphrase_file_name) key_value_pairs.append(command) volume_type = ConfigKeyValuePair(CommonVariables.VolumeTypeKey, self.volume_type) key_value_pairs.append(volume_type) parameters = ConfigKeyValuePair(CommonVariables.SecretUriKey, self.secret_id) key_value_pairs.append(parameters) self.encryption_config.save_configs(key_value_pairs) def clear_config(self): try: if (os.path.exists( self.encryptionEnvironment.encryption_config_file_path)): self.logger.log( msg="archiving the encryption config file: {0}".format( self.encryptionEnvironment.encryption_config_file_path) ) time_stamp = datetime.datetime.now() new_name = "{0}_{1}".format( self.encryptionEnvironment.encryption_config_file_path, time_stamp) os.rename( self.encryptionEnvironment.encryption_config_file_path, new_name) else: self.logger.log(msg=("the config file not exist: {0}".format( self.encryptionEnvironment.encryption_config_file_path)), level=CommonVariables.WarningLevel) return True except OSError as e: self.logger.log( "Failed to archive encryption config with error: {0}, stack trace: {1}" .format(e, traceback.format_exc())) return False
class OnGoingItemConfig(object): def __init__(self, encryption_environment,logger): self.encryption_environment = encryption_environment self.logger = logger self.original_dev_name_path = None self.original_dev_path = None self.mapper_name = None self.luks_header_file_path = None self.phase = None self.file_system = None self.mount_point = None self.device_size = None self.from_end = None self.header_slice_file_path = None self.current_block_size = None self.current_source_path = None self.current_total_copy_size = None self.current_slice_index = None self.current_destination = None self.ongoing_item_config = ConfigUtil(encryption_environment.azure_crypt_ongoing_item_config_path,'azure_crypt_ongoing_item_config',logger) def config_file_exists(self): return self.ongoing_item_config.config_file_exists() def get_original_dev_name_path(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemOriginalDevNamePathKey) def get_original_dev_path(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemOriginalDevPathKey) def get_mapper_name(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemMapperNameKey) def get_header_file_path(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemHeaderFilePathKey) def get_phase(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemPhaseKey) def get_header_slice_file_path(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemHeaderSliceFilePathKey) def get_file_system(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemFileSystemKey) def get_mount_point(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemMountPointKey) def get_device_size(self): return long(self.ongoing_item_config.get_config(CommonVariables.OngoingItemDeviceSizeKey)) def get_current_slice_index(self): return long(self.ongoing_item_config.get_config(CommonVariables.OngoingItemCurrentSliceIndexKey)) def get_from_end(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemFromEndKey) def get_current_block_size(self): return long(self.ongoing_item_config.get_config(CommonVariables.OngoingItemCurrentBlockSizeKey)) def get_current_source_path(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemCurrentSourcePathKey) def get_current_destination(self): return self.ongoing_item_config.get_config(CommonVariables.OngoingItemCurrentDestinationKey) def get_current_total_copy_size(self): return long(self.ongoing_item_config.get_config(CommonVariables.OngoingItemCurrentTotalCopySizeKey)) def commit(self): key_value_pairs = [] original_dev_name_path_pair = ConfigKeyValuePair(CommonVariables.OngoingItemOriginalDevNamePathKey, self.original_dev_name_path) key_value_pairs.append(original_dev_name_path_pair) original_dev_path_pair = ConfigKeyValuePair(CommonVariables.OngoingItemOriginalDevPathKey, self.original_dev_path) key_value_pairs.append(original_dev_path_pair) mapper_name_pair = ConfigKeyValuePair(CommonVariables.OngoingItemMapperNameKey, self.mapper_name) key_value_pairs.append(mapper_name_pair) header_file_pair = ConfigKeyValuePair(CommonVariables.OngoingItemHeaderFilePathKey, self.luks_header_file_path) key_value_pairs.append(header_file_pair) phase_pair = ConfigKeyValuePair(CommonVariables.OngoingItemPhaseKey, self.phase) key_value_pairs.append(phase_pair) header_slice_file_pair = ConfigKeyValuePair(CommonVariables.OngoingItemHeaderSliceFilePathKey, self.header_slice_file_path) key_value_pairs.append(header_slice_file_pair) file_system_pair = ConfigKeyValuePair(CommonVariables.OngoingItemFileSystemKey, self.file_system) key_value_pairs.append(file_system_pair) mount_point_pair = ConfigKeyValuePair(CommonVariables.OngoingItemMountPointKey, self.mount_point) key_value_pairs.append(mount_point_pair) device_size_pair = ConfigKeyValuePair(CommonVariables.OngoingItemDeviceSizeKey, self.device_size) key_value_pairs.append(device_size_pair) current_slice_index_pair = ConfigKeyValuePair(CommonVariables.OngoingItemCurrentSliceIndexKey, self.current_slice_index) key_value_pairs.append(current_slice_index_pair) from_end_pair = ConfigKeyValuePair(CommonVariables.OngoingItemFromEndKey, self.from_end) key_value_pairs.append(from_end_pair) current_source_path_pair = ConfigKeyValuePair(CommonVariables.OngoingItemCurrentSourcePathKey, self.current_source_path) key_value_pairs.append(current_source_path_pair) current_destination_pair = ConfigKeyValuePair(CommonVariables.OngoingItemCurrentDestinationKey, self.current_destination) key_value_pairs.append(current_destination_pair) current_total_copy_size_pair = ConfigKeyValuePair(CommonVariables.OngoingItemCurrentTotalCopySizeKey, self.current_total_copy_size) key_value_pairs.append(current_total_copy_size_pair) current_block_size_pair = ConfigKeyValuePair(CommonVariables.OngoingItemCurrentBlockSizeKey, self.current_block_size) key_value_pairs.append(current_block_size_pair) self.ongoing_item_config.save_configs(key_value_pairs) def clear_config(self): try: if(os.path.exists(self.encryption_environment.azure_crypt_ongoing_item_config_path)): self.logger.log(msg="remove the config file " + str(self.encryption_environment.azure_crypt_ongoing_item_config_path)) os.remove(self.encryption_environment.azure_crypt_ongoing_item_config_path) else: self.logger.log(msg=("the config file not exist " + str(self.encryption_environment.azure_crypt_ongoing_item_config_path)),level = CommonVariables.WarningLevel) return True except OSError as e: self.logger.log("Failed to clear_queue with error: %s, stack trace: %s" % (str(e), traceback.format_exc())) return False def __str__(self): return "dev_uuid_path is %s, mapper_name is %s, luks_header_file_path is %s, phase is %s, header_slice_file_path is %s, file system is %s, mount_point is %s, device size is %s" % (\ self.original_dev_path,self.mapper_name,self.luks_header_file_path,self.phase,self.header_slice_file_path,self.file_system,self.mount_point,self.device_size)