def delete_vim_auth(self, context, vim_id, auth):
"""Delete vim information
Delete vim key stored in file system
"""
LOG.debug('Attempting to delete key for vim id %s', vim_id)
if auth.get('key_type') == 'barbican_key':
try:
keystone_conf = CONF.keystone_authtoken
secret_uuid = auth['secret_uuid']
keymgr_api = KEYMGR_API(keystone_conf.auth_url)
keymgr_api.delete(context, secret_uuid)
LOG.debug('VIM key deleted successfully for vim %s', vim_id)
except Exception as ex:
LOG.warning('VIM key deletion failed for vim %s due to %s',
vim_id, ex)
raise
else:
key_file = os.path.join(CONF.vim_keys.openstack, vim_id)
try:
os.remove(key_file)
LOG.debug('VIM key deleted successfully for vim %s', vim_id)
except OSError:
LOG.warning('VIM key deletion failed for vim %s', vim_id)
def delete_vim_auth(self, vim_id, auth):
"""Delete kubernetes vim information
Delete vim key stored in file system
"""
if 'secret_uuid' in auth:
# Delete secret id of barbican
LOG.debug('Attempting to delete key for vim id %s',
vim_id)
if auth.get('key_type') == 'barbican_key':
try:
k_context = \
t_context.generate_tacker_service_context()
keystone_conf = CONF.keystone_authtoken
secret_uuid = auth['secret_uuid']
keymgr_api = KEYMGR_API(keystone_conf.auth_url)
keymgr_api.delete(k_context, secret_uuid)
LOG.debug('VIM key deleted successfully for vim %s',
vim_id)
except Exception as exception:
LOG.warning('VIM key deletion failed for vim %s due to %s',
vim_id,
exception)
raise
else:
raise nfvo.VimEncryptKeyError(vim_id=vim_id)
def encode_vim_auth(self, vim_id, auth):
"""Encode VIM credentials
Store VIM auth using fernet key encryption
"""
fernet_key, fernet_obj = self.keystone.create_fernet_key()
encoded_auth = fernet_obj.encrypt(auth['password'].encode('utf-8'))
auth['password'] = encoded_auth
if CONF.vim_keys.use_barbican:
try:
k_context = t_context.generate_tacker_service_context()
keystone_conf = CONF.keystone_authtoken
keymgr_api = KEYMGR_API(keystone_conf.auth_url)
secret_uuid = keymgr_api.store(k_context, fernet_key)
auth['key_type'] = 'barbican_key'
auth['secret_uuid'] = secret_uuid
LOG.debug('VIM auth successfully stored for vim %s', vim_id)
except Exception as ex:
LOG.warning('VIM key creation failed for vim %s due to %s',
vim_id, ex)
raise
else:
auth['key_type'] = 'fernet_key'
key_file = os.path.join(CONF.vim_keys.openstack, vim_id)
try:
with open(key_file, 'wb') as f:
f.write(fernet_key)
LOG.debug('VIM auth successfully stored for vim %s',
vim_id)
except IOError:
raise nfvo.VimKeyNotFoundException(vim_id=vim_id)
def encode_vim_auth(self, vim_id, auth):
"""Encode VIM credentials
Store VIM auth using fernet key encryption
"""
fernet_key, fernet_obj = self.kubernetes.create_fernet_key()
if ('password' in auth) and (auth['password'] is not None):
encoded_auth = fernet_obj.encrypt(auth['password'].encode('utf-8'))
auth['password'] = encoded_auth
if 'bearer_token' in auth:
encoded_auth = fernet_obj.encrypt(
auth['bearer_token'].encode('utf-8'))
auth['bearer_token'] = encoded_auth
if auth.get('ssl_ca_cert', ''):
encoded_auth = fernet_obj.encrypt(
auth['ssl_ca_cert'].encode('utf-8'))
auth['ssl_ca_cert'] = encoded_auth
if CONF.k8s_vim.use_barbican:
try:
k_context = t_context.generate_tacker_service_context()
keystone_conf = CONF.keystone_authtoken
keymgr_api = KEYMGR_API(keystone_conf.auth_url)
secret_uuid = keymgr_api.store(k_context, fernet_key)
auth['key_type'] = 'barbican_key'
auth['secret_uuid'] = secret_uuid
LOG.debug('VIM auth successfully stored for vim %s', vim_id)
except Exception as exception:
LOG.warning('VIM key creation failed for vim %s due to %s',
vim_id, exception)
raise
else:
raise nfvo.VimEncryptKeyError(vim_id=vim_id)
def delete_vim_auth(self, vim_id, auth):
"""Delete vim information
Delete vim key stored in file system
"""
LOG.debug('Attempting to delete key for vim id %s', vim_id)
if auth.get('key_type') == 'barbican_key':
try:
k_context = t_context.generate_tacker_service_context()
keystone_conf = CONF.keystone_authtoken
secret_uuid = auth['secret_uuid']
keymgr_api = KEYMGR_API(keystone_conf.auth_url)
keymgr_api.delete(k_context, secret_uuid)
LOG.debug('VIM key deleted successfully for vim %s',
vim_id)
except Exception as ex:
LOG.warning('VIM key deletion failed for vim %s due to %s',
vim_id,
ex)
raise
else:
key_file = os.path.join(CONF.vim_keys.openstack, vim_id)
try:
os.remove(key_file)
LOG.debug('VIM key deleted successfully for vim %s',
vim_id)
except OSError:
LOG.warning('VIM key deletion failed for vim %s',
vim_id)
def encode_vim_auth(self, context, vim_id, auth):
"""Encode VIM credentials
Store VIM auth using fernet key encryption
"""
fernet_key, fernet_obj = self.kubernetes.create_fernet_key()
if 'password' in auth:
encoded_auth = fernet_obj.encrypt(auth['password'].encode('utf-8'))
auth['password'] = encoded_auth
elif 'bearer_token' in auth:
encoded_auth = fernet_obj.encrypt(
auth['bearer_token'].encode('utf-8'))
auth['bearer_token'] = encoded_auth
if CONF.k8s_vim.use_barbican:
try:
keystone_conf = CONF.keystone_authtoken
keymgr_api = KEYMGR_API(keystone_conf.auth_url)
secret_uuid = keymgr_api.store(context, fernet_key)
auth['key_type'] = 'barbican_key'
auth['secret_uuid'] = secret_uuid
LOG.debug('VIM auth successfully stored for vim %s', vim_id)
except Exception as ex:
LOG.warning('VIM key creation failed for vim %s due to %s',
vim_id, ex)
raise
else:
auth['key_type'] = 'fernet_key'
key_file = os.path.join(CONF.k8s_vim.kubernetes_fernet_path,
vim_id)
try:
with open(key_file, 'w') as f:
if six.PY2:
f.write(fernet_key.decode('utf-8'))
else:
f.write(fernet_key)
LOG.debug('VIM auth successfully stored for vim %s',
vim_id)
except IOError:
raise nfvo.VimKeyNotFoundException(vim_id=vim_id)
def _decode_vim_auth(self, context, vim_id, auth):
"""Decode Vim credentials
Decrypt VIM cred, get fernet Key from local_file_system or
barbican.
"""
cred = auth['password'].encode('utf-8')
if auth.get('key_type') == 'barbican_key':
keystone_conf = CONF.keystone_authtoken
secret_uuid = auth['secret_uuid']
keymgr_api = KEYMGR_API(keystone_conf.auth_url)
secret_obj = keymgr_api.get(context, secret_uuid)
vim_key = secret_obj.payload
else:
vim_key = self._find_vim_key(vim_id)
f = fernet.Fernet(vim_key)
if not f:
LOG.warning('Unable to decode VIM auth')
raise nfvo.VimNotFoundException('Unable to decode VIM auth key')
return f.decrypt(cred)
def _decode_vim_auth(self, vim_id, auth, secret_value):
"""Decode Vim credentials
Decrypt VIM cred, get fernet Key from local_file_system or
barbican.
"""
cred = secret_value.encode('utf-8')
if auth.get('key_type') == 'barbican_key':
keystone_conf = CONF.keystone_authtoken
secret_uuid = auth['secret_uuid']
keymgr_api = KEYMGR_API(keystone_conf.auth_url)
k_context = t_context.generate_tacker_service_context()
secret_obj = keymgr_api.get(k_context, secret_uuid)
vim_key = secret_obj.payload
else:
vim_key = self._find_vim_key(vim_id)
f = fernet.Fernet(vim_key)
if not f:
LOG.warning('Unable to decode VIM auth')
raise nfvo.VimNotFoundException(vim_id=vim_id)
return f.decrypt(cred)
def delete_vim_auth(self, context, vim_id, auth):
"""Delete kubernetes vim information
Delete vim key stored in file system
"""
if 'secret_uuid' in auth:
# Delete secret id of barbican
LOG.debug('Attempting to delete key for vim id %s', vim_id)
if auth.get('key_type') == 'barbican_key':
try:
keystone_conf = CONF.keystone_authtoken
secret_uuid = auth['secret_uuid']
keymgr_api = KEYMGR_API(keystone_conf.auth_url)
keymgr_api.delete(context, secret_uuid)
LOG.debug('VIM key deleted successfully for vim %s',
vim_id)
except Exception as exception:
LOG.warning('VIM key deletion failed for vim %s due to %s',
vim_id, exception)
raise
else:
raise nfvo.VimEncryptKeyError(vim_id=vim_id)
def encode_vim_auth(self, vim_id, auth):
"""Encode VIM credentials
Store VIM auth using fernet key encryption
"""
fernet_key, fernet_obj = self.keystone.create_fernet_key()
encoded_auth = fernet_obj.encrypt(auth['password'].encode('utf-8'))
auth['password'] = encoded_auth
if CONF.vim_keys.use_barbican:
try:
k_context = t_context.generate_tacker_service_context()
keystone_conf = CONF.keystone_authtoken
keymgr_api = KEYMGR_API(keystone_conf.auth_url)
secret_uuid = keymgr_api.store(k_context, fernet_key)
auth['key_type'] = 'barbican_key'
auth['secret_uuid'] = secret_uuid
LOG.debug('VIM auth successfully stored for vim %s',
vim_id)
except Exception as ex:
LOG.warning('VIM key creation failed for vim %s due to %s',
vim_id,
ex)
raise
else:
auth['key_type'] = 'fernet_key'
key_file = os.path.join(CONF.vim_keys.openstack, vim_id)
try:
with open(key_file, 'w') as f:
if six.PY2:
f.write(fernet_key.decode('utf-8'))
else:
f.write(fernet_key)
LOG.debug('VIM auth successfully stored for vim %s',
vim_id)
except IOError:
raise nfvo.VimKeyNotFoundException(vim_id=vim_id)
def encode_vim_auth(self, vim_id, auth):
"""Encode VIM credentials
Store VIM auth using fernet key encryption
"""
fernet_key, fernet_obj = self.kubernetes.create_fernet_key()
if ('password' in auth) and (auth['password'] is not None):
encoded_auth = fernet_obj.encrypt(
auth['password'].encode('utf-8'))
auth['password'] = encoded_auth
if 'bearer_token' in auth:
encoded_auth = fernet_obj.encrypt(
auth['bearer_token'].encode('utf-8'))
auth['bearer_token'] = encoded_auth
if auth.get('ssl_ca_cert', ''):
encoded_auth = fernet_obj.encrypt(
auth['ssl_ca_cert'].encode('utf-8'))
auth['ssl_ca_cert'] = encoded_auth
if CONF.k8s_vim.use_barbican:
try:
k_context = t_context.generate_tacker_service_context()
keystone_conf = CONF.keystone_authtoken
keymgr_api = KEYMGR_API(keystone_conf.auth_url)
secret_uuid = keymgr_api.store(k_context, fernet_key)
auth['key_type'] = 'barbican_key'
auth['secret_uuid'] = secret_uuid
LOG.debug('VIM auth successfully stored for vim %s',
vim_id)
except Exception as exception:
LOG.warning('VIM key creation failed for vim %s due to %s',
vim_id,
exception)
raise
else:
raise nfvo.VimEncryptKeyError(vim_id=vim_id)
