F #3064: adapt DDC to new secrets handling (#3716)

share/etc/oned.conf

@@ -1079,6 +1079,17 @@ HOST_ENCRYPTED_ATTR = "ONE_PASSWORD"
 # VNET_ENCRYPTED_ATTR = "PROVISION/PACKET_TOKEN
 # VNET_ENCRYPTED_ATTR = "PROVISION/PACKET_TOKEN
 
+# DDC encrypted attrs
+HOST_ENCRYPTED_ATTR = "PROVISION/PACKET_TOKEN"
+HOST_ENCRYPTED_ATTR = "PROVISION/EC2_ACCESS"
+HOST_ENCRYPTED_ATTR = "PROVISION/EC2_SECRET"
+
+VNET_ENCRYPTED_ATTR = "AR/PACKET_TOKEN"
+
+DS_ENCRYPTED_ATTR = "AR/PACKET_TOKEN"
+
+CLUSTER_ENCRYPTED_ATTR = "AR/PACKET_TOKEN"
+
 #*******************************************************************************
 # Inherited Attributes Configuration
 #*******************************************************************************

share/hooks/alias_ip/alias_ip.rb

@@ -73,7 +73,7 @@ def log_error(msg)
 
 def one_fetch(client, type, id)
     object = type.new_with_id(id, client)
-    rc = object.info
+    rc = object.info(true)
 
     if OpenNebula.is_error?(rc)
         STDERR.puts(rc.message)
@@ -112,22 +112,10 @@ def device_has_ip?(packet_client, device_id, ip_id)
 end
 
 def manage_packet(host, ip, address_range, assign = true)
-    cidr = "#{ip}/32"
-
-    system = OpenNebula::System.new(OpenNebula::Client.new)
-    config = system.get_configuration
-
-    if OpenNebula.is_error?(config)
-        STDERR.puts("Error getting oned configuration : #{config.message}")
-        exit(-1)
-    end
-
-    token = config['ONE_KEY']
-    ar_token = OpenNebula.decrypt({ :value => address_range['PACKET_TOKEN'] },
-                                  token)[:value]
+    cidr         = "#{ip}/32"
     ar_deploy_id = address_range['DEPLOY_ID']
 
-    packet_client = Packet::Client.new(ar_token)
+    packet_client = Packet::Client.new(address_range['PACKET_TOKEN'])
     packet_ip = find_packet_ip_assignment(packet_client, ar_deploy_id, cidr)
 
     if assign == true

src/ipamm_mad/remotes/packet/allocate_address

@@ -81,17 +81,6 @@ if ar_size.to_i != 1
     exit(-1)
 end
 
-system = OpenNebula::System.new(OpenNebula::Client.new)
-config = system.get_configuration
-
-if OpenNebula.is_error?(config)
-    STDERR.puts("Error getting oned configuration : #{config.message}")
-    exit(-1)
-end
-
-token = config['ONE_KEY']
-ar_token = OpenNebula.decrypt({ :value => ar_token }, token)[:value]
-
 packet = Packet::Client.new
 packet.auth_token = ar_token
 

src/ipamm_mad/remotes/packet/free_address

@@ -93,17 +93,6 @@ if ar_size.to_i != 1
     exit(-1)
 end
 
-system = OpenNebula::System.new(OpenNebula::Client.new)
-config = system.get_configuration
-
-if OpenNebula.is_error?(config)
-    STDERR.puts("Error getting oned configuration : #{config.message}")
-    exit(-1)
-end
-
-token = config['ONE_KEY']
-ar_token = OpenNebula.decrypt({ :value => ar_token }, token)[:value]
-
 packet = Packet::Client.new
 packet.auth_token = ar_token
 

src/ipamm_mad/remotes/packet/get_address

@@ -87,17 +87,6 @@ if ar_size.to_i != 1
     exit(-1)
 end
 
-system = OpenNebula::System.new(OpenNebula::Client.new)
-config = system.get_configuration
-
-if OpenNebula.is_error?(config)
-    STDERR.puts("Error getting oned configuration : #{config.message}")
-    exit(-1)
-end
-
-token = config['ONE_KEY']
-ar_token = OpenNebula.decrypt({ :value => ar_token }, token)[:value]
-
 packet = Packet::Client.new
 packet.auth_token = ar_token
 

src/ipamm_mad/remotes/packet/register_address_range

@@ -94,20 +94,8 @@ require 'opennebula'
 
 data = Nokogiri::XML(Base64.decode64(STDIN.read))
 
-ar_token = data.xpath('//AR/PACKET_TOKEN').text
-
-system = OpenNebula::System.new(OpenNebula::Client.new)
-config = system.get_configuration
-
-if OpenNebula.is_error?(config)
-    STDERR.puts("Error getting oned configuration : #{config.message}")
-    exit(-1)
-end
-
-token = config['ONE_KEY']
-
 packet = Packet::Client.new
-packet.auth_token = OpenNebula.decrypt({ :value => ar_token }, token)[:value]
+packet.auth_token = data.xpath('//AR/PACKET_TOKEN').text
 
 ip = Packet::Ip.new
 ip.project_id = data.xpath('//AR/PACKET_PROJECT').text

src/ipamm_mad/remotes/packet/unregister_address_range

@@ -63,17 +63,6 @@ data = Nokogiri::XML(Base64.decode64(STDIN.read))
 ar_token = data.xpath('//AR/PACKET_TOKEN').text
 deploy_id = data.xpath('//AR/DEPLOY_ID').text.to_s
 
-system = OpenNebula::System.new(OpenNebula::Client.new)
-config = system.get_configuration
-
-if OpenNebula.is_error?(config)
-    STDERR.puts("Error getting oned configuration : #{config.message}")
-    exit(-1)
-end
-
-token = config['ONE_KEY']
-ar_token = OpenNebula.decrypt({ :value => ar_token }, token)[:value]
-
 begin
     packet = Packet::Client.new
     packet.auth_token = ar_token

src/oneprovision/lib/utils.rb

@@ -22,8 +22,6 @@
 require 'highline'
 require 'highline/import'
 
-ENCRYPT_VALUES = %w[PACKET_TOKEN EC2_SECRET EC2_ACCESS]
-
 # Cleanup Exception
 class OneProvisionCleanupException < RuntimeError
 end
@@ -325,8 +323,7 @@ def create_deployment_file(host, provision_id, provision_name)
                             xml.PROVISION do
                                 host['provision'].each do |key, value|
                                     if key != 'driver'
-                                        encrypt = encrypt(key.upcase, value)
-                                        xml.send(key.upcase, encrypt)
+                                        xml.send(key.upcase, value)
                                     end
                                 end
                                 xml.send('PROVISION_ID', provision_id)
@@ -417,8 +414,7 @@ def template_like_str(attributes, indent = true)
                                     str = ind_tab + key3.to_s.upcase + '='
 
                                     if value3
-                                        str += "\"#{encrypt(key3.to_s.upcase,
-                                                            value3.to_s)}\""
+                                        str += "\"#{value3}\""
                                     end
 
                                     str
@@ -434,8 +430,7 @@ def template_like_str(attributes, indent = true)
                             str = ind_tab + key3.to_s.upcase + '='
 
                             if value3
-                                str += "\"#{encrypt(key3.to_s.upcase,
-                                                    value3.to_s)}\""
+                                str += "\"#{value3}\""
                             end
 
                             str
@@ -444,33 +439,14 @@ def template_like_str(attributes, indent = true)
                         str_line << "\n]\n"
 
                     else
-                        str_line << key.to_s.upcase << '=' \
-                            "\"#{encrypt(key.to_s.upcase, value.to_s)}\""
+                        str_line << key.to_s.upcase << '=' << "\"#{value}\""
                     end
                     str_line
                 end.compact.join("\n")
 
                 str
             end
 
-            # Encrypts a value
-            #
-            # @param key   [String] Key to encrypt
-            # @param value [String] Value to encrypt
-            #
-            # @return      [String] Encrypted value
-            def encrypt(key, value)
-                if ENCRYPT_VALUES.include? key
-                    system = OpenNebula::System.new(OpenNebula::Client.new)
-                    config = system.get_configuration
-                    token = config['ONE_KEY']
-
-                    OpenNebula.encrypt({ :value => value }, token)[:value]
-                else
-                    value
-                end
-            end
-
         end
 
     end

src/vmm_mad/remotes/packet/packet_driver.rb

@@ -78,15 +78,11 @@ def initialize(host, one=OpenNebula::Client.new)
         @one = one
         @packet = Packet::Client.new
 
-        if host.is_a?(String)
-            @host = get_xhost_by_name(host)
+        host = host['NAME'] unless host.is_a?(String)
 
-            unless @host
-                raise "Host not found #{host}"
-            end
-        else
-            @host = host
-        end
+        @host = get_xhost_by_name(host)
+
+        raise "Host not found #{host}" unless @host
 
         @globals = get_globals(@host)
         @packet.auth_token = @globals['PACKET_TOKEN']
@@ -397,40 +393,34 @@ def generate_cc(xobj, xpath_context)
     end
 
     def get_globals(xhost)
-        # get token
-        system = OpenNebula::System.new(@one)
-        config = system.get_configuration
-        raise "Error getting oned configuration : #{config.message}" if OpenNebula.is_error?(config)
-        token = config["ONE_KEY"]
-
         if xhost["TEMPLATE/PROVISION"]
             tmplBase = 'TEMPLATE/PROVISION'
         else
             tmplBase = 'TEMPLATE'
         end
 
-        conn_opts = {
-            'PACKET_TOKEN' => xhost["#{tmplBase}/PACKET_TOKEN"],
-        }
-
-        conn_opts = OpenNebula.decrypt(conn_opts, token)
+        conn_opts = {}
 
         begin
-            #conn_opts = OpenNebula.decrypt(conn_opts, token)
-            conn_opts['PROJECT'] = xhost["#{tmplBase}/PACKET_PROJECT"]
+            conn_opts['PACKET_TOKEN'] = xhost["#{tmplBase}/PACKET_TOKEN"]
+            conn_opts['PROJECT']      = xhost["#{tmplBase}/PACKET_PROJECT"]
         rescue
             raise "HOST: #{xhost['NAME']} must have Packet credentials"
         end
 
-        return conn_opts
+        conn_opts
     end
 
     def get_xhost_by_name(host)
         pool = OpenNebula::HostPool.new(@one)
         pool.info
 
         objects = pool.select {|object| object.name == host }
-        objects.first
+        host    = objects.first
+
+        host.info(true)
+
+        host
     end
 
     # Create a Packet::Device object with parameters