x/shovel
Code Issues Proposed changes

Encryption updates

Browse Source
This commit is contained in:
andre keedy 2015-12-15 12:54:09 -05:00
parent f158958498
commit 5442aaea80
12 changed files with 150 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Shovel/api/swagger.json
View File

@ -550,26 +550,9 @@
"config": {
"type": "object",
"properties": {
"http": {
"type": "boolean"
},
"httpPort": {
"type": "integer",
"format": "int32"
},
"https": {
"type": "boolean"
}
}
},
"onrack": {
"type": "object",
"properties": {
"httpHost": {
"type": "string"
},
"httpPort": {
"type": "string"
}
}
},

67
Shovel/config.json
View File

@ -1,48 +1,39 @@
{
"appver": "v0.1",
"apiver": "v1.1",
"http": true,
"httpPort": 9005,
"https": true,
"httpsCert": "data/dev-cert.pem",
"httpsKey": "data/dev-key.pem",
"httpsPort": 443,
"logfileLocation": "./logs",
"hostname": "0.0.0.0",
"monorail" : {
"httpHost" : "10.240.19.240",
"httpPort" : "8080",
"version" : "1.1"
"shovel": {
"appver": "v0.1",
"apiver": "v1.1",
"httpPort": 9005,
"hostname": "0.0.0.0"
},
"onrack": {
"httpHost" : "172.31.128.1",
"httpPort" : "80",
"httpsPort" : "443"
"monorail": {
"httpHost": "172.31.128.1",
"httpPort": "8080",
"version": "1.1"
},
"ironic": {
"httpHost" : "172.31.128.7",
"httpPort" : "6385",
"version" : "v1",
"os_username" : "admin",
"os_password" : "root",
"os_tenant_name" : "admin",
"os_auth_token" : "None",
"insecure" : "False"
},
"keystone": {
"httpHost": "172.31.128.7",
"httpPort": "5000",
"version": "v2.0"
},
"glance": {
"httpHost": "172.31.128.7",
"httpPort": "9292",
"httpHost": "172.31.128.145",
"httpPort": "6385",
"version": "v1",
"os_username": "admin",
"os_password": "root",
"os_password": "WUAPAvNNK+51D+JsotLxCQ==",
"os_tenant_name": "admin",
"os_auth_token": "None",
"insecure": "False"
},
"key":"Random-Key"
}
"keystone": {
"httpHost": "172.31.128.145",
"httpPort": "5000",
"version": "v2.0"
},
"glance": {
"httpHost": "172.31.128.145",
"httpPort": "9292",
"version": "v1",
"os_username": "admin",
"os_password": "WUAPAvNNK+51D+JsotLxCQ==",
"os_tenant_name": "admin",
"os_auth_token": "None",
"insecure": "False"
},
"key": "CBC6CEB67F4A347DCE43D83A6FA16"
}

142
Shovel/controllers/Shovel.js
View File

@ -7,7 +7,10 @@ var config = require('./../config.json');
var glance = require('./../lib/api/openstack/glance');
var keystone = require('./../lib/api/openstack/keystone');
var logger = require('./../lib/services/logger').Logger;
var encryption = require('./encryption');
var encryption = require('./../lib/services/encryption');
var jsonfile = require('jsonfile');
var _ = require('underscore');
var ironicConfig = config.ironic;
var glanceConfig = config.glance;
@ -476,9 +479,13 @@ module.exports.unregisterdel = function unregisterdel(req, res, next) {
* @apiVersion 1.1.0
*/
module.exports.configsetmono = function configsetmono(req, res, next) {
var content = setConfig('monorail',req.body);
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify(content));
res.setHeader('content-type', 'text/plain');
if (setConfig('monorail', req.body)) {
res.end('success');
}
else {
res.end('failed to update monorail config');
};
};
/*
@ -487,9 +494,13 @@ module.exports.configsetmono = function configsetmono(req, res, next) {
* @apiVersion 1.1.0
*/
module.exports.configsetkeystone = function configsetkeystone(req, res, next) {
var content = setConfig('keystone',req.body);
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify(content));
res.setHeader('content-type', 'text/plain');
if (setConfig('keystone', req.body)) {
res.end('success');
}
else {
res.end('failed to update keystone config');
};
};
/*
@ -498,17 +509,24 @@ module.exports.configsetkeystone = function configsetkeystone(req, res, next) {
* @apiVersion 1.1.0
*/
module.exports.configsetironic = function configsetironic(req, res, next) {
var interseptedJson = req.body;
var orgPass = interseptedJson.os_password;
var encryptedpass = encryption.encrypt(orgPass, 'aes-256-cbc', 'utf8', 'base64')
interseptedJson.os_password = encryptedpass;
var content = setConfig('ironic',interseptedJson);
var decrypted = encryption.decrypt(interseptedJson.os_password, 'aes-256-cbc', 'utf8', 'base64')
var content = setConfig('ironic',req.body);
content.os_password = '[REDACTED]';
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify(content));
res.setHeader('content-type', 'text/plain');
if (req.body.hasOwnProperty('os_password')) {
var password = req.body.os_password;
//replace password with encrypted value
try{
req.body.os_password = encryption.encrypt(password);
}
catch (err) {
logger.error(err);
res.end('failed to update ironic config');
}
}
if (setConfig('ironic', req.body)) {
res.end('success');
}
else {
res.end('failed to update ironic config');
};
};
/*
@ -517,16 +535,24 @@ module.exports.configsetironic = function configsetironic(req, res, next) {
* @apiVersion 1.1.0
*/
module.exports.configsetglance = function configsetglance(req, res, next) {
var interseptedJson = req.body;
var orgPass = interseptedJson.os_password;
var encryptedpass = encryption.encrypt(orgPass, 'aes-256-cbc', 'utf8', 'base64')
interseptedJson.os_password = encryptedpass;
var content = setConfig('ironic',interseptedJson);
var decrypted = encryption.decrypt(interseptedJson.os_password, 'aes-256-cbc', 'utf8', 'base64')
var content = setConfig('glance',req.body);
content.os_password = '[REDACTED]';
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify(content));
res.setHeader('content-type', 'text/plain');
if (req.body.hasOwnProperty('os_password')) {
var password = req.body.os_password;
//replace password with encrypted value
try {
req.body.os_password = encryption.encrypt(password);
}
catch (err) {
logger.error(err);
res.end('failed to update ironic config');
}
}
if (setConfig('glance', req.body)) {
res.end('success');
}
else {
res.end('failed to update glance config');
};
};
/*
@ -535,46 +561,37 @@ module.exports.configsetglance = function configsetglance(req, res, next) {
* @apiVersion 1.1.0
*/
module.exports.configset = function configset(req, res, next) {
var content = setConfig(null,req.body);
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify(content));
res.setHeader('content-type', 'text/plain');
if (setConfig('shovel', req.body) == true) {
res.end('success');
}
else {
res.end('failed to update shovel config');
};
};
function setConfig(keyValue,entry){
function setConfig(keyValue, entry) {
var filename = require('path').dirname(require.main.filename) + '/config.json';
try {
var fs = require('fs');
var path = require('path');
var is_changed = false;
var appDir = path.dirname(require.main.filename);
var file_content = fs.readFileSync(appDir + '/config.json');
var output = JSON.parse(file_content);
var content = (keyValue == null) ? output : output[keyValue];
logger.info(content);
for (var initem in Object.keys(entry)) {
for (var orgitem in Object.keys(content)) {
if (Object.keys(entry)[initem] == Object.keys(content)[orgitem]) {
var key = Object.keys(content)[orgitem];
content[key] = entry[key];
is_changed = true;
}
}
}
if (is_changed) {
if (keyValue != null) {
output[keyValue] = content;
}
else {
output = content;
}
fs.writeFileSync(appDir + '/config.json', JSON.stringify(output));
}
jsonfile.readFile(filename, function (err, output) {
var content = (keyValue == null) ? output : output[keyValue];
var filteredList = _.pick(content, Object.keys(entry));
_.each(Object.keys(filteredList), function (key) {
logger.info(key);
content[key] = entry[key];
});
output[keyValue] = content;
jsonfile.writeFile(filename, output, { spaces: 2 }, function (err) {
logger.info(content);
});
});
}
catch (err) {
logger.error(err);
return err;
return false;
}
logger.info(content);
return content
return true;
}
/*
@ -592,13 +609,10 @@ module.exports.configget = function configget(req, res, next) {
if (content.ironic.hasOwnProperty("os_password")){
content.ironic.os_password = '[REDACTED]';
}
if (content.glance.hasOwnProperty("os_password")) {
content.glance.os_password = '[REDACTED]';
}
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify(content));
};

33
Shovel/controllers/encryption.js
View File

@ -1,33 +0,0 @@
var crypto = require('crypto')
//Import the config file
var fs = require('fs');
var path = require('path');
var appDir = path.dirname(require.main.filename);
var file_content = fs.readFileSync(appDir + '/config.json');
var output = JSON.parse(file_content);
key = output.key;
var CryptoFuncs = {
encrypt: function (text1,algorithm,input_encoding, out_encoding){
var cipher = crypto.createCipher(algorithm, key);
var cipher = crypto.createCipher(algorithm, key);
cipher.update(text1, input_encoding, out_encoding);
var encryptedPassword = cipher.final(out_encoding);
//console.log("Key is", key);
return encryptedPassword;
},
decrypt: function (text1,algorithm,input_encoding, out_encoding){
var decipher = crypto.createDecipher(algorithm, key);
decipher.update(text1 , out_encoding, input_encoding);
var decryptedPassword = decipher.final(input_encoding);
return decryptedPassword;
}
};
module.exports = Object.create(CryptoFuncs);

10
Shovel/index.js
View File

@ -6,7 +6,7 @@ var http = require('http');
var swaggerTools = require('swagger-tools');
var config = require('./config.json');
var Poller = require('./lib/services/poller');
var serverPort = config.httpPort;
var serverPort = config.shovel.httpPort;
// swaggerRouter configuration
var options = {
@ -33,10 +33,10 @@ swaggerTools.initializeMiddleware(swaggerDoc, function (middleware) {
app.use(middleware.swaggerUi());
// Start the server
http.createServer(app).listen(config.httpPort, config.hostname, function () {
console.log('Your server is listening on port %d ', config.httpPort);
console.log('Swagger-ui is available on http://%s:%d/docs', config.hostname, config.httpPort);
http.createServer(app).listen(config.shovel.httpPort, config.shovel.hostname, function () {
console.log('Your server is listening on port %d ', config.shovel.httpPort);
console.log('Swagger-ui is available on http://%s:%d/docs', config.shovel.hostname, config.shovel.httpPort);
var pollerInstance = new Poller(5000);//timeInterval to 5s
pollerInstance.startServer();
});
});
});

0
Shovel/client.js → Shovel/lib/api/client.js
View File

2
Shovel/lib/api/monorail/monorail.js
View File

@ -1,5 +1,5 @@
var config = require('./../../../config.json');
var client = require('./../../../client');
var client = require('./../client');
var Promise = require('bluebird');
Promise.promisifyAll(client);

2
Shovel/lib/api/openstack/glance.js
View File

@ -1,5 +1,5 @@
var config = require('./../../../config.json');
var client = require('./../../../client');
var client = require('./../client');
var Promise = require('bluebird');
Promise.promisifyAll(client);

2
Shovel/lib/api/openstack/ironic.js
View File

@ -1,5 +1,5 @@
var config = require('./../../../config.json');
var client = require('./../../../client');
var client = require('./../client');
var Promise = require('bluebird');
Promise.promisifyAll(client);
var pfx = config.ironic.version;

17
Shovel/lib/api/openstack/keystone.js
View File

@ -1,9 +1,11 @@
/* keystone authentication */
var config = require('./../../../config.json');
var client = require('./../../../client');
var client = require('./../client');
var Promise = require('bluebird');
var encryption = require('./../../services/encryption');
var logger = require('./../../services/logger').Logger;
Promise.promisifyAll(client);
var encryption = require('./../../../controllers/encryption');
var request = {
host: config.keystone.httpHost,
@ -17,7 +19,15 @@ var request = {
var KeystoneAuthentication = {
authenticatePassword: function (tenantName, username, password) {
var decrypted = encryption.decrypt(password, 'random-key', 'aes-256-cbc', 'utf8', 'base64');
var decrypted;
try {
decrypted = encryption.decrypt(password);
}
catch (err) {
logger.error(err);
//return empty promise
return (Promise.resolve());
};
request.data = JSON.stringify(
{
'auth': {
@ -29,7 +39,6 @@ var KeystoneAuthentication = {
}
}
});
return (client.PostAsync(request));
},

19
Shovel/lib/services/encryption.js Normal file
View File

@ -0,0 +1,19 @@
var crypto = require('crypto')
var config = require('./../../config.json');
var CryptoFuncs = {
encrypt: function (text){
var cipher = crypto.createCipher('aes-256-cbc', config.key);
var cipher = crypto.createCipher('aes-256-cbc', config.key);
cipher.update(text, 'utf8', 'base64');
return cipher.final('base64');
},
decrypt: function (text){
var decipher = crypto.createDecipher('aes-256-cbc', config.key);
decipher.update(text, 'base64', 'utf8');
return decipher.final('utf8');
}
};
module.exports = Object.create(CryptoFuncs);

4
Shovel/package.json
View File

@ -22,7 +22,9 @@
"supertest": "^0.15.0",
"underscore": "^1.8.3",
"xunit-file": "0.0.6",
"winston": "2.1.1"
"winston": "2.1.1",
"jsonfile": "2.2.3",
"crypto": "0.0.3"
},
"scripts" :{
"postinstall": "scripts/post-install.sh",