x/shovel
Code Issues Proposed changes

Encryption updates

Browse Source
This commit is contained in:
andre keedy 2015-12-15 12:54:09 -05:00
parent f158958498
commit 5442aaea80
12 changed files with 150 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Shovel/api/swagger.json
View File

@ -550,26 +550,9 @@
"config": { "config": {
"type": "object", "type": "object",
"properties": { "properties": {
"http": {
"type": "boolean"
},
"httpPort": { "httpPort": {
"type": "integer", "type": "integer",
"format": "int32" "format": "int32"
},
"https": {
"type": "boolean"
}
}
},
"onrack": {
"type": "object",
"properties": {
"httpHost": {
"type": "string"
},
"httpPort": {
"type": "string"
} }
} }
}, },

67
Shovel/config.json
View File

@ -1,48 +1,39 @@
{ {
"appver": "v0.1", "shovel": {
"apiver": "v1.1", "appver": "v0.1",
"http": true, "apiver": "v1.1",
"httpPort": 9005, "httpPort": 9005,
"https": true, "hostname": "0.0.0.0"
"httpsCert": "data/dev-cert.pem",
"httpsKey": "data/dev-key.pem",
"httpsPort": 443,
"logfileLocation": "./logs",
"hostname": "0.0.0.0",
"monorail" : {
"httpHost" : "10.240.19.240",
"httpPort" : "8080",
"version" : "1.1"
}, },
"onrack": { "monorail": {
"httpHost" : "172.31.128.1", "httpHost": "172.31.128.1",
"httpPort" : "80", "httpPort": "8080",
"httpsPort" : "443" "version": "1.1"
}, },
"ironic": { "ironic": {
"httpHost" : "172.31.128.7", "httpHost": "172.31.128.145",
"httpPort" : "6385", "httpPort": "6385",
"version" : "v1",
"os_username" : "admin",
"os_password" : "root",
"os_tenant_name" : "admin",
"os_auth_token" : "None",
"insecure" : "False"
},
"keystone": {
"httpHost": "172.31.128.7",
"httpPort": "5000",
"version": "v2.0"
},
"glance": {
"httpHost": "172.31.128.7",
"httpPort": "9292",
"version": "v1", "version": "v1",
"os_username": "admin", "os_username": "admin",
"os_password": "root", "os_password": "WUAPAvNNK+51D+JsotLxCQ==",
"os_tenant_name": "admin", "os_tenant_name": "admin",
"os_auth_token": "None", "os_auth_token": "None",
"insecure": "False" "insecure": "False"
}, },
"key":"Random-Key" "keystone": {
} "httpHost": "172.31.128.145",
"httpPort": "5000",
"version": "v2.0"
},
"glance": {
"httpHost": "172.31.128.145",
"httpPort": "9292",
"version": "v1",
"os_username": "admin",
"os_password": "WUAPAvNNK+51D+JsotLxCQ==",
"os_tenant_name": "admin",
"os_auth_token": "None",
"insecure": "False"
},
"key": "CBC6CEB67F4A347DCE43D83A6FA16"
}

142
Shovel/controllers/Shovel.js
View File

@ -7,7 +7,10 @@ var config = require('./../config.json');
var glance = require('./../lib/api/openstack/glance'); var glance = require('./../lib/api/openstack/glance');
var keystone = require('./../lib/api/openstack/keystone'); var keystone = require('./../lib/api/openstack/keystone');
var logger = require('./../lib/services/logger').Logger; var logger = require('./../lib/services/logger').Logger;
var encryption = require('./encryption'); var encryption = require('./../lib/services/encryption');
var jsonfile = require('jsonfile');
var _ = require('underscore');
var ironicConfig = config.ironic; var ironicConfig = config.ironic;
var glanceConfig = config.glance; var glanceConfig = config.glance;
@ -476,9 +479,13 @@ module.exports.unregisterdel = function unregisterdel(req, res, next) {
* @apiVersion 1.1.0 * @apiVersion 1.1.0
*/ */
module.exports.configsetmono = function configsetmono(req, res, next) { module.exports.configsetmono = function configsetmono(req, res, next) {
var content = setConfig('monorail',req.body); res.setHeader('content-type', 'text/plain');
res.setHeader('Content-Type', 'application/json'); if (setConfig('monorail', req.body)) {
res.end(JSON.stringify(content)); res.end('success');
}
else {
res.end('failed to update monorail config');
};
}; };
/* /*
@ -487,9 +494,13 @@ module.exports.configsetmono = function configsetmono(req, res, next) {
* @apiVersion 1.1.0 * @apiVersion 1.1.0
*/ */
module.exports.configsetkeystone = function configsetkeystone(req, res, next) { module.exports.configsetkeystone = function configsetkeystone(req, res, next) {
var content = setConfig('keystone',req.body); res.setHeader('content-type', 'text/plain');
res.setHeader('Content-Type', 'application/json'); if (setConfig('keystone', req.body)) {
res.end(JSON.stringify(content)); res.end('success');
}
else {
res.end('failed to update keystone config');
};
}; };
/* /*
@ -498,17 +509,24 @@ module.exports.configsetkeystone = function configsetkeystone(req, res, next) {
* @apiVersion 1.1.0 * @apiVersion 1.1.0
*/ */
module.exports.configsetironic = function configsetironic(req, res, next) { module.exports.configsetironic = function configsetironic(req, res, next) {
var interseptedJson = req.body; res.setHeader('content-type', 'text/plain');
var orgPass = interseptedJson.os_password; if (req.body.hasOwnProperty('os_password')) {
var encryptedpass = encryption.encrypt(orgPass, 'aes-256-cbc', 'utf8', 'base64') var password = req.body.os_password;
interseptedJson.os_password = encryptedpass; //replace password with encrypted value
var content = setConfig('ironic',interseptedJson); try{
var decrypted = encryption.decrypt(interseptedJson.os_password, 'aes-256-cbc', 'utf8', 'base64') req.body.os_password = encryption.encrypt(password);
var content = setConfig('ironic',req.body); }
content.os_password = '[REDACTED]'; catch (err) {
res.setHeader('Content-Type', 'application/json'); logger.error(err);
res.end(JSON.stringify(content)); res.end('failed to update ironic config');
}
}
if (setConfig('ironic', req.body)) {
res.end('success');
}
else {
res.end('failed to update ironic config');
};
}; };
/* /*
@ -517,16 +535,24 @@ module.exports.configsetironic = function configsetironic(req, res, next) {
* @apiVersion 1.1.0 * @apiVersion 1.1.0
*/ */
module.exports.configsetglance = function configsetglance(req, res, next) { module.exports.configsetglance = function configsetglance(req, res, next) {
var interseptedJson = req.body; res.setHeader('content-type', 'text/plain');
var orgPass = interseptedJson.os_password; if (req.body.hasOwnProperty('os_password')) {
var encryptedpass = encryption.encrypt(orgPass, 'aes-256-cbc', 'utf8', 'base64') var password = req.body.os_password;
interseptedJson.os_password = encryptedpass; //replace password with encrypted value
var content = setConfig('ironic',interseptedJson); try {
var decrypted = encryption.decrypt(interseptedJson.os_password, 'aes-256-cbc', 'utf8', 'base64') req.body.os_password = encryption.encrypt(password);
var content = setConfig('glance',req.body); }
content.os_password = '[REDACTED]'; catch (err) {
res.setHeader('Content-Type', 'application/json'); logger.error(err);
res.end(JSON.stringify(content)); res.end('failed to update ironic config');
}
}
if (setConfig('glance', req.body)) {
res.end('success');
}
else {
res.end('failed to update glance config');
};
}; };
/* /*
@ -535,46 +561,37 @@ module.exports.configsetglance = function configsetglance(req, res, next) {
* @apiVersion 1.1.0 * @apiVersion 1.1.0
*/ */
module.exports.configset = function configset(req, res, next) { module.exports.configset = function configset(req, res, next) {
var content = setConfig(null,req.body); res.setHeader('content-type', 'text/plain');
res.setHeader('Content-Type', 'application/json'); if (setConfig('shovel', req.body) == true) {
res.end(JSON.stringify(content)); res.end('success');
}
else {
res.end('failed to update shovel config');
};
}; };
function setConfig(keyValue,entry){ function setConfig(keyValue, entry) {
var filename = require('path').dirname(require.main.filename) + '/config.json';
try { try {
var fs = require('fs'); jsonfile.readFile(filename, function (err, output) {
var path = require('path'); var content = (keyValue == null) ? output : output[keyValue];
var is_changed = false; var filteredList = _.pick(content, Object.keys(entry));
var appDir = path.dirname(require.main.filename); _.each(Object.keys(filteredList), function (key) {
var file_content = fs.readFileSync(appDir + '/config.json'); logger.info(key);
var output = JSON.parse(file_content); content[key] = entry[key];
var content = (keyValue == null) ? output : output[keyValue];
logger.info(content); });
for (var initem in Object.keys(entry)) { output[keyValue] = content;
for (var orgitem in Object.keys(content)) { jsonfile.writeFile(filename, output, { spaces: 2 }, function (err) {
if (Object.keys(entry)[initem] == Object.keys(content)[orgitem]) { logger.info(content);
var key = Object.keys(content)[orgitem]; });
content[key] = entry[key]; });
is_changed = true;
}
}
}
if (is_changed) {
if (keyValue != null) {
output[keyValue] = content;
}
else {
output = content;
}
fs.writeFileSync(appDir + '/config.json', JSON.stringify(output));
}
} }
catch (err) { catch (err) {
logger.error(err); logger.error(err);
return err; return false;
} }
logger.info(content); return true;
return content
} }
/* /*
@ -592,13 +609,10 @@ module.exports.configget = function configget(req, res, next) {
if (content.ironic.hasOwnProperty("os_password")){ if (content.ironic.hasOwnProperty("os_password")){
content.ironic.os_password = '[REDACTED]'; content.ironic.os_password = '[REDACTED]';
} }
if (content.glance.hasOwnProperty("os_password")) { if (content.glance.hasOwnProperty("os_password")) {
content.glance.os_password = '[REDACTED]'; content.glance.os_password = '[REDACTED]';
} }
res.setHeader('Content-Type', 'application/json'); res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify(content)); res.end(JSON.stringify(content));
}; };

33
Shovel/controllers/encryption.js
View File

@ -1,33 +0,0 @@
var crypto = require('crypto')
//Import the config file
var fs = require('fs');
var path = require('path');
var appDir = path.dirname(require.main.filename);
var file_content = fs.readFileSync(appDir + '/config.json');
var output = JSON.parse(file_content);
key = output.key;
var CryptoFuncs = {
encrypt: function (text1,algorithm,input_encoding, out_encoding){
var cipher = crypto.createCipher(algorithm, key);
var cipher = crypto.createCipher(algorithm, key);
cipher.update(text1, input_encoding, out_encoding);
var encryptedPassword = cipher.final(out_encoding);
//console.log("Key is", key);
return encryptedPassword;
},
decrypt: function (text1,algorithm,input_encoding, out_encoding){
var decipher = crypto.createDecipher(algorithm, key);
decipher.update(text1 , out_encoding, input_encoding);
var decryptedPassword = decipher.final(input_encoding);
return decryptedPassword;
}
};
module.exports = Object.create(CryptoFuncs);

10
Shovel/index.js
View File

@ -6,7 +6,7 @@ var http = require('http');
var swaggerTools = require('swagger-tools'); var swaggerTools = require('swagger-tools');
var config = require('./config.json'); var config = require('./config.json');
var Poller = require('./lib/services/poller'); var Poller = require('./lib/services/poller');
var serverPort = config.httpPort; var serverPort = config.shovel.httpPort;
// swaggerRouter configuration // swaggerRouter configuration
var options = { var options = {
@ -33,10 +33,10 @@ swaggerTools.initializeMiddleware(swaggerDoc, function (middleware) {
app.use(middleware.swaggerUi()); app.use(middleware.swaggerUi());
// Start the server // Start the server
http.createServer(app).listen(config.httpPort, config.hostname, function () { http.createServer(app).listen(config.shovel.httpPort, config.shovel.hostname, function () {
console.log('Your server is listening on port %d ', config.httpPort); console.log('Your server is listening on port %d ', config.shovel.httpPort);
console.log('Swagger-ui is available on http://%s:%d/docs', config.hostname, config.httpPort); console.log('Swagger-ui is available on http://%s:%d/docs', config.shovel.hostname, config.shovel.httpPort);
var pollerInstance = new Poller(5000);//timeInterval to 5s var pollerInstance = new Poller(5000);//timeInterval to 5s
pollerInstance.startServer(); pollerInstance.startServer();
}); });
}); });

0
Shovel/client.js → Shovel/lib/api/client.js
View File

2
Shovel/lib/api/monorail/monorail.js
View File

@ -1,5 +1,5 @@
var config = require('./../../../config.json'); var config = require('./../../../config.json');
var client = require('./../../../client'); var client = require('./../client');
var Promise = require('bluebird'); var Promise = require('bluebird');
Promise.promisifyAll(client); Promise.promisifyAll(client);

2
Shovel/lib/api/openstack/glance.js
View File

@ -1,5 +1,5 @@
var config = require('./../../../config.json'); var config = require('./../../../config.json');
var client = require('./../../../client'); var client = require('./../client');
var Promise = require('bluebird'); var Promise = require('bluebird');
Promise.promisifyAll(client); Promise.promisifyAll(client);

2
Shovel/lib/api/openstack/ironic.js
View File

@ -1,5 +1,5 @@
var config = require('./../../../config.json'); var config = require('./../../../config.json');
var client = require('./../../../client'); var client = require('./../client');
var Promise = require('bluebird'); var Promise = require('bluebird');
Promise.promisifyAll(client); Promise.promisifyAll(client);
var pfx = config.ironic.version; var pfx = config.ironic.version;

17
Shovel/lib/api/openstack/keystone.js
View File

@ -1,9 +1,11 @@
/* keystone authentication */ /* keystone authentication */
var config = require('./../../../config.json'); var config = require('./../../../config.json');
var client = require('./../../../client'); var client = require('./../client');
var Promise = require('bluebird'); var Promise = require('bluebird');
var encryption = require('./../../services/encryption');
var logger = require('./../../services/logger').Logger;
Promise.promisifyAll(client); Promise.promisifyAll(client);
var encryption = require('./../../../controllers/encryption');
var request = { var request = {
host: config.keystone.httpHost, host: config.keystone.httpHost,
@ -17,7 +19,15 @@ var request = {
var KeystoneAuthentication = { var KeystoneAuthentication = {
authenticatePassword: function (tenantName, username, password) { authenticatePassword: function (tenantName, username, password) {
var decrypted = encryption.decrypt(password, 'random-key', 'aes-256-cbc', 'utf8', 'base64'); var decrypted;
try {
decrypted = encryption.decrypt(password);
}
catch (err) {
logger.error(err);
//return empty promise
return (Promise.resolve());
};
request.data = JSON.stringify( request.data = JSON.stringify(
{ {
'auth': { 'auth': {
@ -29,7 +39,6 @@ var KeystoneAuthentication = {
} }
} }
}); });
return (client.PostAsync(request)); return (client.PostAsync(request));
}, },

19
Shovel/lib/services/encryption.js Normal file
View File

@ -0,0 +1,19 @@
var crypto = require('crypto')
var config = require('./../../config.json');
var CryptoFuncs = {
encrypt: function (text){
var cipher = crypto.createCipher('aes-256-cbc', config.key);
var cipher = crypto.createCipher('aes-256-cbc', config.key);
cipher.update(text, 'utf8', 'base64');
return cipher.final('base64');
},
decrypt: function (text){
var decipher = crypto.createDecipher('aes-256-cbc', config.key);
decipher.update(text, 'base64', 'utf8');
return decipher.final('utf8');
}
};
module.exports = Object.create(CryptoFuncs);

4
Shovel/package.json
View File

@ -22,7 +22,9 @@
"supertest": "^0.15.0", "supertest": "^0.15.0",
"underscore": "^1.8.3", "underscore": "^1.8.3",
"xunit-file": "0.0.6", "xunit-file": "0.0.6",
"winston": "2.1.1" "winston": "2.1.1",
"jsonfile": "2.2.3",
"crypto": "0.0.3"
}, },
"scripts" :{ "scripts" :{
"postinstall": "scripts/post-install.sh", "postinstall": "scripts/post-install.sh",