etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-528: Config value has to be encrypted for Hidden category configs

This commit is contained in:
Kishan Kavala 2013-05-24 11:09:33 +05:30
parent 51cf797d5e
commit 3e02a76f00
2 changed files with 41 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
engine/schema/src/com/cloud/upgrade/dao/Upgrade302to40.java
View File

@ -18,6 +18,7 @@
package com.cloud.upgrade.dao;
import java.io.File;
import java.io.UnsupportedEncodingException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
@ -72,6 +73,7 @@ public class Upgrade302to40 extends Upgrade30xBase implements DbUpgrade {
fixForeignKeys(conn);
setupExternalNetworkDevices(conn);
fixZoneUsingExternalDevices(conn);
encryptConfig(conn);
}
@Override
@ -1079,4 +1081,43 @@ public class Upgrade302to40 extends Upgrade30xBase implements DbUpgrade {
s_logger.info("Successfully upgraded networks using F5 and SRX devices to have a entry in the network_external_lb_device_map and network_external_firewall_device_map");
}
}
private void encryptConfig(Connection conn){
//Encrypt config params and change category to Hidden
s_logger.debug("Encrypting Config values");
PreparedStatement pstmt = null;
ResultSet rs = null;
try {
pstmt = conn.prepareStatement("select name, value from `cloud`.`configuration` where name in ('router.ram.size', 'secondary.storage.vm', 'security.hash.key') and category <> 'Hidden'");
rs = pstmt.executeQuery();
while (rs.next()) {
String name = rs.getString(1);
String value = rs.getString(2);
if (value == null) {
continue;
}
String encryptedValue = DBEncryptionUtil.encrypt(value);
pstmt = conn.prepareStatement("update `cloud`.`configuration` set value=?, category = 'Hidden' where name=?");
pstmt.setBytes(1, encryptedValue.getBytes("UTF-8"));
pstmt.setString(2, name);
pstmt.executeUpdate();
}
} catch (SQLException e) {
throw new CloudRuntimeException("Unable encrypt configuration values ", e);
} catch (UnsupportedEncodingException e) {
throw new CloudRuntimeException("Unable encrypt configuration values ", e);
} finally {
try {
if (rs != null) {
rs.close();
}
if (pstmt != null) {
pstmt.close();
}
} catch (SQLException e) {
}
}
s_logger.debug("Done encrypting Config values");
}
}

3
setup/db/db/schema-302to40.sql
View File

@ -114,9 +114,6 @@ UPDATE `cloud`.`configuration` set component='NetworkManager' where name='router
UPDATE `cloud`.`configuration` set component='NetworkManager' where name='router.template.id';
UPDATE `cloud`.`configuration` set category='Advanced' where name='capacity.skipcounting.hours';
UPDATE `cloud`.`configuration` set category='Advanced' where name='use.local.storage';
UPDATE `cloud`.`configuration` set category='Hidden' where name='router.ram.size';
UPDATE `cloud`.`configuration` set category='Hidden' where name='secondary.storage.vm';
UPDATE `cloud`.`configuration` set category='Hidden' where name='security.hash.key';
UPDATE `cloud`.`configuration` set description = 'Percentage (as a value between 0 and 1) of local storage utilization above which alerts will be sent about low local storage available.' where name = 'cluster.localStorage.capacity.notificationthreshold';
DELETE FROM `cloud`.`configuration` WHERE name='direct.agent.pool.size';