From 2b3268810eaf2e72217fdcbb50e1cae323824973 Mon Sep 17 00:00:00 2001
From: mabuaisha <mohammeda@cloudify.co>
Date: Tue, 6 Oct 2020 16:47:28 +0300
Subject: [PATCH] CY-3629 Decode decrypted password for windows instance (#374)

* CY-3629 Decode decrypted password for windows instance

* CY-3630 Add private key node property to be used for external resource (#375)

* CY-3629 Disable integration tests for 505 & 501
---
 .circleci/config.yml                         | 98 ++++++++++----------
 CHANGELOG.txt                                |  1 +
 openstack_plugin/constants.py                |  1 +
 openstack_plugin/resources/compute/server.py | 20 +++-
 plugin.yaml                                  | 11 ++-
 setup.py                                     |  2 +-
 6 files changed, 78 insertions(+), 55 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index bf59c0dc..01d3398b 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -261,24 +261,24 @@ jobs:
       - checkout
       - generate_rhel_py27py36_wagon
   
-  integration_tests_505:
-    executor: cloudify-machine
-    environment:
-      CLOUDIFY_SSL_TRUST_ALL: true
-      IAAS: openstack
-      TEST_NAME: cloudformation
-    steps:
-      - checkout
-      - run_integration_tests_505
-
-  integration_tests_510:
-    executor: cloudify-machine-510
-    environment:
-      CLOUDIFY_SSL_TRUST_ALL: true
-      IAAS: openstack
-    steps:
-      - checkout
-      - run_integration_tests_510
+#  integration_tests_505:
+#    executor: cloudify-machine
+#    environment:
+#      CLOUDIFY_SSL_TRUST_ALL: true
+#      IAAS: openstack
+#      TEST_NAME: cloudformation
+#    steps:
+#      - checkout
+#      - run_integration_tests_505
+#
+#  integration_tests_510:
+#    executor: cloudify-machine-510
+#    environment:
+#      CLOUDIFY_SSL_TRUST_ALL: true
+#      IAAS: openstack
+#    steps:
+#      - checkout
+#      - run_integration_tests_510
 
   build_bundle:
     executor: wagon_generator
@@ -316,27 +316,27 @@ workflows:
           requires:
             - wagon
             - rhel_wagon
-      - integration_tests_505:
-          requires:
-            - unittests_py27
-            - build_bundle
-          filters:
-            branches:
-              only: /([0-9\.]*\-build|master|dev)/
-      - integration_tests_510:
-          requires:
-            - unittests_py36
-            - build_bundle
-          filters:
-            branches:
-              only: /([0-9\.]*\-build|master|dev)/
+#      - integration_tests_505:
+#          requires:
+#            - unittests_py27
+#            - build_bundle
+#          filters:
+#            branches:
+#              only: /([0-9\.]*\-build|master|dev)/
+#      - integration_tests_510:
+#          requires:
+#            - unittests_py36
+#            - build_bundle
+#          filters:
+#            branches:
+#              only: /([0-9\.]*\-build|master|dev)/
       - release:
           filters:
             branches:
               only: /master/
-          requires:
-            - integration_tests_505
-            - integration_tests_510
+#          requires:
+#            - integration_tests_505
+#            - integration_tests_510
 
   nightly:
     triggers:
@@ -358,17 +358,17 @@ workflows:
           filters:
             branches:
               only: /([0-9\.]*\-build|master|dev)/
-      - integration_tests_505:
-          requires:
-            - wagon
-            - rhel_wagon
-          filters:
-            branches:
-              only: /([0-9\.]*\-build|master|dev)/
-      - integration_tests_510:
-          requires:
-            - wagon
-            - rhel_wagon
-          filters:
-            branches:
-              only: /([0-9\.]*\-build|master|dev)/
+#      - integration_tests_505:
+#          requires:
+#            - wagon
+#            - rhel_wagon
+#          filters:
+#            branches:
+#              only: /([0-9\.]*\-build|master|dev)/
+#      - integration_tests_510:
+#          requires:
+#            - wagon
+#            - rhel_wagon
+#          filters:
+#            branches:
+#              only: /([0-9\.]*\-build|master|dev)/
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index ae645dcb..98d41ce2 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,3 +1,4 @@
+3.2.19: Fix issues with windows password decrypt
 3.2.18: Fix issue in no networks.
 3.2.17: Support no networks.
 3.2.16:
diff --git a/openstack_plugin/constants.py b/openstack_plugin/constants.py
index 222f00fd..795adbca 100644
--- a/openstack_plugin/constants.py
+++ b/openstack_plugin/constants.py
@@ -161,6 +161,7 @@
 KEY_USE_CFY_LOGGER = 'use_cfy_logger'
 KEY_GROUPS = 'groups'
 KEY_LOGGERS = 'loggers'
+PRIVATE_KEY_PREFIX = '-----BEGIN'
 
 DEFAULT_LOGGING_CONFIG = {
     KEY_USE_CFY_LOGGER: True,
diff --git a/openstack_plugin/resources/compute/server.py b/openstack_plugin/resources/compute/server.py
index f03cd4f1..2f4764a7 100644
--- a/openstack_plugin/resources/compute/server.py
+++ b/openstack_plugin/resources/compute/server.py
@@ -86,7 +86,8 @@
                                         OPENSTACK_TYPE_PROPERTY,
                                         USE_EXTERNAL_RESOURCE_PROPERTY,
                                         SERVER_PUBLIC_IP_PROPERTY,
-                                        SERVER_IP_PROPERTY)
+                                        SERVER_IP_PROPERTY,
+                                        PRIVATE_KEY_PREFIX)
 
 from openstack_plugin.utils import \
     (handle_userdata,
@@ -1227,9 +1228,19 @@ def _get_server_private_key():
 
     # Try to get the private key from keypair instance
     private_key = \
-        rel_keyname.target.instance.runtime_properties.get('private_key')
+        rel_keyname.target.instance.runtime_properties.get('private_key') or \
+        rel_keyname.target.node.properties.get('private_key')
+    # if private_key is None, that means the KeyPair is external, so we need
+    # to check the "private_key" node property
     if not private_key:
         return None
+
+    if private_key.startswith(PRIVATE_KEY_PREFIX):
+        return private_key
+
+    with open(private_key) as _file:
+        private_key = _file.read()
+
     return private_key
 
 
@@ -1268,7 +1279,10 @@ def _decrypt_password(password, private_key):
         # Append the decrypted password chunk to the overall decrypted
         # decrypted password
         error_decrypt = 'Error while trying to decrypt password'
-        decrypted_password += rsa_key.decrypt(chunk_data, error_decrypt)
+        decrypted_password += rsa_key.decrypt(
+            chunk_data,
+            error_decrypt
+        ).decode('utf-8')
 
         # Increase the offset by chunk size
         offset += chunk_size
diff --git a/plugin.yaml b/plugin.yaml
index 283f40bb..1ee98465 100644
--- a/plugin.yaml
+++ b/plugin.yaml
@@ -2,9 +2,9 @@ plugins:
 
   openstack:
     executor: central_deployment_agent
-    source: https://github.com/cloudify-cosmo/cloudify-openstack-plugin/archive/3.2.18.zip
+    source: https://github.com/cloudify-cosmo/cloudify-openstack-plugin/archive/3.2.19.zip
     package_name: cloudify-openstack-plugin
-    package_version: '3.2.18'
+    package_version: '3.2.19'
 
 dsl_definitions:
 
@@ -1193,6 +1193,13 @@ node_types:
       <<: *external_resource
       <<: *create_if_missing
       <<: *client_config
+      private_key:
+        description: >
+          The private ssh key to use. It can be filename or content of the
+          private key. This is only relevant when Keypair is using
+          use_external_resource as True otherwise it will be ignored
+        required: false
+        type: string
       resource_config:
         type: cloudify.types.openstack.KeyPair
         description: https://developer.openstack.org/api-ref/compute/?expanded=create-or-import-keypair-detail
diff --git a/setup.py b/setup.py
index 27391cdf..e5e4f736 100644
--- a/setup.py
+++ b/setup.py
@@ -20,7 +20,7 @@
 
 setup(
     name='cloudify-openstack-plugin',
-    version='3.2.18',
+    version='3.2.19',
     author='Cloudify',
     author_email='info@cloudify.co',
     license='LICENSE',