python source code of crypt

zun-master
- .zuul.yaml
- .coveragerc
- HACKING.rst
- playbooks
  - zun-tempest-base
    - post.yaml
  - fullstack
    - run.yaml
    - post.yaml
- .stestr.conf
- LICENSE
- test-requirements.txt
- lower-constraints.txt
- devstack
  - files
    - rpms
      - zun
    - debs
      - zun
  - lib
    - zun
  - local.conf.sample
  - local.conf.subnode.sample
  - README.rst
  - plugin.sh
  - settings
- README.rst
- setup.py
- releasenotes
  - source
    - ussuri.rst
    - unreleased.rst
    - train.rst
    - stein.rst
    - pike.rst
    - rocky.rst
    - index.rst
    - conf.py
    - _templates
      - .placeholder
    - _static
      - .placeholder
    - queens.rst
  - notes
    - placement-integration-d701f64c584981d6.yaml
    - drop-py-2-7-c475cf37ff3476d8.yaml
    - container_driver-e82fe9c64c9b994b.yaml
    - add-cni-plugin-fd5bf4e9abbe6683.yaml
    - add-support-for-cri-runtime-2c549a85fe795361.yaml
    - add-upgrade-check-framework-4729fcb4ecd31221.yaml
    - add-support-for-requested_host-0ea7e317234c3d0c.yaml
    - zuul-v3-native-gates-a46ef4c168f9362e.yaml
    - support-entrypoint-option-5127ab5044025380.yaml
    - .placeholder
- template
  - capsule
    - capsule-volume.yaml
    - capsule-init-containers.yaml
    - capsule.yaml
- setup.cfg
- zun
  - network
    - kuryr_network.py
    - neutron.py
    - os_vif_util.py
    - model.py
    - linux_net.py
    - __init__.py
    - network.py
  - cni
    - daemon
      - __init__.py
      - service.py
    - plugins
      - zun_cni_registry.py
      - __init__.py
    - binding
      - __init__.py
      - bridge.py
      - base.py
    - api.py
    - __init__.py
    - utils.py
    - cmd
      - __init__.py
      - cni.py
      - cni_daemon.py
  - db
    - migration.py
    - sqlalchemy
      - alembic
        env.py
        versions
        945569b3669f_add_runtime_column.py
        bcd6410d645e_add_host_to_capsule.py
        012a730926e8_add_quota_usage.py
        f979327df44b_add_entrypoint_to_container.py
        5458f8394206_add_image_driver_field.py
        a019998b09b5_add_host_to_image.py
        33cdd98bb9b2_split_volume_mapping_table.py
        d1ef05fd92c8_add_tty_stdin_open.py
        d73b72ab7cc6_add_container_type_to_container.py
        09f196622a3f_create_inventory_table.py
        4bf34495d060_add_container_number_info_to_compute_.py
        cf46a28f46bc_add_container_actions_table.py
        157a0595e13e_drop_capsule_table.py
        d502ce8fb705_add_rp_uuid_to_compute_node.py
        5971a6844738_add_container_id_column_to_container.py
        ce9944b346cb_combine_tty_and_stdin_open.py
        17ab8b533cc8_add_container_hosts_label_info.py
        b6bfca998431_add_container_actions_events_table.py
        3e80bbfd8da7_convert_type_of_command_from_string_to_.py
        2b129060baff_support_container_cpuset.py
        8c3d80e18eb5_add_container_cpus_cpu_used_to_compute_.py
        d0c606fdec3c_add_disk_info_to_compute_node.py
        9fe371393a24_create_table_container.py
        ff7b9665d504_add_pci_stats_to_compute_node.py
        bbcfa910a8a5_add_restart_policy_column.py
        1192ba19a6e9_add_cpu_workdir_ports_hostname_labels_.py
        63a08e32cc43_add_task_state_to_container.py
        b2bda272f4dd_add_tty_to_container.py
        238f94009eab_add_disk_quota_supported_to_compute_node.py
        43e1088c3389_add_image_pull_policy_column.py
        271c7f45982d_add_started_at_to_container.py
        37bce72463e3_add_pci_device.py
        a9a92eebd9a8_create_table_zun_service.py
        eeac0d191f5a_add_compute_node_table.py
        7975b7f0f792_add_resource_class_table.py
        8192905fd835_add_uuid_to_resource_class.py
        3298c6a5c3d9_create_network_table.py
        74c97dca93d0_add_missing_index_and_foreign_key.py
        bc56b9932dd9_add_runtime_to_compute_node.py
        cff60402dd86_add_capsule_id_to_containers.py
        648c25faa0be_add_mem_used_to_compute_node.py
        174cafda0857_add_security_groups.py
        93fbb05b77b9_add_memory_field_to_container.py
        02134de8e7d3_add_exposed_ports_to_container.py
        c2052ead4f95_remove_meta_from_container.py
        5359d23b2322_add_websocket_url_and_websocket_token.py
        2fb377a5a519_add_healthcheck_to_container.py
        e4d145e195f4_create_allocation_table.py
        6fd4f7582eb0_add_resource_provider_table.py
        53a8b515057e_add_memory_info_to_compute_node.py
        04ba87af76bb_add_container_host_operating_system_info.py
        8b0082d9e7c1_drop_foreign_key_of_container_actions.py
        35cb52c5553f_rename_volume_id_to_cinder_volume_id_in_.py
        ad43a2179cf2_add_status_detail.py
        a9c9fb54274a_add_contents_to_volume_mapping_table.py
        21fa080c818a_add_enable_cpu_pinning_to_compute_node.py
        1bc34e18180b_add_registry_id_to_container.py
        5ffc1cabe6b4_add_registry_table.py
        71f8b4cf1dbf_upgrade.py
        d2affd5b4172_add_auto_remove_to_volume_mapping.py
        a251f1f61217_create_capsule_table.py
        54bcb75afb32_add_init_containers_uuids_to_capsule.py
        6ff4d35f4334_change_property_of_restart_policy_in_.py
        fb9ad4a050f8_drop_container_actions_foreign_key.py
        f046346d1d87_add_timestamp_to_pci_device.py
        105626c4f972_add_privileged_to_container.py
        4a0c4f7a4a33_add_meta_addresses_to_container.py
        531e4a890480_add_host_to_container.py
        f746cd28bcac_add_host_to_volume_mapping.py
        47d79ffdc582_add_cni_metadata_to_container.py
        72c6947c6636_create_table_image.py
        d9714eadbdc2_add_disk_to_container.py
        372433c0afd2_add_auto_heal_to_container.py
        26896d5f9053_create_exec_instance_table.py
        2b045cb595db_create_quota_quota_class_tables.py
        75315e219cfb_add_auto_remove_to_container.py
        c5565cbaa3de_insert_status_reason_to_container_table.py
        50829990c965_add_ondelete_to_container_actions_.py
        10c9668a816d_add_volumes_info_and_addresses_to_.py
        fc27c7415d9c_change_the_properties_of_meta_labels.py
        10d65e285a59_create_volume_mapping_table.py
        df87dbd4846c_add_annotations_to_container.py
        3f49fa520409_add_availability_zone_to_service.py
        README
        script.py.mako
      - migration.py
      - models.py
      - api.py
      - __init__.py
      - alembic.ini
    - api.py
    - __init__.py
    - etcd
      - __init__.py
  - criapi
    - gogo_pb2.py
    - api_pb2_grpc.py
    - __init__.py
  - servicegroup
    - __init__.py
    - zun_service_periodic.py
  - websocket
    - websocketproxy.py
    - websocketclient.py
    - __init__.py
  - version.py
  - pci
    - request.py
    - devspec.py
    - whitelist.py
    - stats.py
    - manager.py
    - __init__.py
    - utils.py
  - api
    - app.py
    - wsgi.py
    - config.py
    - servicegroup.py
    - hooks.py
    - middleware
      - parsable_error.py
      - __init__.py
      - auth_token.py
    - versioned_method.py
    - controllers
      - root.py
      - v1
        quota_classes.py
        availability_zone.py
        views
        registries_view.py
        network_view.py
        availability_zone_view.py
        capsules_view.py
        images_view.py
        __init__.py
        services_view.py
        actions_view.py
        containers_view.py
        hosts_view.py
        capsules.py
        containers.py
        __init__.py
        registries.py
        zun_services.py
        collection.py
        images.py
        schemas
        quota_classes.py
        capsules.py
        parameter_types.py
        services.py
        containers.py
        __init__.py
        registries.py
        images.py
        quotas.py
        network.py
        quotas.py
        networks.py
        hosts.py
      - link.py
      - __init__.py
      - versions.py
      - base.py
    - app.wsgi
    - http_error.py
    - __init__.py
    - validation
      - __init__.py
      - validators.py
    - utils.py
    - rest_api_version_history.rst
  - scheduler
    - loadables.py
    - driver.py
    - host_state.py
    - filter_scheduler.py
    - client
      - report.py
      - query.py
      - __init__.py
    - chance_scheduler.py
    - request_filter.py
    - base_filters.py
    - filters
      - runtime_filter.py
      - cpuset_filter.py
      - label_filter.py
      - ram_filter.py
      - compute_filter.py
      - disk_filter.py
      - availability_zone_filter.py
      - pci_passthrough_filter.py
      - __init__.py
      - cpu_filter.py
    - __init__.py
    - utils.py
  - common
    - privileged.py
    - mount.py
    - policy.py
    - clients.py
    - policies
      - container.py
      - availability_zone.py
      - image.py
      - zun_service.py
      - quota.py
      - host.py
      - quota_class.py
      - capsule.py
      - registry.py
      - __init__.py
      - network.py
      - container_action.py
      - base.py
    - config.py
    - keystone.py
    - i18n.py
    - quota.py
    - profiler.py
    - yamlutils.py
    - rpc_service.py
    - name_generator.py
    - __init__.py
    - utils.py
    - exception.py
    - singleton.py
    - paths.py
    - docker_image
      - regexp.py
      - digest.py
      - __init__.py
      - reference.py
    - context.py
    - rpc.py
    - short_id.py
    - crypt.py
    - service.py
    - consts.py
  - compute
    - provider_tree.py
    - compute_node_tracker.py
    - claims.py
    - rpcapi.py
    - manager.py
    - api.py
    - container_actions.py
    - __init__.py
  - volume
    - driver.py
    - __init__.py
    - cinder_api.py
    - cinder_workflow.py
  - container
    - cri
      - driver.py
      - __init__.py
    - driver.py
    - docker
      - driver.py
      - host.py
      - __init__.py
      - utils.py
    - os_capability
      - host_capability.py
      - linux
        os_capability_linux.py
        __init__.py
      - __init__.py
    - __init__.py
  - __init__.py
  - tests
    - fullstack
      - test_containers.py
      - __init__.py
      - utils.py
      - base.py
    - migration
      - test_migrations.py
      - __init__.py
    - __init__.py
    - conf_fixture.py
    - policy_fixture.py
    - unit
      - network
        test_kuryr_network.py
        __init__.py
      - fake_requests.py
      - test_hacking.py
      - db
        test_network.py
        test_compute_host.py
        test_volume_mapping.py
        test_inventory.py
        test_resource_class.py
        test_container.py
        test_quota_classes.py
        test_image.py
        test_registry.py
        test_container_action.py
        test_resource_provider.py
        test_volume.py
        __init__.py
        utils.py
        test_allocation.py
        test_quotas.py
        test_exec_instance.py
        test_zun_service.py
        test_pci_device.py
        base.py
      - servicegroup
        __init__.py
        test_zun_service.py
      - fake_pci_device_pools.py
      - pci
        test_utils.py
        fakes.py
        test_devspec.py
        __init__.py
        test_whitelist.py
        test_stats.py
        test_manager.py
      - api
        test_utils.py
        controllers
        test_base.py
        auth-paste.ini
        noauth-paste.ini
        test_root.py
        v1
        test_availability_zones.py
        test_quota_classes.py
        test_networks.py
        test_containers.py
        test_images.py
        test_registries.py
        __init__.py
        test_quotas.py
        test_zun_service.py
        test_hosts.py
        test_capsules.py
        auth-root-access.ini
        test_link.py
        __init__.py
        auth-v1-access.ini
        __init__.py
        utils.py
        test_validations.py
        base.py
      - scheduler
        fakes.py
        test_base_filter.py
        client
        test_report.py
        test_query.py
        __init__.py
        fake_loadables
        __init__.py
        fake_loadable2.py
        fake_loadable1.py
        test_loadables.py
        test_scheduler.py
        filters
        test_disk_filter.py
        test_label_filter.py
        test_cpuset_filter.py
        test_ram_filter.py
        test_availability_zone_filter.py
        test_runtime_filter.py
        test_pci_passthrough_filters.py
        __init__.py
        test_cpu_filter.py
        test_compute_filter.py
        __init__.py
        test_chance_scheduler.py
        test_filter_scheduler.py
      - common
        test_profiler.py
        test_utils.py
        test_context.py
        test_clients.py
        __init__.py
        test_rpc.py
        docker_image
        test_reference.py
        __init__.py
        test_regexp.py
        test_mount.py
      - test_zun.py
      - compute
        test_compute_rpcapi.py
        test_provider_tree.py
        test_compute_api.py
        test_compute_manager.py
        test_compute_node_tracker.py
        __init__.py
      - volume
        test_cinder_workflow.py
        test_cinder_api.py
        test_driver.py
        __init__.py
      - container
        fake_driver.py
        docker
        test_utils.py
        __init__.py
        test_docker_driver.py
        os_capability
        linux
        os_capability_linux
        test_os_capability_linux.py
        __init__.py
        __init__.py
        __init__.py
        __init__.py
        base.py
      - __init__.py
      - objects
        test_network.py
        test_numa.py
        test_volume_mapping.py
        test_capsule.py
        test_resource_class.py
        test_fields.py
        test_container.py
        test_image.py
        test_registry.py
        test_container_action.py
        test_quota_class.py
        test_resource_provider.py
        test_objects.py
        __init__.py
        utils.py
        test_compute_node.py
        test_exec_instance.py
        test_quota.py
        test_zun_service.py
        test_pci_device_pool.py
      - cmd
        test_status.py
        __init__.py
      - image
        test_driver.py
        docker
        test_driver.py
        __init__.py
        __init__.py
        glance
        test_driver.py
        __init__.py
      - conf
        test_conf.py
        __init__.py
    - uuidsentinel.py
    - base.py
  - objects
    - fields.py
    - pci_device.py
    - container.py
    - request_group.py
    - image.py
    - exec_instance.py
    - zun_service.py
    - volume_mapping.py
    - zun_network.py
    - volume.py
    - compute_node.py
    - resource_provider.py
    - container_pci_requests.py
    - quota.py
    - quota_class.py
    - registry.py
    - pci_device_pool.py
    - __init__.py
    - resource_class.py
    - vif.py
    - container_action.py
    - base.py
    - numa.py
  - hacking
    - __init__.py
    - checks.py
  - cmd
    - compute.py
    - db_manage.py
    - api.py
    - __init__.py
    - wsproxy.py
    - status.py
  - image
    - driver.py
    - docker
      - driver.py
      - __init__.py
    - __init__.py
    - glance
      - driver.py
      - __init__.py
      - utils.py
  - conf
    - availability_zone.py
    - container_driver.py
    - neutron.py
    - image_driver.py
    - glance_client.py
    - neutron_client.py
    - path.py
    - volume.py
    - keystone.py
    - compute.py
    - websocket_proxy.py
    - scheduler.py
    - netconf.py
    - database.py
    - quota.py
    - placement_client.py
    - services.py
    - profiler.py
    - zun_client.py
    - api.py
    - ssl.py
    - __init__.py
    - utils.py
    - pci.py
    - cni_daemon.py
    - docker.py
    - cinder_client.py
    - network.py
    - opts.py
  - MANIFEST.in
- CONTRIBUTING.rst
- api-ref
  - source
    - samples
      - container-actions-list-resp.json
      - container-action-get-resp.json
      - container-top-resp.json
      - container-get-all-resp.json
      - service-forcedown-resp.json
      - container-create-resp.json
      - capsule-get-all-resp.json
      - quota-classes-update-req.json
      - quotas-update-req.json
      - container-update-resp.json
      - capsule-create-req.json
      - container-create-req.json
      - container-get-archive-resp.json
      - container-update-req.json
      - host-get-resp.json
      - container-logs-req.json
      - container-commit-resp.json
      - container-execute-resp-2.json
      - service-disable-resp.json
      - container-show-resp.json
      - quota-classes-update-resp.json
      - service-get-resp.json
      - container-put-archive-req.json
      - quotas-update-resp.json
      - container-execute-resize-resp.json
      - capsule-show-resp.json
      - container-rename-resp.json
      - service-enable-resp.json
      - container-execute-resp.json
      - host-get-all-resp.json
      - quotas-get-resp.json
      - quota-classes-get-resp.json
      - capsule-create-resp.json
      - container-network-list-resp.json
      - quotas-get-defaults-resp.json
      - container-stats-resp.json
    - containers.inc
    - hosts.inc
    - parameters.yaml
    - status.yaml
    - capsules.inc
    - quota_classes.inc
    - images.inc
    - urls.inc
    - index.rst
    - services.inc
    - conf.py
    - quotas.inc
- .gitreview
- tools
  - flake8wrap.sh
  - gen-config
  - zun-config-generator.conf
  - test-setup.sh
  - fast8.sh
  - README-zun.conf.txt
  - gen-criapi
- requirements.txt
- etc
  - cni
    - net.d
      - 10-zun-cni.conf
  - apache2
    - zun.conf.template
  - zun
    - rootwrap.conf
    - zun-config-generator.conf
    - api-paste.ini
    - zun-policy-generator.conf
    - rootwrap.d
      - zun.filters
- specs
  - container-composition.rst
  - local-volume-integration.rst
  - container-SRIOV-networking.rst
  - container-interactive-mode.rst
  - container-sandbox.rst
  - container-snapshot.rst
  - cpuset-container.rst
  - cinder-integration.rst
  - zun-api-validation.rst
  - kuryr-integration.rst
  - pci-device-model.rst
- .gitignore
- roles
  - fetch_containerd_log
    - tasks
      - main.yaml
  - fetch_docker_log
    - tasks
      - main.yaml
- contrib
  - legacy-ubuntu-init
    - README.rst
    - etc
      - init
        zun-compute.conf
        zun-wsproxy.conf
        zun-api.conf
  - vagrant
    - install_devstack.sh
    - provision.sh
    - config
      - localrc
    - Vagrantfile
    - README.md
  - quick-start
    - README.md
    - Dockerfile
  - nova-docker
    - devstack
      - lib
        nova
    - nova
      - virt
        hostutils.py
        __init__.py
        zun
        hostinfo.py
        driver.py
        client.py
        vifs.py
        __init__.py
        network.py
        opencontrail.py
      - __init__.py
    - etc
      - nova
        rootwrap.d
        docker.filters
- bindep.txt
- doc
  - source
    - configuration
      - README.rst
      - policy.rst
      - sample-config.rst
      - index.rst
    - user
      - filter-scheduler.rst
    - admin
      - osprofiler.rst
      - keep-containers-alive.rst
      - README.rst
      - private_registry.rst
      - security-groups.rst
      - index.rst
      - clear-containers.rst
    - cli
      - README.rst
      - zun-status.rst
      - index.rst
    - contributor
      - unit-tests.rst
      - documentation.rst
      - launchpad.rst
      - capsule.rst
      - objects.rst
      - README.rst
      - releasenotes.rst
      - api-microversion.rst
      - vision-reflection.rst
      - quickstart.rst
      - index.rst
      - tempest-tests.rst
      - gerrit.rst
      - mod-wsgi.rst
      - multinode-devstack.rst
      - jenkins.rst
      - contributing.rst
    - install
      - overview.rst
      - next-steps.rst
      - launch-container.rst
      - README.rst
      - verify.rst
      - compute-install.rst
      - get_started.rst
      - index.rst
      - controller-install.rst
    - reference
      - api-microversion-history.rst
      - index.rst
    - index.rst
    - conf.py
  - requirements.txt
- tox.ini

#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import base64

from cryptography import fernet
from oslo_config import cfg
from oslo_utils import encodeutils

from zun.common import exception


def encrypt(value, encryption_key=None):
    if value is None:
        return None

    encryption_key = get_valid_encryption_key(encryption_key)
    encoded_key = base64.b64encode(encryption_key.encode('utf-8'))
    sym = fernet.Fernet(encoded_key)
    res = sym.encrypt(encodeutils.safe_encode(value))
    return encodeutils.safe_decode(res)


def decrypt(data, encryption_key=None):
    if data is None:
        return None

    encryption_key = get_valid_encryption_key(encryption_key)
    encoded_key = base64.b64encode(encryption_key.encode('utf-8'))
    sym = fernet.Fernet(encoded_key)
    try:
        value = sym.decrypt(encodeutils.safe_encode(data))
        if value is not None:
            return encodeutils.safe_decode(value, 'utf-8')
    except fernet.InvalidToken:
        raise exception.InvalidEncryptionKey()


def get_valid_encryption_key(encryption_key):
    if encryption_key is None:
        encryption_key = cfg.CONF.auth_encryption_key

    return encryption_key[:32]