Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for username and passwords/passphrases is input #43

Closed
makagonr opened this issue Jul 14, 2021 · 5 comments
Closed

Add support for username and passwords/passphrases is input #43

makagonr opened this issue Jul 14, 2021 · 5 comments
Labels
bug Something isn't working jira Jira created for this issue
Milestone
1.15

Comments

@makagonr
Copy link

Is your feature request related to a problem? Please describe.

Inside UCS/config file, there might be passwords and passphrases. AS3 schema also allows them.

Example for password

ltm monitor https /Common/test_monitor_password {
    adaptive disabled
    defaults-from /Common/https
    destination *:*
    interval 5
    ip-dscp 0
    password $M$OC$bN53XhCrVMTvO2+ZlApH7A==       <========== password
    recv none 
    recv-disable none 
    send "GET /\r\n"
    time-until-up 0
    timeout 16
    username test         <======= username
}

Example for passphrase

sys file ssl-key /Common/f5_api_com.key {
    cache-path /config/filestore/files_d/Common_d/certificate_key_d/:Common:f5_api_com.key_62549_1
    passphrase $M$ar$kSub6Kj+2ZgPVwjyu+1JcVQpqQXjUl/qz+y83S25DopF5Seq0QyAFOD9TjD9SnmQZ/GN1HSIBZCA/eI/kJHvJuvV2I0jJQZu8bbykERsfPU=
    revision 1
    source-path file:///config/ssl/ssl.key/f5_api_com.key
}

Describe the solution you'd like

The passwords/passphrases are added to output objects according to AS3 schema:

        "monitorLDAP_nonDefault1": {
          "class": "Monitor",
          "username": "Adm-nM+nkey",   <===== username
          "passphrase": {
            "ciphertext": "ZjVmNQ==",      <===== password
            "protected": "eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0",     <======= see below
            "ignoreChanges": true
          },
          "base": "dc=bigip-test,dc=org",
          "filter": "objectClass=employee"
        },

                "webcert1": {
                    "class": "Certificate",
                    "remark": "replace these with real certificates and keys",
                    "certificate": "...",
                    "chainCA": "...",
                    "privateKey": "...",
                    "passphrase": {
                        "ciphertext": "ZjVmNQ==",      <===== password
                        "protected": "eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0"  <======= see below
                    }
                },

According to:
https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/refguide/schema-reference.html#monitor-radius-passphrase "protected" field description:

So as I understand it - if there is "$M$" prefix inside the password content, which indicates that SecureVault is used to encrypt the value, then:
"protected"="eyJhbGciOiJkaXIiLCJlbmMiOiJmNXN2In0"
else:
"protected"="eyJhbGciOiJkaXIiLCJlbmMiOiJub25lIn0"

Regards
@makagonr makagonr added the enhancement New feature or request label Jul 14, 2021
@frslater
Copy link

The "protected" strings are base64, so if you forget which is which, just decode them. One is {"alg":"dir","enc":"f5sv"} and the other is {"alg":"dir","enc":"none"}.

@mdditt2000 mdditt2000 added the PME PME Action Item label Jul 26, 2021
@mdditt2000
Copy link

Discussing on the DEV call this Thursday.

@mdditt2000
Copy link

mdditt2000 commented Jul 26, 2021
edited
Loading

https://github.com/mdditt2000/f5-appsvcs-acc/tree/master/Github/43

@mdditt2000 mdditt2000 added the help wanted Extra attention is needed label Jul 26, 2021
@mdditt2000
Copy link

Created Jira CHARON-404 for PM tracking

@mdditt2000 mdditt2000 added this to the 1.15 milestone Aug 4, 2021
@mdditt2000 mdditt2000 added bug Something isn't working jira Jira created for this issue and removed PME PME Action Item enhancement New feature or request help wanted Extra attention is needed labels Aug 4, 2021
@mdditt2000
Copy link

@makagonr issue is resolved in a Pre-release. Please get the image from the link in the Jira CHARON-404. Closing this out

@lukaszbrzosko lukaszbrzosko mentioned this issue Oct 22, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working jira Jira created for this issue
Projects
None yet
Milestone
1.15
Development

No branches or pull requests
3 participants
@frslater @mdditt2000 @makagonr