Pull request #13: Feature/credential manager

Merge in SIE-BB/netapp-dataops-toolkit from feature/credential-manager to release-v2.7.0

* commit 'b5b013544f8015395f08c7be0def9195028378e2':
  using keyring_service_name from constants.py
  constants module as a source of truth
  replacing .env approach by module-level constants
  keyring module in setup.cfg
  remove .env file
  adding default service name while creating config
  default service_name for keyring, and user instructions
  replacing print statements with logger
  adding keyring to dependencies
  modifying base name
  .env for single source of truth
  remove decoding password
  using keyring to set and get ontap credentials

Author: Menneni, Shreya

netapp_dataops_traditional/README.md

@@ -42,6 +42,16 @@ netapp_dataops_cli.py config
 
 Note: The toolkit requires an ONTAP account with API access. The toolkit will use this account to access the ONTAP API. NetApp recommends using an SVM-level account. Usage of a cluster admin account should be avoided for security reasons.
 
+> **Note: Keyring Service Configuration**
+> 
+> The toolkit stores ONTAP credentials securely using your system's keyring service. By default, it uses the service name `netapp:dataops:ontap` to store and retrieve credentials. 
+> 
+> If you need to use a different service name, you can override this by setting the `KEYRING_SERVICE_NAME` environment variable:
+> 
+> ```sh
+> export KEYRING_SERVICE_NAME=my-custom-service-name
+> ```
+
 #### Example Usage
 
 ```sh

netapp_dataops_traditional/netapp_dataops/constants.py

@@ -0,0 +1,4 @@
+"""Constants used across the NetApp DataOps Toolkit."""
+
+# Keyring configuration constants
+KEYRING_SERVICE_NAME = "netapp:dataops:ontap"

netapp_dataops_traditional/netapp_dataops/netapp_dataops_cli.py

@@ -9,6 +9,7 @@
 import sys
 sys.path.insert(0, "/root/netapp-dataops-toolkit/netapp_dataops_traditional/netapp_dataops")
 
+import keyring
 from netapp_dataops import traditional
 from netapp_dataops.traditional import (
     clone_volume,
@@ -44,10 +45,10 @@
 )
 
 from netapp_dataops.logging_utils import setup_logger
+from netapp_dataops.constants import KEYRING_SERVICE_NAME
 
 logger = setup_logger(__name__)
 
-
 ## Define contents of help text
 helpTextStandard = '''
 The NetApp DataOps Toolkit is a Python library that makes it simple for data scientists and data engineers to perform various data management tasks, such as provisioning a new data volume, near-instantaneously cloning a data volume, and near-instantaneously snapshotting a data volume for traceability/baselining.
@@ -634,14 +635,15 @@ def createConfig(configDirPath: str = "~/.netapp_dataops", configFilename: str =
 
         # Prompt user to enter additional config details
         config["defaultAggregate"] = input("Enter aggregate to use by default when creating new FlexVol volumes: ")
-        config["username"] = input("Enter ONTAP API username (Recommendation: Use SVM account): ")
+        username = input("Enter ONTAP API username (Recommendation: Use SVM account): ")
         passwordString = getpass("Enter ONTAP API password (Recommendation: Use SVM account): ")
 
-        # Convert password to base64 enconding
-        passwordBytes = passwordString.encode("ascii")
-        passwordBase64Bytes = base64.b64encode(passwordBytes)
-        config["password"] = passwordBase64Bytes.decode("ascii")
-
+         # Store the password securely using keyring
+        if username is not None:
+            keyring.set_password(KEYRING_SERVICE_NAME, "username", username)
+        if passwordString is not None:
+            keyring.set_password(KEYRING_SERVICE_NAME, "password", passwordString)
+        
         # Prompt user to enter value denoting whether or not to verify SSL cert when calling ONTAP API
         # Verify value entered; prompt user to re-enter if invalid
         while True:

netapp_dataops_traditional/netapp_dataops/traditional/__init__.py

@@ -17,6 +17,7 @@
 from concurrent.futures import ThreadPoolExecutor
 import boto3
 from botocore.client import Config as BotoConfig
+import keyring
 from netapp_ontap import config as netappConfig
 from netapp_ontap.error import NetAppRestError
 from netapp_ontap.host_connection import HostConnection as NetAppHostConnection
@@ -32,6 +33,7 @@
 import requests
 from tabulate import tabulate
 import yaml
+from netapp_dataops.constants import KEYRING_SERVICE_NAME
 
 from netapp_dataops.logging_utils import setup_logger
 
@@ -201,17 +203,17 @@ def _instantiate_connection(config: dict, connectionType: str = "ONTAP", print_o
         try:
             ontapClusterMgmtHostname = config["hostname"]
             ontapClusterAdminUsername = config["username"]
-            ontapClusterAdminPasswordBase64 = config["password"]
+            ontapClusterAdminPassword = config["password"]
             verifySSLCert = config["verifySSLCert"]
         except:
             if print_output:
                 _print_invalid_config_error()
             raise InvalidConfigError()
 
         # Decode base64-encoded password
-        ontapClusterAdminPasswordBase64Bytes = ontapClusterAdminPasswordBase64.encode("ascii")
-        ontapClusterAdminPasswordBytes = base64.b64decode(ontapClusterAdminPasswordBase64Bytes)
-        ontapClusterAdminPassword = ontapClusterAdminPasswordBytes.decode("ascii")
+        # ontapClusterAdminPasswordBase64Bytes = ontapClusterAdminPasswordBase64.encode("ascii")
+        # ontapClusterAdminPasswordBytes = base64.b64decode(ontapClusterAdminPasswordBase64Bytes)
+        # ontapClusterAdminPassword = ontapClusterAdminPasswordBytes.decode("ascii")
 
         # Instantiate connection to ONTAP cluster
         netappConfig.CONNECTION = NetAppHostConnection(
@@ -253,6 +255,25 @@ def _retrieve_config(configDirPath: str = "~/.netapp_dataops", configFilename: s
         with open(configFilePath, 'r') as configFile:
             # Read connection details from config file; read into dict
             config = json.load(configFile)
+
+        # Retrieve username and password from os-default credential manager
+        username = keyring.get_password(KEYRING_SERVICE_NAME, "username")
+        password = keyring.get_password(KEYRING_SERVICE_NAME, "password")
+
+        if username:
+            config["username"] = username
+        else:
+            if print_output:
+                logger.error("Error: Missing username in credential manager.")
+            raise InvalidConfigError()
+        
+        if password:
+            config["password"] = password
+        else:
+            if print_output:
+                logger.error("Error: Missing password in credential manager.")
+            raise InvalidConfigError()
+
     except:
         if print_output:
             _print_invalid_config_error()

netapp_dataops_traditional/setup.cfg

@@ -42,6 +42,7 @@ install_requires =
     boto3
     pyyaml
     fastmcp
+    keyring
 python_requires = >=3.8,<3.14
 
 [options.extras_require]