Update credentials ingest to use dedicated file

Description

Currently the BES reads access credentials for remote systems from its nominal bes.conf configuration chain. This task is to changes this so an alternate file may be used. Specifically this file can then be secured (via filesystem permissions) and encrypted. The machinery for reading these files is baked into TheBESKeys class where it manipulates private class data. However it is pretty straight forward to factor this code out of TheBESKeys and into a KVP utilities library (aka kvp_utils.cc) and pass into the information about which file to read and the objects into which the KVPs will be placed.

Already we have bes/dispatch/kvp_utils.(cc|h) started.

  • kvp_utils needs to be finished and tests written to exercise it - these might be lifted from existing tests for TheBESKeys

  • Once working we need to modify the TheBESKeys and CredentialsManager to use the new functions in kvp_utils.

 

Assignee

Nathan Potter

Reporter

Nathan Potter

Priority

High

Labels

Story Points

5

Fix versions

Epic Link

None
Configure