Makes config() function be available to Core Library only

config() function returns information from murano.conf.
But since it contains sensitive information like passwords
it creates a security issue for Murano because any app can
get access to that information. However the function is
used by the core library to get RabbitMQ credentials.

This commit makes the function available to Core Library
only which currently identified by the name (io.murano)
but in the future will be identified by the package signature.

Change-Id: I3fe5c153f931decc59bc8bf9eb87c78d459a64fa
Closes-Bug: #1506807

murano/common/engine.py

@@ -94,6 +94,14 @@ class ContextManager(context_manager.ContextManager):
         return helpers.link_contexts(
             root_context, yaql_functions.get_context(runtime_version))
 
+    def create_package_context(self, package):
+        context = super(ContextManager, self).create_package_context(
+            package)
+        if package.name == 'io.murano':
+            context = helpers.link_contexts(
+                context, yaql_functions.get_restricted_context())
+        return context
+
 
 class TaskProcessingEndpoint(object):
     @classmethod

murano/engine/system/yaql_functions.py

@@ -202,8 +202,6 @@ def get_context(runtime_version):
     context.register_function(bind)
     context.register_function(random_name)
     context.register_function(patch_)
-    context.register_function(config)
-    context.register_function(config_default)
     context.register_function(logger)
 
     if runtime_version <= constants.RUNTIME_VERSION_1_1:
@@ -217,3 +215,11 @@ def get_context(runtime_version):
             for spec in utils.to_extension_method(t, root_context):
                 context.register_function(spec)
     return context
+
+
+@helpers.memoize
+def get_restricted_context():
+    context = yaql_integration.create_empty_context()
+    context.register_function(config)
+    context.register_function(config_default)
+    return context