Beispiel #1
0
def initialize_extrahop_connections():
    """Gets Reveal(x) credentials from AWS Secrets Manager and
    creates ExtraHopClient conenctions to each Reveal(x).

    Reference: https://aws.amazon.com/blogs/security/how-to-securely-provide-database-credentials-to-lambda-functions-by-using-aws-secrets-manager/
    
    Returns:
        List(ExtraHopConnection): ExtraHop connections
    """
    secret_name = "extrahop/awsintegration"
    try:
        secret_cache = SecretCache(SecretCacheConfig(), SECRETS_CLIENT)
        secret_response_value = secret_cache.get_secret_string(secret_name)
    except ClientError as err:
        raise err
    else:
        secrets = secret_response_value
        secrets_dict = json.loads(secrets)
        extrahops = list()
        for host, api_key in secrets_dict.items():
            try:
                extrahop_connection = ExtraHopConnection(host=host,
                                                         api_key=api_key)
            except Exception as error:
                LOGGER.warning(
                    f"Could not connect to appliance at {host}: {error}")
                pass
            else:
                extrahops.append(extrahop_connection)
        return extrahops
Beispiel #2
0
def fetch_snowflake_config(
        secret_name: str = 'prod/rakuten_rewards/snowflake/RI_CONSULTING_ADMIN'
):
    """Retrieves a snowflake configuration from Secrets Manager by Secret name

    Args:
        secret_name (str): Name of the secret in AWS Secrets Manager
            (default is the production config for RI_CONSULTING_ADMIN)

    Returns:
        dict: Snowflake configuration including account, user, password, role, warehouse
            (not including database and schema)

    """

    # This will usually use a cache, and auto-magically refetch secrets when they go stale or bad
    secrets = SecretCache(
        config=SecretCacheConfig(),  # all defaults
        client=botocore.session.get_session().create_client('secretsmanager'))

    # Snowflake secrets will eventually be provided by the automation pipeline at SSM_SECRET_NAME_SNOWFLAKE_CREDS
    snowflake_secret_name = os.getenv('SSM_SECRET_NAME_SNOWFLAKE_CREDS',
                                      default=secret_name)

    # get secrets from cache and parse
    cached_secret = secrets.get_secret_string(snowflake_secret_name)
    parsed_secret = json.loads(cached_secret)

    return parsed_secret
Beispiel #3
0
def set_remote_stores():
    client = botocore.session.get_session().create_client(
        "secretsmanager", region_name="us-west-2")  # noqa
    cache_config = SecretCacheConfig()
    cache = SecretCache(config=cache_config, client=client)
    store_data = json.loads(cache.get_secret_string("blueprints/storage"))
    STORES.api_key = store_data["gretel"]
    STORES.stage = store_data["store_1"]
    STORES.prod = store_data["store_2"]
Beispiel #4
0
 def login(self):
     client = botocore.session.get_session().create_client('secretsmanager')
     cache = SecretCache(config=SecretCacheConfig(), client=client)
     pwent = cache.get_secret_string('hosted.mender.io')
     pwdict = json.loads(pwent)
     cmd = [
         'curl', '-X', 'POST', '-u',
         "%s:%s" % (pwdict['username'], pwdict['password']),
         'https://hosted.mender.io/api/management/v1/useradm/auth/login'
     ]
     try:
         output, _ = process.run(cmd)
         self.jwt = output.rstrip()
         self.logged_in = True
     except (process.CmdError, process.NotFoundError) as err:
         log.error("%s" % err)
     except process.ExecutionError as err:
         log.error("%s" % err.stderr)
Beispiel #5
0
def lookup(args, pfile):
    if len(args) < 2:
        print("Usage: %s get" % os.path.basename(sys.argv[0]), file=sys.stderr)
        return 1
    # only support retrieval, not storage or deletion
    if args[1] != "get":
        return 1
    params = {}
    for line in pfile:
        key, val = line.strip().split('=')
        params[key.strip()] = val.strip()
    cfg = parse_config()
    if 'host' not in params:
        return 1
    if 'username' in params:
        key = '%s@%s' % (params['username'], params['host'])
        if key not in cfg:
            return 1
        username = params['username']
    else:
        key = params['host']
        if key not in cfg:
            return 1
        try:
            username = cfg[key]['username']
        except KeyError:
            username = None

    secretname = cfg[key]['secretname']
    client = botocore.session.get_session().create_client('secretsmanager')
    cache = SecretCache(config=SecretCacheConfig(), client=client)
    pwent = cache.get_secret_string(secretname)
    pwdict = json.loads(pwent)
    if username:
        print("username=%s" % username)
    print("password=%s" % pwdict[secretname])
    return 0
Beispiel #6
0
class SecretsManager:
    def __init__(self, region_name: str):
        session = boto3.session.Session()
        client = session.client(service_name="secretsmanager",
                                region_name=region_name)
        cache_config = SecretCacheConfig()
        self.cache = SecretCache(config=cache_config, client=client)

    def retrieve_secret(self, secret_name: str) -> Optional[Secret]:
        """
        Retrieve a secret from the cache (or fetch from AWS if not already cached)

        Assumes that we are just storing text, not binary data (for now)
        """
        return Secret(json.loads(self.cache.get_secret_string(secret_name)))
Beispiel #7
0
 def __init__(self, region_name: str):
     session = boto3.session.Session()
     client = session.client(service_name="secretsmanager",
                             region_name=region_name)
     cache_config = SecretCacheConfig()
     self.cache = SecretCache(config=cache_config, client=client)