def get_api_key(ssl_verification_metadata: SslVerificationMetadata,
credential_data: CredentialsData, password: str,
conjurrc: ConjurrcData) -> str:
"""
Method to fetch the user/host's API key from Conjur
"""
# pylint: disable=logging-fstring-interpolation,raise-missing-from
logging.debug(
f"Attempting to fetch '{credential_data.username}' API key from Conjur..."
)
try:
credentials_provider = SimpleCredentialsProvider()
credentials_provider.save(
CredentialsData(machine=conjurrc.conjur_url,
username=credential_data.username,
password=password))
client = Client(
connection_info=conjurrc.get_client_connection_info(),
ssl_verification_mode=ssl_verification_metadata.mode,
credentials_provider=credentials_provider,
async_mode=False)
api_key = client.login()
except HttpSslError:
if not conjurrc.cert_file and not ssl_verification_metadata.is_insecure_mode:
raise CertificateVerificationException
logging.debug("API key retrieved from Conjur")
return api_key
def fetch_account_from_server(
cls, conjurrc_data: ConjurrcData,
ssl_verification_metadata: SslVerificationMetadata):
"""
Fetches the account from the Conjur Enterprise server by making a
request to the /info endpoint. This endpoint only exists in the
Conjur Enterprise server
"""
logging.debug(
"Attempting to fetch the account from the Conjur server...")
client = Client(
connection_info=conjurrc_data.get_client_connection_info(),
ssl_verification_mode=ssl_verification_metadata.mode,
credentials_provider=SimpleCredentialsProvider(),
async_mode=False)
response = client.get_server_info()
conjurrc_data.conjur_account = response['configuration']['conjur'][
'account']
logging.debug(
"Account '%s' successfully fetched from the Conjur server",
conjurrc_data.conjur_account)