def test_user_rotate_api_key_without_param_rotates_logged_in_user(self):
some_user_api_key = self.invoke_cli(
self.cli_auth_params, ['user', 'rotate-api-key', '-i', 'someuser'])
# extract the API key from the returned message
extract_api_key_from_message = some_user_api_key.split(":")[1].strip()
self.invoke_cli(
self.cli_auth_params,
['login', '-i', 'someuser', '-p', extract_api_key_from_message])
credential_store = CredentialStoreFactory.create_credential_store()
loaded_conjurrc = ConjurrcData.load_from_file()
old_api_key = credential_store.load(
loaded_conjurrc.conjur_url).password
some_user_api_key = self.invoke_cli(self.cli_auth_params,
['user', 'rotate-api-key'])
extract_api_key_from_message = some_user_api_key.split(":")[1].strip()
assert old_api_key != extract_api_key_from_message, "the API keys are the same!"
credential_store = CredentialStoreFactory.create_credential_store()
new_api_key = credential_store.load(
loaded_conjurrc.conjur_url).password
assert new_api_key.strip(
) == extract_api_key_from_message, "the API keys are not the same!"
def _run_command_flow(self, args, resource):
ssl_verification_meta_data = get_ssl_verification_meta_data_from_conjurrc(args.ssl_verify)
client = Client(ssl_verification_mode=ssl_verification_meta_data.mode,
connection_info=ConjurrcData.load_from_file().get_client_connection_info(),
debug=args.debug,
credentials_provider=self.credential_provider,
async_mode=False)
if resource == 'list':
cli_actions.handle_list_logic(args, client)
elif resource == 'whoami':
result = client.whoami()
print(json.dumps(result, indent=4))
elif resource == 'variable':
cli_actions.handle_variable_logic(args, client)
elif resource == 'policy':
policy_data = PolicyData(action=args.action, branch=args.branch, file=args.file)
cli_actions.handle_policy_logic(policy_data, client)
elif resource == 'user':
cli_actions.handle_user_logic(self.credential_provider, args, client)
elif resource == 'host':
cli_actions.handle_host_logic(args, client)
elif resource == 'hostfactory':
cli_actions.handle_hostfactory_logic(args, client)
def get_credentials() -> CredentialsData:
try:
cred_store = create_cred_store()
conjurrc = ConjurrcData.load_from_file()
return cred_store.load(conjurrc.conjur_url)
except:
print("Unable to fetch credentials")
def is_credentials_exist(conjur_url=None) -> bool:
try:
cred_store = create_cred_store()
if conjur_url is None:
conjur_url = ConjurrcData.load_from_file().conjur_url
return cred_store.is_exists(conjur_url)
except:
print("Unable to validate that credentials exist")
def delete_credentials():
try:
cred_store = create_cred_store()
conjurrc = ConjurrcData.load_from_file()
if cred_store.is_exists(conjurrc.conjur_url):
return cred_store.remove_credentials(conjurrc.conjur_url)
except:
# this is a util test not throwing for now. user should make sure conjurrc file exists
pass
def _perofrm_auth_if_not_login(self, args):
self._run_init_if_not_occur()
# If the user runs a command without logging into the CLI,
# we request they do so before executing their request
if not self.is_testing_env:
loaded_conjurrc = ConjurrcData.load_from_file()
if not self.credential_provider.is_exists(loaded_conjurrc.conjur_url):
# The below message when a user implicitly requested to init
# pylint: disable=logging-fstring-interpolation
sys.stdout.write(f"{LOGIN_IS_REQUIRED}\n")
cli_actions.handle_login_logic(self.credential_provider, ssl_verify=args.ssl_verify)