def fix_config_and_key_file_permissions(config_file): cli_setup.apply_user_only_access_permissions(os.path.expandvars(os.path.expanduser(config_file))) config, config_profiles = get_config_profiles(config_file) for config_profile_name in config_profiles: config_key_file_path = os.path.expandvars(os.path.expanduser(config[config_profile_name]['key_file'])) # Below check ensures we do not raise an exception when the key file is not found for a particular profile if (os.path.isfile(config_key_file_path)): cli_setup.apply_user_only_access_permissions(config_key_file_path)
def get_db_token(ctx, from_json, scope, db_token_location): if scope and "urn:oracle:db:" not in scope: click.echo( "scope must be a db scope i.e --scope 'urn:oracle:db::id::*'") ctx.exit(1) kwargs = {} private_key = cli_util.generate_key() public_key = private_key.public_key() db_token_path = os.path.normpath(os.path.expanduser(db_token_location)) Path(db_token_path).mkdir(parents=True, exist_ok=True) private_key_file_path = os.path.join(db_token_path, "oci_db_key.pem") public_key_file_path = os.path.join(db_token_path, "oci_db_key_public.pem") if not cli_setup.write_public_key_to_file(public_key_file_path, public_key, True, True): click.echo("Error: Unable to write public key at {}".format( public_key_file_path)) ctx.exit(1) with open(public_key_file_path, mode='r') as public_file: public_key_from_file = public_file.read() _details = {'scope': scope, 'publicKey': public_key_from_file} client = cli_util.build_client('identity_data_plane', 'dataplane', ctx) result = client.generate_scoped_access_token( generate_scoped_access_token_details=_details, **kwargs) response = cli_util.to_dict(result.data) # persist private key and result db_token if not cli_setup.write_private_key_to_file(private_key_file_path, private_key, '', True, True): click.echo("Error: Unable to write private key at: {}".format( private_key_file_path)) ctx.exit(1) else: click.echo("Private key written at {}".format(private_key_file_path)) db_token_path = os.path.join(db_token_path, "token") with open(db_token_path, "w") as f: f.write(response['token']) click.echo('db-token written at: {}'.format(db_token_path)) cli_setup.apply_user_only_access_permissions(db_token_path) with open(db_token_path, 'r') as db_token_file: token = db_token_file.read() db_token_container = oci.auth.security_token_container.SecurityTokenContainer( None, token) db_token_file = db_token_container.get_jwt() expiry_time = datetime.datetime.fromtimestamp( db_token_file['exp']).strftime("%Y-%m-%d %H:%M:%S") click.echo("db-token is valid until " + expiry_time, file=sys.stderr)