-
Notifications
You must be signed in to change notification settings - Fork 1
/
testing class.py
148 lines (121 loc) · 5.54 KB
/
testing class.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
import time
import datetime
import os
import conjur
from conjur.config import config
import getpass
import terminal
from terminal import permission_allowed
from terminal import grant_permission
"""
def current_time(self):
#current time
ts = time.time()
st = datetime.datetime.fromtimestamp(ts).strftime('%Y%m%d_%H%M%S')
print st
"""
"""
def read_private_key(self):
## Reads the server.key
text_file = open("/Users/keval/PycharmProjects/untitled1/server.key", "r")
lines = text_file.read()
print lines
"""
class conjur_lemur():
def __init__(self):
# building path
config.appliance_url = "https://conjur-dev-master.d1.opendns.com/api"
config.account = "dev"
config.cert_file = "/Users/" + getpass.getuser() + "/.conjur/conjur-dev.pem"
self.conjurapi = conjur.new_from_netrc("/Users/" + getpass.getuser() + "/.netrc", config=config)
print getpass.getuser()
def write_privatekey_to_conjur(self,id_no, private_key, certificate_content):
# creating a conjur variable and storing a secret in the variable
token = self.conjurapi.create_variable(
id='dev/lemur/certs/' + id_no + '/key',
value=private_key
)
print token.value()
# creating a conjur variable and storing a certificate in the variable
token1 = self.conjurapi.create_variable(
id='dev/lemur/certs/' + id_no + '/cert',
value=certificate_content
)
print token1.value()
# checking the value written in the variable
#value = conjurapi.variable('dev/lemur/certs/' + id_no + '/key').value(version=None)
#print value
# calling the function to show permissions and set new permissions
variable_name = 'dev/lemur/certs/' + id_no + '/key'
# self.set_conjur_permissions(variable_name)
# self.read_privatekey_from_conjur(id_no)
def read_privatekey_from_conjur(self,id_no):
# checking the value written in the variable
value = self.conjurapi.variable('dev/lemur/certs/' + id_no + '/key').value(version=None)
return value
def read_cert_from_conjur(self,id_no):
value1 = self.conjurapi.variable('dev/lemur/certs/' + id_no + '/cert').value(version=None)
return value1
def set_conjur_permissions(self,conjur_variable):
option = raw_input('Enter your option... r=read e=execute u=update ')
print('you chose', option)
if (option == 'r'):
print "It shows all users/hosts that have (read) access to the variable"
# print "you are in read"
# variable_name = 'dev/lemur/certs/20150708_133534/key'
os.system("conjur resource permitted_roles variable:" + conjur_variable + " read")
elif (option == 'e'):
print "It shows all users/hosts that have (execute) access to the variable"
# print "you are in execute"
# variable_name = 'dev/lemur/certs/20150708_133534/key'
os.system("conjur resource permitted_roles variable:" + conjur_variable + " read")
elif (option == 'u'):
print "It shows all users/hosts that have (update) access to the variable"
# print "you are in update"
# variable_name = 'dev/lemur/certs/20150708_133534/key'
os.system("conjur resource permitted_roles variable:" + conjur_variable + " read")
else:
print ("Enter a valid option from r, e, u")
layer = 'dev/lemur/rw'
variable_name = 'dev/lemur/certs/20150708_133534/key'
privilige = raw_input('Enter what privilige you want to assign ... r=read e=execute u=update ')
print('you chose', privilige)
if (privilige == 'r'):
# print "It shows all users/hosts that have (read) access to the variable"
# print "you are providing read acces"
# variable_name = 'dev/lemur/certs/20150708_133534/key'
os.system("conjur resource permit variable:" + conjur_variable + " layer:" + layer + " read")
elif (privilige == 'e'):
# print "It shows all users/hosts that have (execute) access to the variable"
# print "you are access to execute"
# variable_name = 'dev/lemur/certs/20150708_133534/key'
os.system("conjur resource permit variable:" + conjur_variable + " layer:" + layer + " read")
elif (privilige == 'u'):
# print "It shows all users/hosts that have (update) access to the variable"
# print "you are access to update"
# variable_name = 'dev/lemur/certs/20150708_133534/key'
os.system("conjur resource permit variable:" + conjur_variable + " layer:" + layer + " read")
else:
print ("Enter a valid option from r, e, u")
if __name__ == "__main__":
# current time
ts = time.time()
st = datetime.datetime.fromtimestamp(ts).strftime('%Y%m%d_%H%M%S')
print st
# reads the privatekey from a file
text_file = open("/Users/keval/PycharmProjects/untitled1/server.key", "r")
lines = text_file.read()
print lines
# reads the cert from a file
text_file = open("/Users/keval/PycharmProjects/untitled1/server.crt", "r")
crt = text_file.read()
print crt
conjurlemur = conjur_lemur()
conjurlemur.write_privatekey_to_conjur(st, lines, crt)
variable_name = 'dev/lemur/certs/' + st + '/key'
x = conjurlemur.set_conjur_permissions(variable_name)
print x
y = conjurlemur.read_privatekey_from_conjur(st)
print y
z = conjurlemur.read_cert_from_conjur(st)
print z