def servicecred_auth(dcos_url, username, key_path):
"""
Get DC/OS Authentication token by browser prompt
:param dcos_url: url to cluster
:type dcos_url: str
:param username: username user for authentication
:type username: str
:param key_path: path to service key
:param key_path: str
:rtype: None
"""
# 'token' below contains a short lived service login token. This requires
# the local machine to be in sync with DC/OS nodes enough that the 5min
# padding here is enough time to validate the token.
creds = {
'uid':
username,
'token':
jwt.encode({
'exp': int(time.time() + 5 * 60),
'uid': username
},
util.read_file_secure(key_path),
algorithm='RS256').decode('ascii')
}
dcos_token = _get_dcostoken_by_post_with_creds(dcos_url, creds)
if not dcos_token:
raise DCOSException("Authentication failed")
else:
return
def _get_password(password_str, password_env, password_file):
"""
Get password for authentication
:param password_str: password
:type password_str: str
:param password_env: name of environment variable with password
:type password_env: str
:param password_file: path to file with password
:type password_file: bool
:returns: password or None if no password specified
:rtype: str | None
"""
password = None
if password_str:
password = password_str
elif password_env:
password = os.environ.get(password_env)
if password is None:
msg = "Environment variable specified [{}] does not exist"
raise DCOSException(msg.format(password_env))
elif password_file:
password = util.read_file_secure(password_file)
return password
def servicecred_auth(dcos_url, username, key_path):
"""
Get DC/OS Authentication token by browser prompt
:param dcos_url: url to cluster
:type dcos_url: str
:param username: username user for authentication
:type username: str
:param key_path: path to service key
:param key_path: str
:rtype: None
"""
# 'token' below contains a short lived service login token. This requires
# the local machine to be in sync with DC/OS nodes enough that the 5min
# padding here is enough time to validate the token.
creds = {
'uid': username,
'token': jwt.encode(
{
'exp': int(time.time()+5*60),
'uid': username
},
util.read_file_secure(key_path),
algorithm='RS256')
.decode('ascii')
}
dcos_token = _get_dcostoken_by_post_with_creds(dcos_url, creds)
if not dcos_token:
raise DCOSException("Authentication failed")
else:
return
def test_read_file_secure_with_trailing_whitespaces():
with util.temptext(b"my_secure_password \r\n") as temp_file:
path = temp_file[1]
os.chmod(path, 0o600)
password = util.read_file_secure(path)
assert password == "my_secure_password"