def get_token(self, username, password, hostname):
self._logger.info("Get token from GUI.")
vault_client = VaultClient(hostname, username, password, tokenfile)
login_status = vault_client.login(username, password)
if login_status:
return "Token obtained."
else:
return "Unable to obtain token. Verify your credentials and Vault URL."
def get_entity_name(self, username, password, vault_token, hostname,
entity_id):
try:
vault_client = VaultClient(hostname, username, password, tokenfile,
vault_token)
return (True, vault_client.read_entity_by_id(entity_id))
except Exception as e:
return (False, str(e))
def decrypt(self, username, password, vault_token, hostname, url,
output_path):
try:
self._logger.info("Decrypt files in the path {}".format(
self._input_path))
vault_client = VaultClient(hostname, username, password, tokenfile,
vault_token)
dataset_name = url.split("/")[-1]
key_manager = KeyManagementVault(vault_client, dataset_name)
arguments = {
"--input": self._input_path,
"--output": output_path,
"--username": username,
"--password": password,
"--vault": hostname,
"--url": url,
"--decrypt": True,
"--encrypt": False
}
encryptor = Cryptor(arguments, key_manager, self._logger,
dataset_name)
encryptor.decrypt()
return (True, None)
except Exception as e:
return (False, str(e))
def create_access_granter(self, username, password, vault_token, hostname):
try:
vault_client = VaultClient(hostname, username, password, tokenfile,
vault_token)
# TODO: add another method to set self._access_granter to null when the review window is closed
access_granter = AccessManager(vault_client)
self._access_granter = access_granter
return (True, None)
except Exception as e:
return (False, str(e))
def grant_access(self, username, password, vault_token, hostname,
dataset_name, requester_id, expiry_date):
try:
vault_client = VaultClient(hostname, username, password, tokenfile,
vault_token)
access_granter = AccessManager(vault_client)
access_granter.grant_access(requester_id, dataset_name,
expiry_date)
return (True, None)
except Exception as e:
return (False, str(e))
def encrypt(self, username, password, vault_token, hostname, output_path):
try:
self._logger.info("Encrypt files in the path {}".format(
self._input_path))
vault_client = VaultClient(hostname, username, password, tokenfile,
vault_token)
dataset_name = str(uuid.uuid4())
key_manager = KeyManagementVault(vault_client, dataset_name)
arguments = {
"--input": self._input_path,
"--output": output_path,
"--username": username,
"--password": password,
"--vault": hostname,
"--encrypt": True
}
encryptor = Cryptor(arguments, key_manager, self._logger,
dataset_name)
bag_path = encryptor.encrypt()
return (True, bag_path)
except Exception as e:
self._logger.info(str(e))
return (False, str(e))
"""
Usage:
expire_permission.py --vault <vault_addr> --tokenfile <root_tokenfile>
Options:
--vault <vault_addr> using hashicorp vault for key generation and storage
--tokenfile <root_tokenfile>
"""
import datetime
from docopt import docopt
from modules.VaultClient import VaultClient
from util import constants
from util.util import Util
from modules.AccessManager import AccessManager
import os
__version__ = constants.VERSION
if __name__ == "__main__":
arguments = docopt(__doc__, version=__version__)
Util.get_logger("cron-monitor-expired-shares",
log_level="info",
filepath=os.path.join(os.path.expanduser('~'), "logs",
"permission_monitor.log"))
with open(arguments["--tokenfile"]) as f:
vault_root_token = f.read()
vault_client = VaultClient(vault_addr=arguments["--vault"],
vault_token=vault_root_token)
access_manager = AccessManager(vault_client)
access_manager.check_access()
from util import constants
from util.util import Util
import click
import webbrowser
from urllib.parse import urljoin
__version__ = constants.VERSION
dirs = AppDirs(constants.APP_NAME, constants.APP_AUTHOR)
os.makedirs(dirs.user_data_dir, exist_ok=True)
tokenfile = os.path.join(dirs.user_data_dir, "vault_token")
if __name__ == "__main__":
arguments = docopt(__doc__, version=__version__)
if arguments["--username"]:
vault_client = VaultClient(vault_addr=arguments["--vault"],
vault_username=arguments["--username"],
vault_passowrd=arguments["--password"],
tokenfile=tokenfile)
elif arguments["--oauth"]:
vault_ui_url = urljoin(arguments["--vault"],
"/ui/vault/auth?with=oidc")
webbrowser.open_new_tab(vault_ui_url)
token = input('Please input your vault client token: ')
vault_client = VaultClient(vault_addr=arguments["--vault"],
vault_username=arguments["--username"],
vault_passowrd=arguments["--password"],
tokenfile=tokenfile,
vault_token=token)
access_manager = AccessManager(vault_client)
if arguments["--mode"] == "review-shares":
print(access_manager.list_members())