def test_vault(self):
vault = Vault('password', ':test:')
vault.add_entry('TestArgon2', 'username2', 'password')
print(vault.get_entries())
del vault
vault2 = Vault('password', 'test.db.enc')
vault2.add_entry('Test1', 'username', 'password3')
print(vault2.get_entries())
def setUpClass(self):
self.addr = "http://localhost:8200"
self.token = "root"
os.environ['VAULT_ADDR'] = self.addr
os.environ['VAULT_TOKEN'] = self.token
self.v = Vault(self.addr, self.token)
# Setup docker
self.container = docker.from_env().containers.run(
'vault',
'vault server -dev -dev-root-token-id="root" -dev-listen-address="0.0.0.0:8200"',
detach=True,
remove=True,
name='vault',
ports={'8200': '8200'})
# Wait a second for docker
# Change to the provisioner directory and run it
time.sleep(1)
p = subprocess.Popen(
["python", "vault_api_provisioner.py", "--log=Debug"],
cwd="vault-api-provisioner")
p.wait()
def main():
"""Entrypoint when used as an executable
:returns: None
"""
# Initialize Logging
logging.basicConfig(level=logging.DEBUG)
args = get_commandline_arguments()
init_logging(args)
vault = Vault(os.environ["VAULT_ADDR"], args.token)
secrets = vault.recursive_list(args.engine, args.vaultpath)
path_depth = 0
ul_count = 0
for secret in secrets:
new_path_depth = secret.count("/")
if not secret.endswith("/"):
new_path_depth = new_path_depth + 1
if new_path_depth > path_depth:
print("<ul>")
ul_count = ul_count + 1
if new_path_depth < path_depth:
diff = path_depth - new_path_depth
for _ in range(diff):
print("</ul>")
ul_count = ul_count - diff
path_depth = new_path_depth
ui_link = vault.path_to_ui_link(args.engine, secret)
print(html_list_element(html_link(secret, ui_link)))
for _ in range(ul_count):
print("</ul>")
def env_file_from_vault(self):
service_envs = Vault().get_service_envs(self.swarm_stack, self.service)
if service_envs:
out_file = open(self.env_filename, 'w')
for key, value in service_envs.items():
out_file.write(f'{key}={value}\n')
out_file.close()
print('[INFO] Creating env file')
def log_on(self):
""" Logs on to a website, using an url.
First checks if the channel requires log on. If so and it's not already
logged on, it should handle the log on. That part should be implemented
by the specific channel.
More arguments can be passed on, but must be handled by custom code.
After a successful log on the self.loggedOn property is set to True and
True is returned.
:return: indication if the login was successful.
:rtype: bool
"""
if self.__idToken:
return True
# check if there is a refresh token
# refresh token: viervijfzes_refresh_token
refresh_token = AddonSettings.get_setting("viervijfzes_refresh_token")
client = AwsIdp("eu-west-1_dViSsKM5Y",
"6s1h851s8uplco5h6mqh1jac8m",
proxy=self.proxy,
logger=Logger.instance())
if refresh_token:
id_token = client.renew_token(refresh_token)
if id_token:
self.__idToken = id_token
return True
else:
Logger.info("Extending token for VierVijfZes failed.")
# username: viervijfzes_username
username = AddonSettings.get_setting("viervijfzes_username")
# password: viervijfzes_password
v = Vault()
password = v.get_setting("viervijfzes_password")
if not username or not password:
XbmcWrapper.show_dialog(
title=None,
lines=LanguageHelper.get_localized_string(
LanguageHelper.MissingCredentials),
)
return False
id_token, refresh_token = client.authenticate(username, password)
if not id_token or not refresh_token:
Logger.error("Error getting a new token. Wrong password?")
return False
self.__idToken = id_token
AddonSettings.set_setting("viervijfzes_refresh_token", refresh_token)
return True
def main():
"""Entrypoint when used as an executable
:returns: None
"""
# Initialize Logging
logging.basicConfig(level=logging.DEBUG)
args = get_commandline_arguments()
init_logging(args)
vault = Vault(os.environ["VAULT_ADDR"], args.token)
vault.del_userpass_user(args.user)
def main():
"""Entrypoint when used as an executable
:returns: None
"""
# Initialize Logging
logging.basicConfig(level=logging.DEBUG)
args = get_commandline_arguments()
init_logging(args)
vault = Vault(os.environ["VAULT_ADDR"], args.token)
password = vault.add_user(args.firstname, args.lastname)
token = vault.wrap({"password": password})
unwrap = vault.unwrap_str(token)
print(unwrap)
def main():
"""Entrypoint when used as an executable
:returns: None
"""
# Initialize Logging
logging.basicConfig(level=logging.DEBUG)
args = get_commandline_arguments()
init_logging(args)
vault = Vault(os.environ["VAULT_ADDR"], args.token)
if args.recursive:
vault.recursive_delete(args.engine, args.vaultpath)
return
vault.delete(args.engine, args.vaultpath)
def LogOn(self):
signatureSettings = "mediaan_signature"
signatureSetting = AddonSettings.GetSetting(signatureSettings)
# apiKey = "3_HZ0FtkMW_gOyKlqQzW5_0FHRC7Nd5XpXJZcDdXY4pk5eES2ZWmejRW5egwVm4ug-" # from VTM
apiKey = "3_OEz9nzakKMkhPdUnz41EqSRfhJg5z9JXvS4wUORkqNf2M2c1wS81ilBgCewkot97" # from Stievie
if signatureSetting and "|" not in signatureSetting:
url = "https://accounts.eu1.gigya.com/accounts.getAccountInfo"
data = "APIKey=%s" \
"&sdk=js_7.4.30" \
"&login_token=%s" % (apiKey, signatureSetting, )
logonData = UriHandler.Open(url,
params=data,
proxy=self.proxy,
noCache=True)
if self.__ExtractSessionData(logonData, signatureSettings):
return True
Logger.Warning("Failed to extend the VTM.be session.")
Logger.Info("Logging onto VTM.be")
v = Vault()
password = v.GetSetting("mediaan_password")
username = AddonSettings.GetSetting("mediaan_username")
if not username or not password:
XbmcWrapper.ShowDialog(
title=None,
lines=LanguageHelper.GetLocalizedString(
LanguageHelper.MissingCredentials),
# notificationType=XbmcWrapper.Error,
# displayTime=5000
)
return False
Logger.Debug("Using: %s / %s", username, "*" * len(password))
url = "https://accounts.eu1.gigya.com/accounts.login"
data = "loginID=%s" \
"&password=%s" \
"&targetEnv=jssdk" \
"&APIKey=%s" \
"&includeSSOToken=true" \
"&authMode=cookie" % \
(HtmlEntityHelper.UrlEncode(username), HtmlEntityHelper.UrlEncode(password), apiKey)
logonData = UriHandler.Open(url,
params=data,
proxy=self.proxy,
noCache=True)
return self.__ExtractSessionData(logonData, signatureSettings)
def main(self):
env = sys.argv[1]
stage = sys.argv[2]
component = sys.argv[3]
context = ''
self.vaulter = Vault()
configfile = "Bungeefile"
while not os.path.isfile(configfile):
configfile = "../" + configfile
if os.path.abspath(configfile) == '/Bungeefile':
raise ValueError("No Bungeefile found")
self.basepath = os.path.dirname(os.path.abspath(configfile))
stream = open(configfile, 'r')
tmp = yaml.safe_load(stream)
envs = tmp['envs']
self.env = envs[env]
self.env['name'] = env
if tmp['plugins']:
if tmp['plugins']['vault']:
self.vaulter.envpath = tmp['plugins']['vault'][
'path'] + '/' + env
self.vaulter.component = component
self.vaulter.server = tmp['plugins']['vault']['server']
if stage not in ('setup', 'deploy'):
pprint("Stage '" + stage + "' not recognised")
os.exit(1)
if stage == 'setup':
self.setup(component, env)
elif stage == 'deploy':
self.deploy(component, env)
else:
pprint(
"Unrecognised stage, usage : bungee <env> <stage> <component>")
def LogOn(self):
if self.__idToken:
return True
# check if there is a refresh token
# refresh token: viervijfzes_refresh_token
refreshToken = AddonSettings.GetSetting("viervijfzes_refresh_token")
client = AwsIdp("eu-west-1_dViSsKM5Y",
"6s1h851s8uplco5h6mqh1jac8m",
proxy=self.proxy,
logger=Logger.Instance())
if refreshToken:
idToken = client.RenewToken(refreshToken)
if idToken:
self.__idToken = idToken
return True
else:
Logger.Info("Extending token for VierVijfZes failed.")
# username: viervijfzes_username
username = AddonSettings.GetSetting("viervijfzes_username")
# password: viervijfzes_password
v = Vault()
password = v.GetSetting("viervijfzes_password")
if not username or not password:
XbmcWrapper.ShowDialog(
title=None,
lines=LanguageHelper.GetLocalizedString(
LanguageHelper.MissingCredentials),
)
return False
idToken, refreshToken = client.Authenticate(username, password)
if not idToken or not refreshToken:
Logger.Error("Error getting a new token. Wrong password?")
return False
self.__idToken = idToken
AddonSettings.SetSetting("viervijfzes_refresh_token", refreshToken)
return True
def LogOn(self):
tokenCookie = UriHandler.GetCookie("X-VRT-Token", ".vrt.be")
if tokenCookie is not None:
return True
username = self._GetSetting("username")
if not username:
return None
v = Vault()
password = v.GetChannelSetting(self.guid, "password")
if not password:
Logger.Warning("Found empty password for VRT user")
Logger.Debug("Using: %s / %s", username, "*" * len(password))
url = "https://accounts.eu1.gigya.com/accounts.login"
data = "loginID=%s" \
"&password=%s" \
"&targetEnv=jssdk" \
"&APIKey=3_qhEcPa5JGFROVwu5SWKqJ4mVOIkwlFNMSKwzPDAh8QZOtHqu6L4nD5Q7lk0eXOOG" \
"&includeSSOToken=true" \
"&authMode=cookie" % \
(HtmlEntityHelper.UrlEncode(username), HtmlEntityHelper.UrlEncode(password))
logonData = UriHandler.Open(url, params=data, proxy=self.proxy, noCache=True)
sig, uid, timestamp = self.__ExtractSessionData(logonData)
if sig is None and uid is None and timestamp is None:
return False
url = "https://token.vrt.be/"
tokenData = '{"uid": "%s", ' \
'"uidsig": "%s", ' \
'"ts": "%s", ' \
'"fn": "VRT", "ln": "NU", ' \
'"email": "%s"}' % (uid, sig, timestamp, username)
headers = {"Content-Type": "application/json", "Referer": "https://www.vrt.be/vrtnu/"}
UriHandler.Open(url, params=tokenData, proxy=self.proxy, additionalHeaders=headers)
return True
class TestVault(unittest.TestCase):
v = Vault("http://0.0.0.0:8200", "fake token")
commonIdentityResponse = dict({
"path": "",
"policies": [],
})
rootIdentityResponse = dict({
"path": "auth/token/root",
"policies": [
"root"
],
})
def test_cleanup_json(self):
data = {
'a': None,
'b': '',
'c': 'c',
'd': 'd',
'e': 1,
'f': dict(a='a', b='b'),
'g': [1,2,3]
}
expected = {
'c': 'c',
'd': 'd',
'e': 1,
'f': dict(a='a', b='b'),
'g': [1,2,3]
}
self.assertEqual(self.v.cleanup_json(data), expected)
def test_is_authenticated(self):
# True case
self.v.is_authenticated = MagicMock(return_value=True)
self.assertTrue(self.v.is_authenticated())
# False case
self.v.is_authenticated = MagicMock(return_value=False)
self.assertFalse(self.v.is_authenticated())
def test_get_status(self):
response = {
"initialized": True,
"sealed": False,
"standby": False,
"performance_standby": False,
"replication_perf_mode": "disabled",
"replication_dr_mode": "disabled",
"server_time_utc": 1516639589,
"version": "0.9.1",
"cluster_name": "vault-cluster-3bd69ca2",
"cluster_id": "00af5aa8-c87d-b5fc-e82e-97cd8dfaf731"
}
# JSON case
self.v.get_status = MagicMock(return_value=response)
self.assertEqual(self.v.get_status(), response)
# None case
self.v.get_status = MagicMock(return_value=None)
self.assertIsNone(self.v.get_status())
def test_get_identity(self):
self.v.get_identity = MagicMock(return_value=self.rootIdentityResponse)
self.assertEqual(self.v.get_identity(), self.rootIdentityResponse)
def test_is_root(self):
self.v.get_identity = MagicMock(return_value=self.rootIdentityResponse)
self.assertTrue(self.v.is_root())
self.v.get_identity = MagicMock(return_value=self.commonIdentityResponse)
self.assertFalse(self.v.is_root())
def test_get_audit_devices(self):
response = {
"file": {
"type": "file",
"description": "Store logs in a file",
"options": {
"file_path": "/var/log/vault.log"
}
}
}
self.v.get_audit_devices = MagicMock(return_value=response)
self.assertEqual(self.v.get_audit_devices(), response)
def test_is_initialized(self):
self.v.is_initialized = MagicMock(return_value=False)
self.assertFalse(self.v.is_initialized())
self.v.is_initialized = MagicMock(return_value=True)
self.assertTrue(self.v.is_initialized())
def test_get_policies(self):
response = ["root", "my-policy"]
self.v.get_policies = MagicMock(return_value=response)
self.assertEqual(self.v.get_policies(), response)
def log_on(self):
""" Logs on to a website, using an url.
First checks if the channel requires log on. If so and it's not already
logged on, it should handle the log on. That part should be implemented
by the specific channel.
More arguments can be passed on, but must be handled by custom code.
After a successful log on the self.loggedOn property is set to True and
True is returned.
:return: indication if the login was successful.
:rtype: bool
"""
api_key = "3_qhEcPa5JGFROVwu5SWKqJ4mVOIkwlFNMSKwzPDAh8QZOtHqu6L4nD5Q7lk0eXOOG"
# Do we still have a valid short living token (1 hour)? If so, we have an active session.
short_login_cookie = UriHandler.get_cookie("X-VRT-Token", ".vrt.be")
if short_login_cookie is not None:
# The old X-VRT-Token expired after 1 year. We don't want that old cookie
short_login_cookie_can_live_too_long = \
DateHelper.get_date_from_posix(short_login_cookie.expires) > datetime.datetime.now() + datetime.timedelta(hours=4)
if not short_login_cookie_can_live_too_long:
Logger.debug("Using existing VRT.be session.")
return True
# Do we still have a valid long living token? If so, try to extend the session. We need the
# original UIDSignature value for that. The 'vrtlogin-rt' and all other related cookies
# are valid for a same period (1 year).
long_login_cookie = UriHandler.get_cookie("vrtlogin-rt", ".vrt.be")
if long_login_cookie is not None:
# if we stored a valid user signature, we can use it, together with the 'gmid' and
# 'ucid' cookies to extend the session and get new token data
data = UriHandler.open("https://token.vrt.be/refreshtoken",
proxy=self.proxy,
no_cache=True)
if "vrtnutoken" in data:
Logger.debug("Refreshed the VRT.be session.")
return True
Logger.warning("Failed to extend the VRT.be session.")
username = self._get_setting("username")
if not username:
Logger.warning("No username configured for VRT.nu")
return None
v = Vault()
password = v.get_channel_setting(self.guid, "password")
if not password:
Logger.warning("Found empty password for VRT user")
# Get a 'gmid' and 'ucid' cookie by logging in. Valid for 10 years
Logger.debug("Using: %s / %s", username, "*" * len(password))
url = "https://accounts.vrt.be/accounts.login"
data = {
"loginID": username,
"password": password,
"sessionExpiration": "-1",
"targetEnv": "jssdk",
"include": "profile,data,emails,subscriptions,preferences,",
"includeUserInfo": "true",
"loginMode": "standard",
"lang": "nl-inf",
"APIKey": api_key,
"source": "showScreenSet",
"sdk": "js_latest",
"authMode": "cookie",
"format": "json"
}
logon_data = UriHandler.open(url,
data=data,
proxy=self.proxy,
no_cache=True)
user_id, signature, signature_time_stamp = self.__extract_session_data(
logon_data)
if user_id is None or signature is None or signature_time_stamp is None:
return False
# We need to initialize the token retrieval which will redirect to the actual token
UriHandler.open(
"https://token.vrt.be/vrtnuinitlogin?provider=site&destination=https://www.vrt.be/vrtnu/",
proxy=self.proxy,
no_cache=True)
# Now get the actual VRT tokens (X-VRT-Token....). Valid for 1 hour. So we call the actual
# perform_login url which will redirect and get cookies.
token_data = {
"UID": user_id,
"UIDSignature": signature,
"signatureTimestamp": signature_time_stamp,
"client_id": "vrtnu-site",
"submit": "submit"
}
UriHandler.open("https://login.vrt.be/perform_login",
proxy=self.proxy,
data=token_data,
no_cache=True)
return True
import unittest
import sys
sys.path.append("../lib")
from vault import Vault
DEFAULT_VAULT_ADDR = "http://127.0.0.1:8200"
vault = Vault(DEFAULT_VAULT_ADDR)
class VaultTest(unittest.TestCase):
def __init__(self, *args, **kwargs):
super(VaultTest, self).__init__(*args, **kwargs)
self.engine_name = "test_create_engine"
self.key_name = "test_key"
self.k_v = [["key1"], ["value1"]]
def test_create_engine(self):
resStatus = vault.create_engine(self.engine_name)
self.assertEqual(resStatus, 204)
def test_create_key(self):
resStatus = vault.create_key(self.engine_name, self.key_name,
self.k_v[0], self.k_v[1])
self.assertEqual(resStatus, 204)
def test_get_key(self):
resKey = vault.get_key(self.engine_name, self.key_name)[0]
self.assertEqual(resKey, [self.k_v[0][0], self.k_v[1][0]])
asset=transfer_asset,
inputs=transfer_input,
recipients=self.bigchain_keys['public_key'],
metadata=metadata
)
signed = bdb.transactions.fulfill(
prepared_tx,
private_keys=self.bigchain_keys['private_key']
)
tx = bdb.transactions.send_commit(signed)
return tx
if __name__ =='__main__':
vault = Vault(config)
vault.setup()
user = User('pratik', 'doctor', '12345678')
# print(user.write_record("sadaedeafefef", {"description": "get allah....lamo"}))
# transfer = user.transfer_record(asset="get allah....lamo", doclist=['ajacku'])
# print(transfer)
# asset = user.get_assets("get allah....lamo")
# tx = user.get_transactions(id=asset[0]['id'])
# print(tx[-1])
#print(user.get_single_asset(id='d7ac1bb86f149f48b8b291f822867d55423a3e1204a1b2ccf8fd9c6389c53484'))
# print(user.get_transactions(id='ca9b52f9f80ef3e2371be172be43f95655d150a93b576cbc5ff09f3a74674b9a'))
#print(user.get_single_file('abdullahhh'))
def get_vault(self, name):
"""
Returns a Vault instance
"""
return Vault(name, self)
def __init__(self, addon_name, params, handle=0): # NOSONAR complexity
""" Initialises the plugin with given arguments.
:param str addon_name: The add-on name.
:param str params: The input parameters from the query string.
:param int handle: The Kodi directory handle.
"""
Logger.info("******** Starting %s add-on version %s/repo *********",
Config.appName, Config.version)
# noinspection PyTypeChecker
self.handle = int(handle)
super(Plugin, self).__init__(addon_name, params)
Logger.debug(
"Plugin Params: %s (%s)\n"
"Handle: %s\n"
"Name: %s\n"
"Query: %s", self.params, len(self.params), self.handle,
self.pluginName, params)
# channel objects
self.channelObject = None
self.channelFile = ""
self.channelCode = None
self.contentType = "episodes"
self.methodContainer = dict(
) # : storage for the inspect.getmembers(channel) method. Improves performance
# are we in session?
session_active = SessionHelper.is_session_active(Logger.instance())
# fetch some environment settings
env_ctrl = envcontroller.EnvController(Logger.instance())
if not session_active:
# do add-on start stuff
Logger.info("Add-On start detected. Performing startup actions.")
# print the folder structure
env_ctrl.print_retrospect_settings_and_folders(
Config, AddonSettings)
# show notification
XbmcWrapper.show_notification(None,
LanguageHelper.get_localized_string(
LanguageHelper.StartingAddonId) %
(Config.appName, ),
fallback=False,
logger=Logger)
# check for updates. Using local import for performance
from updater import Updater
up = Updater(Config.updateUrl, Config.version,
UriHandler.instance(), Logger.instance(),
AddonSettings.get_release_track())
if up.is_new_version_available():
Logger.info("Found new version online: %s vs %s",
up.currentVersion, up.onlineVersion)
notification = LanguageHelper.get_localized_string(
LanguageHelper.NewVersion2Id)
notification = notification % (Config.appName,
up.onlineVersion)
XbmcWrapper.show_notification(None,
lines=notification,
display_time=20000)
# check for cache folder
env_ctrl.cache_check()
# do some cache cleanup
env_ctrl.cache_clean_up(Config.cacheDir, Config.cacheValidTime)
# create a session
SessionHelper.create_session(Logger.instance())
#===============================================================================
# Start the plugin version of progwindow
#===============================================================================
if len(self.params) == 0:
# Show initial start if not in a session
# now show the list
if AddonSettings.show_categories():
self.show_categories()
else:
self.show_channel_list()
#===============================================================================
# Start the plugin verion of the episode window
#===============================================================================
else:
# Determine what stage we are in. Check that there are more than 2 Parameters
if len(self.params) > 1 and self.keywordChannel in self.params:
# retrieve channel characteristics
self.channelFile = os.path.splitext(
self.params[self.keywordChannel])[0]
self.channelCode = self.params[self.keywordChannelCode]
Logger.debug(
"Found Channel data in URL: channel='%s', code='%s'",
self.channelFile, self.channelCode)
# import the channel
channel_register = ChannelIndex.get_register()
channel = channel_register.get_channel(self.channelFile,
self.channelCode)
if channel is not None:
self.channelObject = channel
else:
Logger.critical(
"None or more than one channels were found, unable to continue."
)
return
# init the channel as plugin
self.channelObject.init_channel()
Logger.info("Loaded: %s", self.channelObject.channelName)
elif self.keywordCategory in self.params \
or self.keywordAction in self.params and (
self.params[self.keywordAction] == self.actionAllFavourites or
self.params[self.keywordAction] == self.actionRemoveFavourite):
# no channel needed for these favourites actions.
pass
# ===============================================================================
# Vault Actions
# ===============================================================================
elif self.keywordAction in self.params and \
self.params[self.keywordAction] in \
(
self.actionSetEncryptedValue,
self.actionSetEncryptionPin,
self.actionResetVault
):
try:
# Import vault here, as it is only used here or in a channel
# that supports it
from vault import Vault
action = self.params[self.keywordAction]
if action == self.actionResetVault:
Vault.reset()
return
v = Vault()
if action == self.actionSetEncryptionPin:
v.change_pin()
elif action == self.actionSetEncryptedValue:
v.set_setting(
self.params[self.keywordSettingId],
self.params.get(self.keywordSettingName, ""),
self.params.get(self.keywordSettingActionId, None))
finally:
if self.keywordSettingTabFocus in self.params:
AddonSettings.show_settings(
self.params[self.keywordSettingTabFocus],
self.params.get(self.keywordSettingSettingFocus,
None))
return
elif self.keywordAction in self.params and \
self.actionPostLog in self.params[self.keywordAction]:
self.__send_log()
return
elif self.keywordAction in self.params and \
self.actionProxy in self.params[self.keywordAction]:
# do this here to not close the busy dialog on the SetProxy when
# a confirm box is shown
title = LanguageHelper.get_localized_string(
LanguageHelper.ProxyChangeConfirmTitle)
content = LanguageHelper.get_localized_string(
LanguageHelper.ProxyChangeConfirm)
if not XbmcWrapper.show_yes_no(title, content):
Logger.warning(
"Stopping proxy update due to user intervention")
return
language = self.params.get(self.keywordLanguage, None)
proxy_id = self.params.get(self.keywordProxy, None)
local_ip = self.params.get(self.keywordLocalIP, None)
self.__set_proxy(language, proxy_id, local_ip)
return
else:
Logger.critical("Error determining Plugin action")
return
#===============================================================================
# See what needs to be done.
#===============================================================================
if self.keywordAction not in self.params:
Logger.critical(
"Action parameters missing from request. Parameters=%s",
self.params)
return
elif self.params[self.keywordAction] == self.actionListCategory:
self.show_channel_list(self.params[self.keywordCategory])
elif self.params[
self.keywordAction] == self.actionConfigureChannel:
self.__configure_channel(self.channelObject)
elif self.params[self.keywordAction] == self.actionFavourites:
# we should show the favourites
self.show_favourites(self.channelObject)
elif self.params[self.keywordAction] == self.actionAllFavourites:
self.show_favourites(None)
elif self.params[self.keywordAction] == self.actionListFolder:
# channelName and URL is present, Parse the folder
self.process_folder_list()
elif self.params[self.keywordAction] == self.actionPlayVideo:
self.play_video_item()
elif not self.params[self.keywordAction] == "":
self.on_action_from_context_menu(
self.params[self.keywordAction])
else:
Logger.warning(
"Number of parameters (%s) or parameter (%s) values not implemented",
len(self.params), self.params)
self.__fetch_textures()
return
def setUp(self):
self.vault = Vault(':memory:')
self.vault.nuke_table()
)
docs.append(packer)
# Terraform
terraform_config = config["terraform"]
terraform = Terraform(
path=terraform_config["path"],
repository_path=terraform_config["repository_path"],
git_url=terraform_config["git_url"]
)
docs.append(terraform)
# Vault
vault_config = config["vault"]
vault = Vault(
path=vault_config["path"],
repository_path=vault_config["repository_path"],
git_url=vault_config["git_url"],
minimum_version=vault_config["minimum_version"]
)
docs.append(vault)
# Start processing.
for doc in docs:
# Update documentation.
updates = doc.update()
# Add new versions.
dash.add_versions(doc_name=doc.name, versions=updates)
import argparse
vault_addr = os.environ[
'VAULT_ADDR'] if 'VAULT_ADDR' in os.environ else "http://127.0.0.1:8200"
parser = argparse.ArgumentParser(description="Vault - Password Manager")
parser.add_argument("command", help="get or create or createengine")
parser.add_argument("--env", required=True, help="dev, qac,.. ")
parser.add_argument("--key", required=False, help="google, aws,..")
parser.add_argument("--kv",
nargs="+",
required=False,
help="key1=value1 key2=value2")
args = parser.parse_args()
vault = Vault(vault_addr)
if args.command == "get":
vault.get_key(args.env, args.key)
elif args.command == "createengine":
vault.create_engine(args.env)
elif args.command == "create":
k = []
v = []
for item in args.kv:
item = item.split("=")
k.append(item[0])
v.append(item[1])
vault.create_key(args.env, args.key, k, v)
elif args.command == "unseal":
vault.unseal()
else:
def __init__(self):
"""
initialize and check configuration
"""
# rancher api service
self.rancher_api_url=os.getenv('AUTOFW_RANCHER_API_URL','')
self.rancher_api_key=os.getenv('AUTOFW_RANCHER_API_KEY','')
self.rancher_api_secret=os.getenv('AUTOFW_RANCHER_API_SECRET','')
# we use paramiko to access the ssh interface of the mikrotik
# router. (with username and password)
self.mikrotik_user=os.getenv('AUTOFW_MIKROTIK_USER','')
self.mikrotik_pass=os.getenv('AUTOFW_MIKROTIK_PASS','')
# mikrotik network config
self.mikrotik_address=os.getenv('AUTOFW_MIKROTIK_ADDRESS','')
self.mikrotik_ssh_port=os.getenv('AUTOFW_MIKROTIK_SSH_PORT','22')
# approle key and secret id for vault
self.vault_server=os.getenv('AUTOFW_VAULT_SERVER','')
self.vault_role_id=os.getenv('AUTOFW_VAULT_ROLE_ID','')
self.vault_secret_id=os.getenv('AUTOFW_VAULT_SECRET_ID','')
# if all three values are specified we try to load the credentials for the
# rancher api and the mikrotik firewall from the vault
if self.vault_server and self.vault_role_id and self.vault_secret_id:
try:
# load the vault
vault = Vault(self.vault_server, role_id=self.vault_role_id, secret_id=self.vault_secret_id)
vault.request_access_token()
# now load the different config values (if they exist)
try:
self.rancher_api_key = vault.retrieve_secret('rancher/api/home/autofw','key')
except:
pass
try:
self.rancher_api_secret = vault.retrieve_secret('rancher/api/home/autofw','secret')
except:
pass
try:
self.mikrotik_user = vault.retrieve_secret('mikrotik/autofw','username')
except:
pass
try:
self.mikrotik_pass = vault.retrieve_secret('mikrotik/autofw','password')
except:
pass
except:
pass
self.rancher_api_key
rancher/api/home/autofw
# if no mikrotik address or no mikrotik credentials are specified
# raise an error
if not self.mikrotik_address or not self.mikrotik_user or not self.mikrotik_pass:
raise Exception('Invalid Mikrotik Configuration')
# if no rancher api config was given raise an error
if not self.rancher_api_url or not self.rancher_api_key or not self.rancher_api_secret:
raise Exception('Invalid Rancher Configuration')
# docker labels for config
# only check running containers?
self.docker_check_running=os.getenv('AUTOFW_DOCKER_CHECK_RUNNING','true')
# whats the container label which activates or disables the automatic fw settings
self.docker_label_enable=os.getenv('AUTOFW_DOCKER_LABEL_ENABLE','cloud.hutter.autofw.enable')
# nat lables
# whats the label defining the nat rules
self.docker_label_dstnat=os.getenv('AUTOFW_DOCKER_LABEL_NAT','cloud.hutter.autofw.ip.firewall.dstnat')
# label for additional comment
self.docker_label_dstnat_comment=os.getenv('AUTOFW_DOCKER_LABEL_NAT_COMMENT','cloud.hutter.autofw.ip.firewall.dstnat.comment')
# dns labels
# whats the label which holds the dns names
self.docker_label_staticdns=os.getenv('AUTOFW_DOCKER_LABEL_DNS','cloud.hutter.autofw.ip.dns.static')
self.docker_label_staticdns_comment=os.getenv('AUTOFW_DOCKER_LABEL_DNS_COMMENT','cloud.hutter.autofw.ip.dns.static.comment')
# the comment which is used to filter for firewall rules
self.mikrotik_comment=os.getenv('AUTOFW_MIKROTIK_COMMENT','generated by autofw')
# loglevel
self.loglevel = os.getenv('AUTOFW_LOGLEVEL','info')
# time in seconds between runs
self.schedule = os.getenv('AUTOFW_SCHEDULE','10')
def LogOn(self):
""" Makes sure that we are logged on. """
username = self._GetSetting("username")
if not username:
Logger.Info("No user name for NPO, not logging in")
return False
# cookieValue = self._GetSetting("cookie")
cookie = UriHandler.GetCookie("isAuthenticatedUser", "www.npo.nl")
if cookie:
expireDate = DateHelper.GetDateFromPosix(float(cookie.expires))
Logger.Info("Found existing valid NPO token (valid until: %s)", expireDate)
return True
v = Vault()
password = v.GetChannelSetting(self.guid, "password")
# get a token (why?), cookies and an xsrf token
token = UriHandler.Open("https://www.npo.nl/api/token", proxy=self.proxy, noCache=True,
additionalHeaders={"X-Requested-With": "XMLHttpRequest"})
jsonToken = JsonHelper(token)
token = jsonToken.GetValue("token")
if not token:
return False
xsrfToken = UriHandler.GetCookie("XSRF-TOKEN", "www.npo.nl").value
xsrfToken = HtmlEntityHelper.UrlDecode(xsrfToken)
data = "username=%s&password=%s" % (HtmlEntityHelper.UrlEncode(username),
HtmlEntityHelper.UrlEncode(password))
UriHandler.Open("https://www.npo.nl/api/login", proxy=self.proxy, noCache=True,
additionalHeaders={
"X-Requested-With": "XMLHttpRequest",
"X-XSRF-TOKEN": xsrfToken
},
params=data)
# token = Regexer.DoRegex('name="authenticity_token"[^>]+value="([^"]+)"', tokenData)[0]
#
# # login: https://mijn.npo.nl/sessions POST
# # utf8=%E2%9C%93&authenticity_token=<token>&email=<username>&password=<password>&remember_me=1&commit=Inloggen
# postData = {
# "token": HtmlEntityHelper.UrlEncode(token),
# "email": HtmlEntityHelper.UrlEncode(username),
# "password": HtmlEntityHelper.UrlEncode(password)
# }
# postData = "utf8=%%E2%%9C%%93&authenticity_token=%(token)s&email=%(email)s&" \
# "password=%(password)s&remember_me=1&commit=Inloggen" % postData
# data = UriHandler.Open("https://mijn.npo.nl/sessions", noCache=True, proxy=self.proxy,
# params=postData)
# if not data:
# Logger.Error("Error logging in: no response data")
# return False
#
# # extract the cookie and store
# authCookie = UriHandler.GetCookie("npo_portal_auth_token", ".mijn.npo.nl")
# if not authCookie:
# Logger.Error("Error logging in: Cookie not found.")
# return False
# The cookie should already be in the jar now
return True
