def env(client, paths, opt):
"""Renders a shell snippet based on paths in a Secretfile"""
old_prefix = False
old_prefix = opt.prefix and not (opt.add_prefix or opt.add_suffix
or not opt.merge_path)
if old_prefix:
warning("the prefix option is deprecated but being used "
"due to not passing in new options")
elif opt.prefix:
warning("the prefix option is deprecated but not being "
"used due to passing in new options")
key_map = cli_hash(opt.key_map)
for path in paths:
secrets = client.read(path)
if secrets and 'data' in secrets:
if is_aws(secrets['data']):
renew_secret(client, secrets, opt)
for s_key, s_val in secrets['data'].items():
o_key = s_key
if s_key in key_map:
o_key = key_map[s_key]
# see https://github.com/Autodesk/aomi/issues/40
env_name = None
if old_prefix:
env_name = ("%s_%s" % (opt.prefix, o_key)).upper()
else:
env_name = secret_key_name(path, o_key, opt).upper()
print("%s=\"%s\"" % (env_name, s_val))
if opt.export:
print("export %s" % env_name)
def grok_ttl(secret, aws_obj):
"""Parses the TTL information, keeping in mind old format"""
ttl_obj = {}
lease_msg = ''
if 'lease' in secret:
ttl_obj['lease'] = secret['lease']
lease_msg = "lease:%s" % (ttl_obj['lease'])
if 'lease_max' in secret:
ttl_obj['lease_max'] = secret['lease_max']
else:
if 'lease' in ttl_obj:
ttl_obj['lease_max'] = ttl_obj['lease']
if lease_msg == '':
if 'lease' in aws_obj:
ttl_obj['lease'] = aws_obj['lease']
lease_msg = "lease:%s" % (ttl_obj['lease'])
if 'lease_max' in aws_obj:
ttl_obj['lease_max'] = aws_obj['lease_max']
else:
if 'lease' in ttl_obj:
ttl_obj['lease_max'] = ttl_obj['lease']
if lease_msg != '':
# see https://github.com/Autodesk/aomi/issues/40
warning('Setting lease and lease_max from the '
'AWS yaml is deprecated')
if 'lease_max' in ttl_obj:
lease_msg = "%s lease_max:%s" % (lease_msg, ttl_obj['lease_max'])
return ttl_obj, lease_msg
def aws_roles(secret, aws_obj):
"""Return the AWS roles with appropriate output"""
if 'roles' in secret:
return secret['roles']
# see https://github.com/Autodesk/aomi/issues/40
warning('Defining roles within the AWS yaml is deprecated')
return aws_obj['roles']
def app_id_policy_file(app_obj, data):
"""Determines the correct policy file name, checking both the
proper and legacy location"""
policy_file = None
if 'policy' in data:
warning('Defining policy_name within the app yaml is deprecated')
policy_file = data['policy']
elif 'policy' in app_obj:
policy_file = app_obj['policy']
return policy_file
def app_id_itself(app_obj, data):
"""Determines the application ID to use"""
app_id = None
if 'app_id' in data:
warning('Defining app_id within the app yaml is deprecated')
app_id = data['app_id']
elif 'app_id' in app_obj:
app_id = app_obj['app_id']
else:
app_id = app_id_name(app_obj)
return app_id
def thaw_decrypt(src_file, tmp_dir, opt):
"""Decrypts the encrypted ice file"""
if not os.path.isdir(opt.secrets):
warning("Creating secret directory %s" % opt.secrets)
os.mkdir(opt.secrets)
zip_file = "%s/aomi.zip" % tmp_dir
if not decrypt(src_file, zip_file, opt):
raise aomi.exceptions.GPG("Unable to gpg")
return zip_file
def app_id_policy_name(app_obj, data):
"""Determines the policy name, checking both the proper
and the legacy location"""
policy_name = None
if 'policy_name' in data:
warning('Defining policy_name within the app yaml is deprecated')
policy_name = data['policy_name']
elif 'policy_name' in data:
policy_name = app_obj['policy_name']
else:
policy_name = app_id_name(app_obj)
return policy_name