Example #1
0
def test_generate_key_profiles():
    if not pterm.HAS_SECURITY:
        pytest.skip("Unable to find security binary")

    creds = tempfile.NamedTemporaryFile('w', delete=False)

    print(
        """User name,Password,Access key ID,Secret access key,Console login link
admin,,AKIxxxxxxxxxxxxxxxNS,YiiKxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx1ULY,h""",
        file=creds)
    creds.close()

    try:
        security('delete-generic-password', '-a', os.getenv("USER"), '-s',
                 cache())
        security('delete-generic-password', '-a', os.getenv("USER"), '-s',
                 aws_key_name(None, None))
    except:
        pass

    pterm.aws_key_name = aws_key_name
    pterm.cache = cache
    pterm.account_aliases = account_aliases

    res = generate_key_profiles(creds.name, "login.keychain-db")
    assert res[0]['Name'] == aws_key_name(None, None)

    # ensure the cache item is picked up if we run the function without a creds file
    res = generate_key_profiles(None, "login.keychain-db")
    assert res[0]['Name'] == aws_key_name(None, None)
Example #2
0
def rm(name):
    try:
        sh.security(
            "delete-generic-password",
            a=getpass.getuser(),
            s=f"{MACOS_KEYCHAIN_PREFIX}: {name}",
        )
    except sh.ErrorReturnCode_44:
        pass
Example #3
0
def add(*, name: str, value: str):
    out = io.StringIO()
    sh.security(
        "add-generic-password",
        a=getpass.getuser(),
        s=f"{MACOS_KEYCHAIN_PREFIX}: {name}",
        w=value,
        _out=out,
    )
    return out.getvalue()
Example #4
0
def security_store(access_key, secret_key, keychain, cache):
    """Store the AWS credentials in the macOS keychain.

    An entry is also added in the cache keychain entry, see
    security_add_to_list.
    """
    name = aws_key_name(access_key, secret_key)
    data = f"AWS_ACCESS_KEY_ID={access_key} AWS_SECRET_KEY_ID={secret_key}"
    existing_key = security_find(name)

    if existing_key == data:
        return name

    security('add-generic-password', '-a', os.getenv("USER"), '-s', name, '-w',
             data, keychain)

    security_add_to_list(name, keychain, cache)

    return name
Example #5
0
def security_find(name):
    """Find a macOS keychain item with given name.

    Returns None if nothing is found.
    """
    try:
        return str(
            security('find-generic-password', '-a', os.getenv("USER"), '-s',
                     name, '-w')).rstrip()
    except sh.ErrorReturnCode_44:  # pylint: disable=no-member
        return None
Example #6
0
def security_add_to_list(name, keychain, cache):
    """Add a key in the keychain cache.

    MacOS doesnt allow to list all the secrets so a list is maintaind for
    pterm to allow adding all profiles that were created via cmd line
    """
    data = security_find(cache)

    if data is not None:
        security('delete-generic-password', '-a', os.getenv("USER"), '-s',
                 cache)
        data = json.loads(data)
    else:
        data = []

    data += [name]

    security('add-generic-password', '-a', os.getenv("USER"), '-s', cache,
             '-w', json.dumps(data), keychain)

    return data
Example #7
0
def ls():
    out = io.StringIO()
    sh.awk(
        sh.grep(sh.security("dump-keychain"), "0x00000007"),
        "-F=",
        "{print $2}",
        _out=out,
    )
    return [
        n.split(f'"{MACOS_KEYCHAIN_PREFIX}: ')[1][:-1]
        for n in out.getvalue().strip().split("\n")
        if n.startswith(f'"{MACOS_KEYCHAIN_PREFIX}: ')
    ]