Example #1
0
 def _get_manager(self, context):
     return CredentialManager(self._session_key,
                              owner=self._endpoint.user,
                              app=self._endpoint.app,
                              realm=context.realm(),
                              scheme=self._splunkd_info.scheme,
                              host=self._splunkd_info.hostname,
                              port=self._splunkd_info.port)
def get_proxy_clear_password(session_key):
    """
    Get clear password from splunk passwords.conf.

    :return: str/None: proxy password if available else None.
    """
    try:
        manager = CredentialManager(
            session_key,
            app=APP_NAME,
            realm="__REST_CREDENTIAL__#{0}#{1}".format(
                APP_NAME, "configs/conf-ta_databricks_settings"),
        )
    except CredentialNotExistException:
        return None
    else:
        return json.loads(manager.get_password("proxy")).get("proxy_password")
Example #3
0
 def __init__(self, conf_file, session_key, app, owner='nobody',
              scheme=None, host=None, port=None, **context):
     try:
         self._conf_mgr = rest_client.SplunkRestClient(
             session_key,
             app,
             owner=owner,
             scheme=scheme,
             host=host,
             port=port,
             **context).confs[conf_file]
     except KeyError:
         raise ConfManagerException(
             'Config file: %s does not exist.' % conf_file)
     self._conf_file = conf_file
     self._cred_mgr = CredentialManager(
         session_key, app, owner=owner, realm=app,
         scheme=scheme, host=host, port=port, **context)
Example #4
0
    def decrypt_all(self, data):
        """
        :param data:
        :return: changed stanza list
        """
        credential_manager = CredentialManager(
            self._session_key,
            owner=self._endpoint.user,
            app=self._endpoint.app,
            realm=self._realm,
            scheme=self._splunkd_info.scheme,
            host=self._splunkd_info.hostname,
            port=self._splunkd_info.port)

        all_passwords = credential_manager._get_all_passwords()
        # filter by realm
        realm_passwords = filter(lambda x: x['realm'] == self._realm,
                                 all_passwords)
        return self._merge_passwords(data, realm_passwords)
Example #5
0
    def _cred_mgr(self):
        if self._cred_manager is None:
            self._cred_manager = CredentialManager(self._session_key,
                                                   self._app,
                                                   owner=self._owner,
                                                   realm=self._app,
                                                   scheme=self._scheme,
                                                   host=self._host,
                                                   port=self._port,
                                                   **self._context)

        return self._cred_manager
def get_databricks_clear_token(session_key):
    """
    Get unencrypted access token from passwords.conf.

    :return: Access token in clear text
    """
    _LOGGER.info("Reading Databricks personal access token.")
    manager = CredentialManager(
        session_key,
        app=APP_NAME,
        realm="__REST_CREDENTIAL__#{0}#{1}".format(
            APP_NAME, "configs/conf-ta_databricks_settings"),
    )

    access_token = None

    try:
        access_token = json.loads(
            manager.get_password("databricks_credentials")).get(
                "databricks_access_token")
    except Exception as e:
        _LOGGER.error(str(e))

    return access_token
Example #7
0
class ConfManager(object):
    '''Configuration file manager.

    :param conf_file: Configuration file.
    :type conf_file: ``string``
    :param session_key: Splunk access token.
    :type session_key: ``string``
    :param app: App name of namespace.
    :type app: ``string``
    :param owner: (optional) Owner of namespace, default is `nobody`.
    :type owner: ``string``
    :param realm: (optional) Realm of credential, default is None.
    :type realm: ``string``
    :param scheme: (optional) The access scheme, default is None.
    :type scheme: ``string``
    :param host: (optional) The host name, default is None.
    :type host: ``string``
    :param port: (optional) The port number, default is None.
    :type port: ``integer``
    :param context: Other configurations for Splunk rest client.
    :type context: ``dict``

    :raises ConfManagerException: If `conf_file` does not exist.

    Usage::

       >>> from solnlib import conf_manager
       >>> cfm = conf_manager.ConfManager('test_conf',
                                          session_key,
                                          'Splunk_TA_test')
    '''

    ENCRYPTED_TOKEN = '******'

    reserved_keys = ('userName', 'appName')

    def __init__(self, conf_file, session_key, app, owner='nobody',
                 scheme=None, host=None, port=None, **context):
        try:
            self._conf_mgr = rest_client.SplunkRestClient(
                session_key,
                app,
                owner=owner,
                scheme=scheme,
                host=host,
                port=port,
                **context).confs[conf_file]
        except KeyError:
            raise ConfManagerException(
                'Config file: %s does not exist.' % conf_file)
        self._conf_file = conf_file
        cred_realm = '%s#%s' % (app, self._conf_file)
        self._cred_mgr = CredentialManager(
            session_key, app, owner=owner, realm=cred_realm,
            scheme=scheme, host=host, port=port, **context)

    def _filter_stanza(self, stanza):
        for k in self.reserved_keys:
            if k in stanza:
                del stanza[k]

        return stanza

    def _encrypt_stanza(self, stanza_name, stanza, encrypt_keys):
        if not encrypt_keys:
            return stanza

        encrypt_fields = {key: stanza[key] for key in encrypt_keys}
        self._cred_mgr.set_password(stanza_name, json.dumps(encrypt_fields))

        for key in encrypt_keys:
            stanza[key] = self.ENCRYPTED_TOKEN

        return stanza

    def _decrypt_stanza(self, stanza_name, encrypted_stanza):
        encrypted_keys = [key for key in encrypted_stanza if
                          encrypted_stanza[key] == self.ENCRYPTED_TOKEN]
        if encrypted_keys:
            encrypted_fields = json.loads(
                self._cred_mgr.get_password(stanza_name))
            for key in encrypted_keys:
                encrypted_stanza[key] = encrypted_fields[key]

        return encrypted_stanza

    def _delete_stanza_creds(self, stanza_name):
        self._cred_mgr.delete_password(stanza_name)

    @retry(exceptions=[binding.HTTPError])
    def get(self, stanza_name):
        '''Get stanza from configuration file.

        :param stanza_name: Stanza name.
        :type stanza_name: ``string``
        :returns: Stanza, like: {
            'disabled': '0',
            'eai:appName': 'solnlib_demo',
            'eai:userName': '******',
            'k1': '1',
            'k2': '2'}
        :rtype: ``dict``

        :raises ConfStanzaNotExistException: If stanza does not exist.

        Usage::

           >>> from solnlib import conf_manager
           >>> cfm = conf_manager.ConfManager('test_conf',
                                              session_key,
                                              'Splunk_TA_test')
           >>> cfm.get('test_stanza')
        '''

        try:
            stanza_mgr = self._conf_mgr.list(name=stanza_name)[0]
        except binding.HTTPError as e:
            if e.status != 404:
                raise

            raise ConfStanzaNotExistException(
                'Stanza: %s does not exist in %s.conf' %
                (stanza_name, self._conf_file))

        stanza = self._decrypt_stanza(stanza_mgr.name, stanza_mgr.content)
        return stanza

    @retry(exceptions=[binding.HTTPError])
    def get_all(self):
        '''Get all stanzas from configuration file.

        :returns: All stanzas, like: {'test': {
            'disabled': '0',
            'eai:appName': 'solnlib_demo',
            'eai:userName': '******',
            'k1': '1',
            'k2': '2'}}
        :rtype: ``dict``

        Usage::

           >>> from solnlib import conf_manager
           >>> cfm = conf_manager.ConfManager('test_conf',
                                              session_key,
                                              'Splunk_TA_test')
           >>> cfm.get_all()
        '''

        stanza_mgrs = self._conf_mgr.list()
        return {stanza_mgr.name: self._decrypt_stanza(
            stanza_mgr.name, stanza_mgr.content) for stanza_mgr in stanza_mgrs}

    @retry(exceptions=[binding.HTTPError])
    def update(self, stanza_name, stanza, encrypt_keys=None):
        '''Update stanza.

        It will try to encrypt the credential automatically fist if
        encrypt_keys are not None else keep stanza untouched.

        :param stanza_name: Stanza name.
        :type stanza_name: ``string``
        :param stanza: Stanza to update, like: {
            'k1': 1,
            'k2': 2}.
        :type stanza: ``dict``
        :param encrypt_keys: Fields name to encrypt.
        :type encrypt_keys: ``list``

        Usage::

           >>> from solnlib import conf_manager
           >>> cfm = conf_manager.ConfManager('test_conf',
                                              session_key,
                                              'Splunk_TA_test')
           >>> cfm.update('test_stanza', {'k1': 1, 'k2': 2}, ['k1'])
        '''

        stanza = self._filter_stanza(stanza)
        encrypted_stanza = self._encrypt_stanza(stanza_name,
                                                stanza,
                                                encrypt_keys)

        try:
            stanza_mgr = self._conf_mgr.list(name=stanza_name)[0]
        except binding.HTTPError as e:
            if e.status != 404:
                raise

            stanza_mgr = self._conf_mgr.create(stanza_name)

        stanza_mgr.submit(encrypted_stanza)

    @retry(exceptions=[binding.HTTPError])
    def delete(self, stanza_name):
        '''Delete stanza.

        :param stanza_name: Stanza name to delete.
        :type stanza_name: ``string``

        :raises ConfStanzaNotExistException: If stanza does not exist.

        Usage::

           >>> from solnlib import conf_manager
           >>> cfm = conf_manager.ConfManager('test_conf',
                                              session_key,
                                              'Splunk_TA_test')
           >>> cfm.delete('test_stanza')
        '''

        try:
            self._cred_mgr.delete_password(stanza_name)
        except CredentialNotExistException:
            pass

        try:
            self._conf_mgr.delete(stanza_name)
        except KeyError as e:
            logging.error('Delete stanza: %s error: %s.',
                          stanza_name, traceback.format_exc(e))
            raise ConfStanzaNotExistException(
                'Stanza: %s does not exist in %s.conf' %
                (stanza_name, self._conf_file))

    @retry(exceptions=[binding.HTTPError])
    def reload(self):
        '''Reload configuration file.

        Usage::

           >>> from solnlib import conf_manager
           >>> cfm = conf_manager.ConfManager('test_conf',
                                              session_key,
                                              'Splunk_TA_test')
           >>> cfm.reload()
        '''

        self._conf_mgr.get('_reload')