def push_audit_log(config: dict, instance_logs_url, account_id, region, instance_id, boot_time, fn, compress=False): token = get_token(config, 'taupage', ['uid']) or {} with open(fn, 'rb') as fd: contents = fd.read() if compress: contents = gzip.compress(contents) logging.info('Pushing {} ({} Bytes) to {}..'.format(fn, len(contents), instance_logs_url)) data = {'account_id': str(account_id), 'region': region, 'instance_boot_time': boot_time, 'instance_id': instance_id, 'log_data': codecs.encode(contents, 'base64').decode('utf-8'), 'log_type': 'AUDIT_LOG'} try: response = requests.post(instance_logs_url, data=json.dumps(data), headers={'Content-Type': 'application/json', 'Authorization': 'Bearer {}'.format(token.get('access_token'))}) if response.status_code == 201: os.remove(fn) else: logging.warn('Failed to push audit log: server returned HTTP status {}: {}'.format( response.status_code, response.text)) except: logging.exception('Failed to push audit log')
def main(): configure_logging() config = get_config() instance_logs_url = config.get('instance_logs_url') if instance_logs_url: token = get_token(config, 'taupage', ['uid']) or {} # identity = {'region': 'eu-west-1', 'accountId': 123456, 'instanceId': 'i-123'} identity = boto.utils.get_instance_identity()['document'] region = identity['region'] account_id = identity['accountId'] instance_id = identity['instanceId'] boot_time = get_boot_time() # remove "sensitive" information from Taupage Config # (should be encrypted anyway, but better be sure..) masked_config = mask_dictionary(config) data = { 'account_id': str(account_id), 'region': region, 'instance_boot_time': boot_time, 'instance_id': instance_id, 'log_data': codecs.encode( yaml.safe_dump(masked_config).encode('utf-8'), 'base64').decode('utf-8'), 'log_type': 'USER_DATA' } logging.info('Pushing Taupage YAML to {}..'.format(instance_logs_url)) try: # TODO: use OAuth credentials response = requests.post(instance_logs_url, data=json.dumps(data), timeout=5, headers={ 'Content-Type': 'application/json', 'Authorization': 'Bearer {}'.format( token.get('access_token')) }) if response.status_code != 201: logging.warn( 'Failed to push Taupage YAML: server returned HTTP status {}: {}' .format(response.status_code, response.text)) except: logging.exception('Failed to push Taupage YAML')
def registry_login(config: dict, registry: str): if 'pierone' not in registry: logging.warning('Docker registry seems not to be Pier One, skipping OAuth login') return pierone_url = 'https://{}'.format(registry) token = get_token(config, 'pierone', ['uid']) if not token or 'access_token' not in token: logging.warning('Missing OAuth token for Pier One login') return pierone.api.docker_login_with_token(pierone_url, token['access_token'])
def push_audit_log(config: dict, instance_logs_url, account_id, region, instance_id, boot_time, fn, compress=False): token = get_token(config, 'taupage', ['uid']) or {} with open(fn, 'rb') as fd: contents = fd.read() if compress: contents = gzip.compress(contents) logging.info('Pushing {} ({} Bytes) to {}..'.format( fn, len(contents), instance_logs_url)) data = { 'account_id': str(account_id), 'region': region, 'instance_boot_time': boot_time, 'instance_id': instance_id, 'log_data': codecs.encode(contents, 'base64').decode('utf-8'), 'log_type': 'AUDIT_LOG' } try: now = datetime.datetime.now() response = requests.post(instance_logs_url, data=json.dumps(data), headers={ 'Content-Type': 'application/json', 'Authorization': 'Bearer {}'.format( token.get('access_token')) }) if response.status_code == 201: os.rename(fn, fn + '-pushed-{}'.format(now.isoformat('T'))) else: logging.warn( 'Failed to push audit log: server returned HTTP status {}: {}'. format(response.status_code, response.text)) except: logging.exception('Failed to push audit log')
def main(): configure_logging() config = get_config() instance_logs_url = config.get('instance_logs_url') if instance_logs_url: token = get_token(config, 'taupage', ['uid']) or {} # identity = {'region': 'eu-west-1', 'accountId': 123456, 'instanceId': 'i-123'} identity = boto.utils.get_instance_identity()['document'] region = identity['region'] account_id = identity['accountId'] instance_id = identity['instanceId'] boot_time = get_boot_time() # remove "sensitive" information from Taupage Config # (should be encrypted anyway, but better be sure..) masked_config = mask_dictionary(config) data = {'account_id': str(account_id), 'region': region, 'instance_boot_time': boot_time, 'instance_id': instance_id, 'log_data': codecs.encode(yaml.safe_dump(masked_config).encode('utf-8'), 'base64').decode('utf-8'), 'log_type': 'USER_DATA'} logging.info('Pushing Taupage YAML to {}..'.format(instance_logs_url)) try: # TODO: use OAuth credentials response = requests.post(instance_logs_url, data=json.dumps(data), timeout=5, headers={'Content-Type': 'application/json', 'Authorization': 'Bearer {}'.format(token.get('access_token'))}) if response.status_code != 201: logging.warn('Failed to push Taupage YAML: server returned HTTP status {}: {}'.format( response.status_code, response.text)) except: logging.exception('Failed to push Taupage YAML')