def initialize_extrahop_connections():
"""Gets Reveal(x) credentials from AWS Secrets Manager and
creates ExtraHopClient conenctions to each Reveal(x).
Reference: https://aws.amazon.com/blogs/security/how-to-securely-provide-database-credentials-to-lambda-functions-by-using-aws-secrets-manager/
Returns:
List(ExtraHopConnection): ExtraHop connections
"""
secret_name = "extrahop/awsintegration"
try:
secret_cache = SecretCache(SecretCacheConfig(), SECRETS_CLIENT)
secret_response_value = secret_cache.get_secret_string(secret_name)
except ClientError as err:
raise err
else:
secrets = secret_response_value
secrets_dict = json.loads(secrets)
extrahops = list()
for host, api_key in secrets_dict.items():
try:
extrahop_connection = ExtraHopConnection(host=host,
api_key=api_key)
except Exception as error:
LOGGER.warning(
f"Could not connect to appliance at {host}: {error}")
pass
else:
extrahops.append(extrahop_connection)
return extrahops
def fetch_snowflake_config(
secret_name: str = 'prod/rakuten_rewards/snowflake/RI_CONSULTING_ADMIN'
):
"""Retrieves a snowflake configuration from Secrets Manager by Secret name
Args:
secret_name (str): Name of the secret in AWS Secrets Manager
(default is the production config for RI_CONSULTING_ADMIN)
Returns:
dict: Snowflake configuration including account, user, password, role, warehouse
(not including database and schema)
"""
# This will usually use a cache, and auto-magically refetch secrets when they go stale or bad
secrets = SecretCache(
config=SecretCacheConfig(), # all defaults
client=botocore.session.get_session().create_client('secretsmanager'))
# Snowflake secrets will eventually be provided by the automation pipeline at SSM_SECRET_NAME_SNOWFLAKE_CREDS
snowflake_secret_name = os.getenv('SSM_SECRET_NAME_SNOWFLAKE_CREDS',
default=secret_name)
# get secrets from cache and parse
cached_secret = secrets.get_secret_string(snowflake_secret_name)
parsed_secret = json.loads(cached_secret)
return parsed_secret
def set_remote_stores():
client = botocore.session.get_session().create_client(
"secretsmanager", region_name="us-west-2") # noqa
cache_config = SecretCacheConfig()
cache = SecretCache(config=cache_config, client=client)
store_data = json.loads(cache.get_secret_string("blueprints/storage"))
STORES.api_key = store_data["gretel"]
STORES.stage = store_data["store_1"]
STORES.prod = store_data["store_2"]
def login(self):
client = botocore.session.get_session().create_client('secretsmanager')
cache = SecretCache(config=SecretCacheConfig(), client=client)
pwent = cache.get_secret_string('hosted.mender.io')
pwdict = json.loads(pwent)
cmd = [
'curl', '-X', 'POST', '-u',
"%s:%s" % (pwdict['username'], pwdict['password']),
'https://hosted.mender.io/api/management/v1/useradm/auth/login'
]
try:
output, _ = process.run(cmd)
self.jwt = output.rstrip()
self.logged_in = True
except (process.CmdError, process.NotFoundError) as err:
log.error("%s" % err)
except process.ExecutionError as err:
log.error("%s" % err.stderr)
def lookup(args, pfile):
if len(args) < 2:
print("Usage: %s get" % os.path.basename(sys.argv[0]), file=sys.stderr)
return 1
# only support retrieval, not storage or deletion
if args[1] != "get":
return 1
params = {}
for line in pfile:
key, val = line.strip().split('=')
params[key.strip()] = val.strip()
cfg = parse_config()
if 'host' not in params:
return 1
if 'username' in params:
key = '%s@%s' % (params['username'], params['host'])
if key not in cfg:
return 1
username = params['username']
else:
key = params['host']
if key not in cfg:
return 1
try:
username = cfg[key]['username']
except KeyError:
username = None
secretname = cfg[key]['secretname']
client = botocore.session.get_session().create_client('secretsmanager')
cache = SecretCache(config=SecretCacheConfig(), client=client)
pwent = cache.get_secret_string(secretname)
pwdict = json.loads(pwent)
if username:
print("username=%s" % username)
print("password=%s" % pwdict[secretname])
return 0
class SecretsManager:
def __init__(self, region_name: str):
session = boto3.session.Session()
client = session.client(service_name="secretsmanager",
region_name=region_name)
cache_config = SecretCacheConfig()
self.cache = SecretCache(config=cache_config, client=client)
def retrieve_secret(self, secret_name: str) -> Optional[Secret]:
"""
Retrieve a secret from the cache (or fetch from AWS if not already cached)
Assumes that we are just storing text, not binary data (for now)
"""
return Secret(json.loads(self.cache.get_secret_string(secret_name)))
def __init__(self, region_name: str):
session = boto3.session.Session()
client = session.client(service_name="secretsmanager",
region_name=region_name)
cache_config = SecretCacheConfig()
self.cache = SecretCache(config=cache_config, client=client)