def token_create():
_warning_root_token()
token = utils.get_input('token display name: ')
if not token or not token.strip():
print("a token display name is required")
sys.exit(1)
cmd = "VAULT_ADDR=%s vault token create -policy=%s -display-name=%s" % (vault_addr(), vault_policy(), token)
local(cmd)
def _clone_project_formula(furl):
"""clones a formula to `./cloned-projects/$formulaname`, if it doesn't already exist.
if it does exist, it attempts to update it with a `git pull`."""
destination = config.CLONED_PROJECT_FORMULA_DIR # /path/to/builder/cloned-projects
fpath = os.path.join(destination, os.path.basename(
furl)) # /path/to/builder/cloned-projects/builder-base-formula
cmd = "cd %s; git clone %s" % (destination, furl)
if os.path.exists(fpath):
cmd = "cd %s; git pull" % (fpath, )
with settings(warn_only=True):
local(cmd)
def diff_builder_config():
"helps keep three"
file_sets = [
[
"./builder-private-example/pillar/elife.sls",
"./cloned-projects/builder-base-formula/pillar/elife.sls",
"./builder-private/pillar/elife.sls"
],
[
"./projects/elife.yaml",
"./builder-private/projects/elife-private.yaml",
]
]
for paths in file_sets:
local("meld " + " ".join(paths))
def _interactive_ssh(username, public_ip, private_key):
try:
command = "ssh -o \"ConnectionAttempts 3\" %s@%s -i %s" % (
username, public_ip, private_key)
return local(command)
except CommandException as e:
LOG.warning(e)
def server_access():
"""returns True if this builder instance has access to the master server.
access may be available through presence of the master-server's bootstrap user's
identify file OR current user is in master server's allowed_keys list"""
stackname = core.find_master(core.find_region())
public_ip = core.stack_data(stackname, ensure_single_instance=True)[0]['PublicIpAddress']
result = local('ssh -o "StrictHostKeyChecking no" %s@%s "exit"' % (config.BOOTSTRAP_USER, public_ip))
return result['succeeded']
def parse_validate_repolist(fdata, *repolist):
"returns a list of triples"
known_formulas = fdata.get('formula-dependencies', [])
known_formulas.extend([fdata['formula-repo'], fdata['private-repo']])
known_formula_map = OrderedDict(
zip(map(os.path.basename, known_formulas), known_formulas))
arglist = []
for user_string in repolist:
if '@' not in user_string:
print('skipping %r, no revision component' % user_string)
continue
repo, rev = user_string.split('@')
if not rev.strip():
print('skipping %r, empty revision component' % user_string)
continue
if repo not in known_formula_map:
print('skipping %r, unknown formula. known formulas: %s' %
(repo, ', '.join(known_formula_map.keys())))
continue
arglist.append((repo, known_formula_map[repo], rev))
# test given revisions actually exist in formulas
for name, _, revision in arglist:
path = join(config.PROJECT_PATH, "cloned-projects", name)
if not os.path.exists(path):
LOG.warn(
"couldn't find formula %r locally, revision check skipped",
path)
continue
with lcd(path), settings(warn_only=True):
ensure(
local("git fetch --quiet")['succeeded'],
"failed to fetch remote refs for %s" % path)
ensure(
local("git cat-file -e %s^{commit}" % revision)['succeeded'],
"failed to find ref %r in %s" % (revision, name))
return arglist
def token_revoke(token):
cmd = "VAULT_ADDR=%s vault token revoke %s" % (vault_addr(), token)
local(cmd)
def token_lookup_accessor(accessor):
_warning_root_token()
cmd = "VAULT_ADDR=%s vault token lookup -accessor %s" % (vault_addr(), accessor)
local(cmd)
def token_list_accessors():
_warning_root_token()
cmd = "VAULT_ADDR=%s vault list auth/token/accessors" % (vault_addr())
local(cmd)
def token_lookup(token):
cmd = "VAULT_ADDR=%s VAULT_TOKEN=%s vault token lookup" % (vault_addr(), token)
local(cmd)
def policies_update():
_warning_root_token()
cmd = "VAULT_ADDR=%s vault policy write %s .vault/%s.hcl" % (vault_addr(), vault_policy(), vault_policy())
local(cmd)
def logout():
cmd = "rm -f ~/.vault-token"
local(cmd)
def login():
cmd = "VAULT_ADDR=%s vault login" % vault_addr()
local(cmd)
def _interactive_ssh(command):
try:
local(command)
except CommandException as e:
LOG.warn(e)
def _git_remote_refs(url):
cmd = "git ls-remote --heads %s" % url
output = local(cmd, capture=True)['stdout']
return [line.split() for line in output]
def new():
"creates a new project formula from a template"
pname = utils.uin('project name')
local('./scripts/new-project.sh %s' % pname)