def create_user_session(region=''):
if region is '':
region = cli_setup.prompt_for_region()
# try to set up http server so we can fail early if the required port is in use
try:
server_address = ('', BOOTSTRAP_SERVICE_PORT)
httpd = StoppableHttpServer(server_address, StoppableHttpRequestHandler)
except OSError as e:
if e.errno == errno.EADDRINUSE:
click.echo("Could not complete bootstrap process because port {port} is already in use.".format(
port=BOOTSTRAP_SERVICE_PORT)
)
sys.exit(1)
raise e
# create new key pair
# this key pair is used to get the initial token and also uploaded as a new API key for the user
private_key = cli_util.generate_key()
public_key = private_key.public_key()
fingerprint = cli_setup.public_key_to_fingerprint(public_key)
key = cli_util.to_jwk(public_key)
jwk_content = key
bytes_jwk_content = jwk_content.encode('UTF-8')
b64_jwk_content = base64.urlsafe_b64encode(bytes_jwk_content).decode('UTF-8')
public_key_jwk = b64_jwk_content
query = {
'action': 'login',
'client_id': 'iaas_console',
'response_type': 'token id_token',
'nonce': uuid.uuid4(),
'scope': 'openid',
'public_key': public_key_jwk,
'redirect_uri': 'http://localhost:{}'.format(BOOTSTRAP_SERVICE_PORT)
}
if "-gov-" in region:
console_url = CONSOLE_AUTH_GOV_URL_FORMAT.format(region=region)
else:
console_url = CONSOLE_AUTH_URL_FORMAT.format(region=region)
query_string = urlencode(query)
url = "{console_auth_url}?{query_string}".format(
console_auth_url=console_url,
query_string=query_string
)
# attempt to open browser to console log in page
try:
if webbrowser.open_new(url):
click.echo(' Please switch to newly opened browser window to log in!')
else:
click.echo(' Open the following URL in a web browser window to continue:')
click.echo('%s' % url)
except webbrowser.Error as e:
click.echo('Could not launch web browser to complete login process, exiting bootstrap command. Error: {exc_info}.'.format(
exc_info=str(e)
))
sys.exit(1)
# start up http server which will handle capturing auth redirect from console
token = httpd.serve_forever()
click.echo(' Completed browser authentication process!')
# get user / tenant info out of token
token_data = jwt.decode(token, verify=False)
user_ocid = token_data['sub']
tenancy_ocid = token_data['tenant']
return UserSession(user_ocid, tenancy_ocid, region, token, public_key, private_key, fingerprint)
def __init__(self, session_key_supplier, security_token):
self.security_token = security_token
self.session_key_supplier = session_key_supplier
self.jwt = jwt.decode(jwt=security_token, verify=False)
