def rename_krb5conf_file(self, env=None):
krb5conf_file_new_name = "krb5.conf"
krb5conf_file = "krb5_{}.conf"
if env is None:
env = os.getenv("env", "sandbox")
krb5conf_file = krb5conf_file.format(env)
conf_folder = '/etc/'
conf_file_path_old = conf_folder + krb5conf_file
conf_file_path_new = conf_folder + krb5conf_file_new_name
#if Utils.does_file_exist(conf_file_path_new):
# self.__log.info("krb5.conf already exists. Skipping renaming..")
# return True
#else:
self.__log.info(
"Renaming krb5_{}.conf to krb5.conf for {} environment".format(
env, env))
if Utils.does_file_exist(conf_file_path_old):
try:
os.rename(conf_file_path_old, conf_file_path_new)
except Exception as e:
self.__log.error("Error while renaming {}: {}".format(
conf_file_path_old, e))
# raise
return False
else:
self.__log.info("Renamed {} file to {}".format(
conf_file_path_old, conf_file_path_new))
return True
else:
self.__log.error(
"{} file doesn't exist".format(conf_file_path_old))
if not Utils.does_file_exist(conf_file_path_new):
self.__log.error(
"{} file doesn't exist".format(conf_file_path_new))
return False
def init_kerberos(self):
"""
Authenticates using Kerberos
:return:
"""
KERBEROS = 'kerberos'
principal_key = 'kerberos_principal'
bucket_key = 'keytab_s3_bucket'
keytab_key = 'keytab_s3_key'
principal = self.config.get(KERBEROS, principal_key)
#principal = Utils.get_env_var(principal_key, principal, self.__log)
bucket = self.config.get(KERBEROS, bucket_key)
#bucket = Utils.get_env_var(bucket_key, bucket, self.__log)
keytab_s3_key = self.config.get(KERBEROS, keytab_key)
#keytab_s3_key = Utils.get_env_var(keytab_key, keytab_s3_key, self.__log)
login_retry = int(self.config.get(KERBEROS, 'login_retry'))
login_retry_poll = int(self.config.get(KERBEROS, 'login_retry_poll'))
keytab_path = self.config.get(KERBEROS, 'keytab_local_path')
self.__log.debug(
"Loaded Kerberos properties are: {}: {}, {}: {}, {}: {}, login_retry: {}, "
"login_retry_poll: {}, keytab_local_path: {}".format(
principal_key, principal, bucket_key, bucket, keytab_key,
keytab_s3_key, login_retry, login_retry_poll, keytab_path))
self.__log.info("Checking if keytab file exists in the path {}".format(
keytab_path))
if not Utils.does_file_exist(keytab_path):
self.__log.info("Downloading keytab file from s3")
KerberosUtil.download_keytab(s3_bucket, s3_key, keytab_path)
# Check if cached credentials are still valid
self.__log.info("Check if cached credentials are still valid")
valid_cache = KerberosUtil.validate_ticket()
if not valid_cache:
self.__log.info(
"Cached credentials are not valid. Initializing ticket using kerberos credentials."
)
auth = KerberosUtil.kinit(login_retry, login_retry_poll, principal,
keytab_path, keytab_s3_key, bucket)
if not auth:
self.__log.error("Failed to authenticate using kerberos")
#raise ValueError('Failed to authenticate using kerberos')
self.__log.info("Successfully initialized kerberos ticket")
return auth
else:
self.__log.info(
"Successfully authenticated using cached credentials")
return valid_cache
