Esempio n. 1
0
    def _get_datastore_value_for_expression(self, key, value, config_schema_item=None):
        """
        Retrieve datastore value by first resolving the datastore expression and then retrieving
        the value from the datastore.

        :param key: Full path to the config item key (e.g. "token" / "auth.settings.token", etc.)
        """
        from st2common.services.config import deserialize_key_value

        config_schema_item = config_schema_item or {}
        secret = config_schema_item.get("secret", False)

        try:
            value = render_template_with_system_and_user_context(
                value=value, user=self.user
            )
        except Exception as e:
            # Throw a more user-friendly exception on failed render
            exc_class = type(e)
            original_msg = six.text_type(e)
            msg = (
                'Failed to render dynamic configuration value for key "%s" with value '
                '"%s" for pack "%s" config: %s %s '
                % (key, value, self.pack_name, exc_class, original_msg)
            )
            raise RuntimeError(msg)

        if value:
            # Deserialize the value
            value = deserialize_key_value(value=value, secret=secret)
        else:
            value = None

        return value
Esempio n. 2
0
    def _get_datastore_value_for_expression(self, key, value, config_schema_item=None):
        """
        Retrieve datastore value by first resolving the datastore expression and then retrieving
        the value from the datastore.

        :param key: Full path to the config item key (e.g. "token" / "auth.settings.token", etc.)
        """
        from st2common.services.config import deserialize_key_value

        config_schema_item = config_schema_item or {}
        secret = config_schema_item.get('secret', False)

        try:
            value = render_template_with_system_and_user_context(value=value,
                                                                 user=self.user)
        except Exception as e:
            # Throw a more user-friendly exception on failed render
            exc_class = type(e)
            original_msg = str(e)
            msg = ('Failed to render dynamic configuration value for key "%s" with value '
                   '"%s" for pack "%s" config: %s ' % (key, value, self.pack_name, original_msg))
            raise exc_class(msg)

        if value:
            # Deserialize the value
            value = deserialize_key_value(value=value, secret=secret)
        else:
            value = None

        return value
Esempio n. 3
0
def get_key(key=None, user=None, scope=None, decrypt=False):
    """Retrieve key from KVP store
    """
    if not isinstance(key, six.string_types):
        raise TypeError('Given key is not typeof string.')
    if not isinstance(decrypt, bool):
        raise TypeError('Decrypt parameter is not typeof bool.')

    if not user:
        user = UserDB(cfg.CONF.system_user.user)

    scope, key_id = _derive_scope_and_key(key, user, scope)

    scope = get_datastore_full_scope(scope)

    LOG.debug('get_key scope: %s', scope)

    _validate_scope(scope=scope)

    is_admin = rbac_utils.user_is_admin(user_db=user)

    # User needs to be either admin or requesting item for itself
    _validate_decrypt_query_parameter(decrypt=decrypt,
                                      scope=scope,
                                      is_admin=is_admin,
                                      user=user)

    value = KeyValuePair.get_by_scope_and_name(scope, key_id)

    if value:
        return deserialize_key_value(value.value, decrypt)

    return None
Esempio n. 4
0
    def _get_datastore_value_for_expression(self, value, config_schema_item=None):
        """
        Retrieve datastore value by first resolving the datastore expression and then retrieving
        the value from the datastore.
        """
        config_schema_item = config_schema_item or {}
        secret = config_schema_item.get('secret', False)

        # TODO: Get key name so we can throw a more friendly exception
        value = render_template_with_system_and_user_context(value=value,
                                                             user=self.user)

        if value:
            # Deserialize the value
            value = deserialize_key_value(value=value, secret=secret)
        else:
            value = None

        return value
Esempio n. 5
0
def get_key(key=None, user_db=None, scope=None, decrypt=False):
    """
    Retrieve key from KVP store
    """
    if not isinstance(key, six.string_types):
        raise TypeError('Given key is not typeof string.')

    if not isinstance(decrypt, bool):
        raise TypeError('Decrypt parameter is not typeof bool.')

    if not user_db:
        # Use system user
        user_db = UserDB(cfg.CONF.system_user.user)

    scope, key_id = _derive_scope_and_key(key=key,
                                          user=user_db.name,
                                          scope=scope)
    scope = get_datastore_full_scope(scope)

    LOG.debug('get_key key_id: %s, scope: %s, user: %s, decrypt: %s' %
              (key_id, scope, str(user_db.name), decrypt))

    _validate_scope(scope=scope)

    rbac_utils = get_rbac_backend().get_utils_class()
    is_admin = rbac_utils.user_is_admin(user_db=user_db)

    # User needs to be either admin or requesting item for itself
    _validate_decrypt_query_parameter(decrypt=decrypt,
                                      scope=scope,
                                      is_admin=is_admin,
                                      user_db=user_db)

    # Get the key value pair by scope and name.
    kvp = KeyValuePair.get_by_scope_and_name(scope, key_id)

    # Decrypt in deserialize_key_value cannot handle NoneType.
    if kvp.value is None:
        return kvp.value

    return deserialize_key_value(kvp.value, decrypt)
Esempio n. 6
0
    def _get_datastore_value_for_expression(self,
                                            value,
                                            config_schema_item=None):
        """
        Retrieve datastore value by first resolving the datastore expression and then retrieving
        the value from the datastore.
        """
        config_schema_item = config_schema_item or {}
        secret = config_schema_item.get('secret', False)

        # TODO: Get key name so we can throw a more friendly exception
        value = render_template_with_system_and_user_context(value=value,
                                                             user=self.user)

        if value:
            # Deserialize the value
            value = deserialize_key_value(value=value, secret=secret)
        else:
            value = None

        return value
Esempio n. 7
0
def get_key(key=None, user_db=None, scope=None, decrypt=False):
    """
    Retrieve key from KVP store
    """
    if not isinstance(key, six.string_types):
        raise TypeError('Given key is not typeof string.')

    if not isinstance(decrypt, bool):
        raise TypeError('Decrypt parameter is not typeof bool.')

    if not user_db:
        # Use system user
        user_db = UserDB(cfg.CONF.system_user.user)

    scope, key_id = _derive_scope_and_key(key=key, user=user_db.name, scope=scope)
    scope = get_datastore_full_scope(scope)

    LOG.debug('get_key key_id: %s, scope: %s, user: %s, decrypt: %s' % (key_id, scope,
                                                                        str(user_db.name),
                                                                        decrypt))

    _validate_scope(scope=scope)

    rbac_utils = get_rbac_backend().get_utils_class()
    is_admin = rbac_utils.user_is_admin(user_db=user_db)

    # User needs to be either admin or requesting item for itself
    _validate_decrypt_query_parameter(decrypt=decrypt, scope=scope, is_admin=is_admin,
                                      user_db=user_db)

    # Get the key value pair by scope and name.
    kvp = KeyValuePair.get_by_scope_and_name(scope, key_id)

    # Decrypt in deserialize_key_value cannot handle NoneType.
    if kvp.value is None:
        return kvp.value

    return deserialize_key_value(kvp.value, decrypt)