コード例 #1
0
def raw_file(client, src, dest, opt):
    """Write the contents of a vault path/key to a file"""
    path, key = path_pieces(src)
    resp = client.read(path)
    if not resp:
        client.revoke_self_token()
        raise aomi.exceptions.VaultData("Unable to retrieve %s" % path)
    else:
        if 'data' in resp and key in resp['data']:
            secret = resp['data'][key]
            if is_base64(secret):
                log('decoding base64 entry', opt)
                secret = portable_b64decode(secret)

            if is_aws(resp['data']):
                renew_secret(client, resp, opt)

            secret_file = None
            if sys.version_info >= (3, 0):
                if not isinstance(secret, str):
                    secret_file = open(abspath(dest), 'wb')

            if not secret_file:
                secret_file = open(abspath(dest), 'w')

            secret_file.write(secret)
        else:
            client.revoke_self_token()
            e_msg = "Key %s not found in %s" % (key, path)
            raise aomi.exceptions.VaultData(e_msg)
コード例 #2
0
def update_generic_password(client, path):
    """Will update a single key in a generic secret backend as
    thought it were a password"""
    vault_path, key = path_pieces(path)
    mount = mount_for_path(vault_path, client)
    if not mount:
        client.revoke_self_token()
        raise aomi.exceptions.VaultConstraint('invalid path')

    if backend_type(mount, client) != 'generic':
        client.revoke_self_token()
        raise aomi.exceptions.AomiData("Unsupported backend type")

    LOG.debug("Updating generic password at %s", path)
    existing = client.read(vault_path)
    if not existing or 'data' not in existing:
        LOG.debug("Nothing exists yet at %s!", vault_path)
        existing = {}
    else:
        LOG.debug("Updating %s at %s", key, vault_path)
        existing = existing['data']

    new_password = get_password()
    if key in existing and existing[key] == new_password:
        client.revoke_self_token()
        raise aomi.exceptions.AomiData("Password is same as existing")

    existing[key] = new_password
    client.write(vault_path, **existing)
コード例 #3
0
ファイル: util.py プロジェクト: Autodesk/aomi
def update_generic_password(client, path):
    """Will update a single key in a generic secret backend as
    thought it were a password"""
    vault_path, key = path_pieces(path)
    mount = mount_for_path(vault_path, client)
    if not mount:
        client.revoke_self_token()
        raise aomi.exceptions.VaultConstraint('invalid path')

    if backend_type(mount, client) != 'generic':
        client.revoke_self_token()
        raise aomi.exceptions.AomiData("Unsupported backend type")

    LOG.debug("Updating generic password at %s", path)
    existing = client.read(vault_path)
    if not existing or 'data' not in existing:
        LOG.debug("Nothing exists yet at %s!", vault_path)
        existing = {}
    else:
        LOG.debug("Updating %s at %s", key, vault_path)
        existing = existing['data']

    new_password = get_password()
    if key in existing and existing[key] == new_password:
        client.revoke_self_token()
        raise aomi.exceptions.AomiData("Password is same as existing")

    existing[key] = new_password
    client.write(vault_path, **existing)
コード例 #4
0
def raw_file(client, src, dest, opt):
    """Write the contents of a vault path/key to a file"""
    path, key = path_pieces(src)
    resp = client.read(path)
    if not resp:
        client.revoke_self_token()
        raise aomi.exceptions.VaultData("Unable to retrieve %s" % path)
    else:
        if 'data' in resp and key in resp['data']:
            secret = resp['data'][key]
            if is_aws(resp['data']):
                renew_secret(client, resp, opt)

            open(abspath(dest), 'w').write(secret)
        else:
            client.revoke_self_token()
            e_msg = "Key %s not found in %s" % (key, path)
            raise aomi.exceptions.VaultData(e_msg)
コード例 #5
0
def raw_file(client, src, dest, opt):
    """Write the contents of a vault path/key to a file. Is
    smart enough to attempt and handle binary files that are
    base64 encoded."""
    path, key = path_pieces(src)
    resp = client.read(path)
    if not resp:
        client.revoke_self_token()
        raise aomi.exceptions.VaultData("Unable to retrieve %s" % path)
    else:
        if 'data' in resp and key in resp['data']:
            secret = resp['data'][key]
            if is_base64(secret):
                LOG.debug('decoding base64 entry')
                secret = portable_b64decode(secret)

            if is_aws(resp['data']):
                renew_secret(client, resp, opt)

            write_raw_file(secret, dest)
        else:
            client.revoke_self_token()
            e_msg = "Key %s not found in %s" % (key, path)
            raise aomi.exceptions.VaultData(e_msg)
コード例 #6
0
ファイル: render.py プロジェクト: Autodesk/aomi
def raw_file(client, src, dest, opt):
    """Write the contents of a vault path/key to a file. Is
    smart enough to attempt and handle binary files that are
    base64 encoded."""
    path, key = path_pieces(src)
    resp = client.read(path)
    if not resp:
        client.revoke_self_token()
        raise aomi.exceptions.VaultData("Unable to retrieve %s" % path)
    else:
        if 'data' in resp and key in resp['data']:
            secret = resp['data'][key]
            if is_base64(secret):
                LOG.debug('decoding base64 entry')
                secret = portable_b64decode(secret)

            if is_aws(resp['data']) and 'sts' not in path:
                renew_secret(client, resp, opt)

            write_raw_file(secret, dest)
        else:
            client.revoke_self_token()
            e_msg = "Key %s not found in %s" % (key, path)
            raise aomi.exceptions.VaultData(e_msg)