def updateVersions(region="us-east-1", table="credential-store"):
'''
do a full-table scan of the credential-store,
and update the version format of every credential if it is an integer
'''
dynamodb = boto3.resource('dynamodb', region_name=region)
secrets = dynamodb.Table(table)
response = secrets.scan(
ProjectionExpression="#N, version, #K, contents, hmac",
ExpressionAttributeNames={
"#N": "name",
"#K": "key"
})
items = response["Items"]
for old_item in items:
if isInt(old_item['version']):
new_item = copy.copy(old_item)
new_item['version'] = credstash.paddedInt(new_item['version'])
if new_item['version'] != old_item['version']:
secrets.put_item(Item=new_item)
secrets.delete_item(Key={
'name': old_item['name'],
'version': old_item['version']
})
else:
print "Skipping item: %s, %s" % (old_item['name'],
old_item['version'])
def delete(self, service, name, version=None):
"""
Delete a configuration value.
"""
result = self._table(service).delete_item(
Key=dict(
name=name,
version=version or paddedInt(1),
),
)
return result
def delete(self, service, name, version=None):
"""
Delete a configuration value.
"""
result = self._table(service).delete_item(
Key=dict(
name=name,
version=version or paddedInt(1),
),
)
return result
def set_secret(secret_key, secret_value):
next_version = credstash.paddedInt(int(credstash.getHighestVersion(
name=secret_key
)) + 1)
result = credstash.putSecret(
name=secret_key,
secret=secret_value,
version=next_version
)
return True if result['ResponseMetadata']['HTTPStatusCode'] < 300 else False
def put(self, service, name, value, version=None):
"""
Put a configuration value.
"""
item = dict(
name=name,
version=version or paddedInt(1),
)
item.update(self.encode(value)._asdict())
self._table(service).put_item(
Item=item,
)
def put(self, service, name, value, version=None):
"""
Put a configuration value.
"""
item = dict(
name=name,
version=version or paddedInt(1),
)
item.update(self.encode(value)._asdict())
self._table(service).put_item(
Item=item,
)
def compute_version_string(version, base=1000):
"""
Compute the version string to use for a specific version.
Normalizes the version using credstash's integer padding.
Drops the patch version under the assumption that we wish to simply restart
existing services rather than update their initialization configuration to use
a new version definition. However, retains padding space for the patch version
for forwards-compatibility.
"""
major, minor, patch = version.split(".", 2)
return paddedInt(base ** 3 * int(major) + base ** 2 * int(minor))
def compute_version_string(version, base=1000):
"""
Compute the version string to use for a specific version.
Normalizes the version using credstash's integer padding.
Drops the patch version under the assumption that we wish to simply restart
existing services rather than update their initialization configuration to use
a new version definition. However, retains padding space for the patch version
for forwards-compatibility.
"""
major, minor, patch = version.split(".", 2)
return paddedInt(base**3 * int(major) + base**2 * int(minor))
def get(self, service, name, version=None):
"""
Get a configuration value.
"""
result = self._table(service).get_item(
Key=dict(
name=name,
version=version or paddedInt(1),
)
)
item = result.get("Item")
if item is None:
return None
return self.decode(self.value_type(**{
key: value
for key, value in item.items()
if key not in ("name", "version")
}))
def get(self, service, name, version=None):
"""
Get a configuration value.
"""
result = self._table(service).get_item(
Key=dict(
name=name,
version=version or paddedInt(1),
)
)
item = result.get("Item")
if item is None:
return None
return self.decode(self.value_type(**{
key: value
for key, value in item.items()
if key not in ("name", "version")
}))
def updateVersions(region="us-east-1", table="credential-store"):
'''
do a full-table scan of the credential-store,
and update the version format of every credential if it is an integer
'''
dynamodb = boto3.resource('dynamodb', region_name=region)
secrets = dynamodb.Table(table)
response = secrets.scan(ProjectionExpression="#N, version, #K, contents, hmac",
ExpressionAttributeNames={"#N": "name", "#K": "key"})
items = response["Items"]
for old_item in items:
if isInt(old_item['version']):
new_item = copy.copy(old_item)
new_item['version'] = credstash.paddedInt(new_item['version'])
if new_item['version'] != old_item['version']:
secrets.put_item(Item=new_item)
secrets.delete_item(Key={'name': old_item['name'], 'version': old_item['version']})
else:
print "Skipping item: %s, %s" % (old_item['name'], old_item['version'])
def test_huge_number(self):
i = 12345678901234567890123
self.assertEqual(paddedInt(i), str(i).zfill(19))
def test_huge_number(self):
i = 12345678901234567890123
self.assertEqual(paddedInt(i), str(i).zfill(19))
def test_arbitrary_number(self):
i = 98218329123
self.assertEqual(paddedInt(i), str(i).zfill(19))
def test_ten(self):
i = 10
self.assertEqual(paddedInt(i), str(i).zfill(19))
def test_zero(self):
i = 0
self.assertEqual(paddedInt(i), "0"*19)
def test_zero(self):
i = 0
self.assertEqual(paddedInt(i), "0" * 19)
def test_ten(self):
i = 10
self.assertEqual(paddedInt(i), str(i).zfill(19))
def test_arbitrary_number(self):
i = 98218329123
self.assertEqual(paddedInt(i), str(i).zfill(19))
