def rename_krb5conf_file(self, env=None): krb5conf_file_new_name = "krb5.conf" krb5conf_file = "krb5_{}.conf" if env is None: env = os.getenv("env", "sandbox") krb5conf_file = krb5conf_file.format(env) conf_folder = '/etc/' conf_file_path_old = conf_folder + krb5conf_file conf_file_path_new = conf_folder + krb5conf_file_new_name #if Utils.does_file_exist(conf_file_path_new): # self.__log.info("krb5.conf already exists. Skipping renaming..") # return True #else: self.__log.info( "Renaming krb5_{}.conf to krb5.conf for {} environment".format( env, env)) if Utils.does_file_exist(conf_file_path_old): try: os.rename(conf_file_path_old, conf_file_path_new) except Exception as e: self.__log.error("Error while renaming {}: {}".format( conf_file_path_old, e)) # raise return False else: self.__log.info("Renamed {} file to {}".format( conf_file_path_old, conf_file_path_new)) return True else: self.__log.error( "{} file doesn't exist".format(conf_file_path_old)) if not Utils.does_file_exist(conf_file_path_new): self.__log.error( "{} file doesn't exist".format(conf_file_path_new)) return False
def init_kerberos(self): """ Authenticates using Kerberos :return: """ KERBEROS = 'kerberos' principal_key = 'kerberos_principal' bucket_key = 'keytab_s3_bucket' keytab_key = 'keytab_s3_key' principal = self.config.get(KERBEROS, principal_key) #principal = Utils.get_env_var(principal_key, principal, self.__log) bucket = self.config.get(KERBEROS, bucket_key) #bucket = Utils.get_env_var(bucket_key, bucket, self.__log) keytab_s3_key = self.config.get(KERBEROS, keytab_key) #keytab_s3_key = Utils.get_env_var(keytab_key, keytab_s3_key, self.__log) login_retry = int(self.config.get(KERBEROS, 'login_retry')) login_retry_poll = int(self.config.get(KERBEROS, 'login_retry_poll')) keytab_path = self.config.get(KERBEROS, 'keytab_local_path') self.__log.debug( "Loaded Kerberos properties are: {}: {}, {}: {}, {}: {}, login_retry: {}, " "login_retry_poll: {}, keytab_local_path: {}".format( principal_key, principal, bucket_key, bucket, keytab_key, keytab_s3_key, login_retry, login_retry_poll, keytab_path)) self.__log.info("Checking if keytab file exists in the path {}".format( keytab_path)) if not Utils.does_file_exist(keytab_path): self.__log.info("Downloading keytab file from s3") KerberosUtil.download_keytab(s3_bucket, s3_key, keytab_path) # Check if cached credentials are still valid self.__log.info("Check if cached credentials are still valid") valid_cache = KerberosUtil.validate_ticket() if not valid_cache: self.__log.info( "Cached credentials are not valid. Initializing ticket using kerberos credentials." ) auth = KerberosUtil.kinit(login_retry, login_retry_poll, principal, keytab_path, keytab_s3_key, bucket) if not auth: self.__log.error("Failed to authenticate using kerberos") #raise ValueError('Failed to authenticate using kerberos') self.__log.info("Successfully initialized kerberos ticket") return auth else: self.__log.info( "Successfully authenticated using cached credentials") return valid_cache