def __init__(self, vault_client, pickledb_obj={}):
self.github = Github()
self.vault_client = vault_client
self.db = pickledb_obj
self.sl_token = self.db.get_data('slack_token')
self.slack_client = SlackClient(self.sl_token)
self.channel = self.db.get_data('slack_channel')
def __init__(self,
key_name: str,
org_name: str,
public_key: str,
user_token: str,
github_url: str = "https://api.github.com") -> None:
self.key_name = key_name
self.org_name = org_name
self.public_key = public_key
self.user_token = user_token
self.github_url = github_url
self.github = Github(github_url=self.github_url)
def main(org_name: str, user_token: str) -> None:
github = Github()
oh_repos = {
repo["name"]: len(
github.ask(
path=
f"/repos/{org_name}/{repo['name']}/branches?per_page=10&page=1",
token=user_token))
for repo in github.ask(
path=f"/orgs/{org_name}/repos?per_page=10&page=1",
token=user_token)
}
print(json.dumps(oh_repos, indent=4, sort_keys=True))
def main(key_name: str, org_name: str, public_key: str,
user_token: str) -> None:
github = Github()
deploy_key = DeployKey(key_name=key_name,
org_name=org_name,
public_key=public_key,
user_token=user_token)
oh_repos = {
repo["name"]: deploy_key.add(repo_name=repo["name"])
for repo in github.ask(
path=f"/orgs/{org_name}/repos?per_page=10&page=1",
token=user_token)
}
print(json.dumps(oh_repos, indent=4, sort_keys=True))
def base_environment_variables(args: argparse.Namespace) -> None:
if os.environ.get('GITHUB_ORGANIZATION'):
args.organization = os.environ['GITHUB_ORGANIZATION']
if os.environ.get('GITHUB_TOKEN'):
args.token = os.environ['GITHUB_TOKEN']
if os.environ.get('LOG_LEVEL'):
args.log_level = os.environ['LOG_LEVEL']
set_log_level(args)
log = logging.getLogger(__name__)
gh = Github()
user = gh.ask(path='/user', token=args.token)
log.debug(
"You are currently acting as login %s of type %s from company %s, is site_admin: %s",
user['login'], user['type'], user['company'], user['site_admin'])
def main(
org_name: str,
org_team: str,
user_token: str
) -> None:
github = Github()
oh_repos = {
repo["name"]: github.ask(
path=f"/orgs/{org_name}/teams/{org_team}/repos/{org_name}/{repo['name']}",
body={"permission": "pull"},
http_verb="PUT",
token=user_token
)
for repo in github.ask(
path=f"/orgs/{org_name}/repos?per_page=10&page=1",
token=user_token
)
}
print(json.dumps(oh_repos, indent=4, sort_keys=True))
class DeployKey:
log = logging.getLogger(__name__)
def __init__(self,
key_name: str,
org_name: str,
public_key: str,
user_token: str,
github_url: str = "https://api.github.com") -> None:
self.key_name = key_name
self.org_name = org_name
self.public_key = public_key
self.user_token = user_token
self.github_url = github_url
self.github = Github(github_url=self.github_url)
def add(self, repo_name: str, read_only: bool = True) -> dict:
self._removing_key_if_exists(repo_name=repo_name)
self.log.info("I will try to add key %s with value %s to repo %s",
self.key_name, self.public_key, repo_name)
return self.github.ask(path=f"/repos/{self.org_name}/{repo_name}/keys",
body={
"title": self.key_name,
"key": self.public_key,
"read_only": read_only
},
http_verb="POST",
token=self.user_token)
def _removing_key_if_exists(self, repo_name: str) -> None:
self.log.info("Checking if key %s exists in repository %s",
self.key_name, repo_name)
for key in self.github.ask(
path=
f"/repos/{self.org_name}/{repo_name}/keys?per_page=10&page=1",
token=self.user_token):
self.log.info(
"key id: [%s] has name %s or public key %s, I will remove it",
key["id"], self.key_name, self.public_key)
self.github.ask(path=f"{self.path}/{key['id']}",
http_verb="DELETE",
token=self.user_token)
async def __last_commit(self, ctx, author, repo):
async with ctx.typing():
commit = Github(author, repo).commits()[0]
d = datetime.datetime.strptime(commit['commit']['committer']['date'],
"%Y-%m-%dT%H:%M:%SZ")
d_ago = (datetime.date.today() - d.date()).days
message = textwrap.dedent(
"""
```
Last update: {0} - {1} days ago
Commit message: {2}
```
{3}
"""
).format(d, d_ago, commit['commit']['message'], commit['html_url'])
await ctx.send(message)
def search_jobs(role, city):
print city
jobs = Github.get_jobs(query=role, location=city)
if len(jobs) == 0:
if city:
response = render_template('no_jobs_found_city',
role=role,
city=city)
return statement(response)
else:
response = render_template('no_jobs_found', role=role)
return response
response = render_template('search_job_response', number=len(jobs))
job_objects = map(_get_job_object, jobs)
session.attributes['jobs'] = job_objects
session.attributes['index'] = 0
return question(response)
class Suggestions:
def __init__(self, vault_client, pickledb_obj={}):
self.github = Github()
self.vault_client = vault_client
self.db = pickledb_obj
self.sl_token = self.db.get_data('slack_token')
self.slack_client = SlackClient(self.sl_token)
self.channel = self.db.get_data('slack_channel')
def suggest_version(self):
'''
Version updates
'''
versions = self.github.get_latest_releases()
current = self.vault_client.get_version()
latest = versions[0].lstrip('v')
if not latest == current:
# Suggestion
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Suggestion: Update Vault.")
# Reason
because = "Because: You currently have a {}, and there is an update, Version {}.".format(current, latest)
self.slack_client.api_call("chat.postMessage", channel=self.channel, text=because)
# Action
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Action: Download")
# Source
text = "https://releases.hashicorp.com/vault/" + latest + "/vault_" + latest + "_linux_amd64.zip"
self.slack_client.api_call("chat.postMessage", channel=self.channel, text=text)
text2 = "and install it to vaultserver1.uat.acmecorp.net, vaultserver2.uat.acmecorp.net, and vaultserver3.uat.acmecorp.net."
self.slack_client.api_call("chat.postMessage", channel=self.channel, text=text2)
text3 = "Hashi Docs: https://www.vaultproject.io/docs/upgrading/index.html#ha-installations"
self.slack_client.api_call("chat.postMessage", channel=self.channel, text=text3)
# Internal docs
internal = "Internal docs for this: confluence.acmecorp.net/vault-upgrade-manualconfluence.acmecorp.net/vault-upgrade-ansible"
self.slack_client.api_call("chat.postMessage", channel=self.channel, text=internal)
else:
latest_version = 'You already have the latest version of Vault installed: {}'.format(current)
self.slack_client.api_call("chat.postMessage", channel=self.channel, text=latest_version)
return True
def adoption_stats(self):
'''
Adoption Statistics
'''
secrets_engine = len([k for k in self.vault_client.get_secrets_engine_list()])
auth_methods = len([k for k in self.vault_client.get_auth_methods()])
policies = len([k for k in self.vault_client.get_policies()])
total_operations = self.vault_client.vault_operations()
# Suggestion
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="*Adoption Stats.* :bar_chart:")
# Check Logs
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Overall Adoption rate this week: {}".format(self.vault_client.get_overall_week()))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Overall Adoption rate this month: {}".format(self.vault_client.get_overall_month()))
# Dummy data
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Vault Operations this month: {}".format(total_operations))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Monthly BVA: ${} (Estimated)".format(total_operations * 500))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="{} Auth Methods".format(auth_methods))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="{} Policies".format(policies))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="{} Secrets Engines".format(secrets_engine))
# More Details
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="_Respond 'Adoption Details 2' for more._")
return True
def adoption_stats_detailed(self):
'''
Adoption Statistics Detailed
'''
total_entities = self.vault_client.get_total_entities_count().get('keys', [])
# Suggestion
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="*Adoption Details* :bar_chart:")
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Total Entities: {}".format(len(total_entities)))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Total Roles: {}".format(self.vault_client.get_total_roles()))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Total Tokens: {}".format(self.vault_client.get_total_tokens()))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Change: {}".format(self.vault_client.get_change_percentage()))
return False
def extant_leases(self):
'''
Leases information
'''
leases_detail = self.vault_client.get_leases_detail()
# Suggestion
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="*Extant Leases*")
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="You have {} leases in Vault".format(self.vault_client.get_total_leases()))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="{} non renewable".format(leases_detail['non_renewable']))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="{} renewable".format(leases_detail['renewable']))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Longest expire time: {}".format(leases_detail['longest']))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Longest remaining ttl: {}".format(leases_detail['longest_ttl']))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Shortest expire time: {}".format(leases_detail['shortest'], leases_detail['shortest']))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Shortest remaining ttl: {}".format(leases_detail['shortest_ttl']))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Never expire: {}".format(leases_detail['infinite_ttl']))
return True
def total_tokens(self):
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="*Tokens*")
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="{} total".format(self.vault_client.get_total_tokens()))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="{} service tokens".format())
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="{} batch tokens".format())
# self.slack_client.api_call("chat.postMessage", channel=self.channel, text="{} periodic Tokens".format(self.vault_client.get_auth_methods(namespace = namespace)))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="*Oldest:* {}".format())
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="*Newest:* {}".format())
return True
def high_privilege_login(self):
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="*:warning: WARNING: ROOT ACCOUNT CREATED IN PRODUCTION*")
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="If you're not aware of this as part of an authorized break-glass operation, Seal the Vault:")
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="vault login && vault operator seal")
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="For more information about this visit https://www.vaultproject.io/docs/commands/operator/seal/")
return True
def high_privilege_action(self):
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="*:warning: WARNING: ROOT ACCOUNT USED IN PRODUCTION*")
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="If you're not aware of this as part of an authorized break-glass operation, Seal the Vault:")
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="vault login && vault operator seal")
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="For more information about this visit https://www.vaultproject.io/docs/commands/operator/seal/")
return True
def vault_posture_score(self):
score = self.vault_client.vault_posture_score()
self.slack_client.api_call("chat.postMessage", channel=channel, text="*VaultPosture Score: {}*".format(score))
self.slack_client.api_call("chat.postMessage", channel=channel, text="_Respond 'Adoption Score Details' for more._")
return True
def score_details(self, thread=False):
score = self.vault_client.vault_posture_score(thread = thread)
return True
def auth_method_suggestion(self):
auth_methods = [k for k in self.vault_client.get_auth_methods()]
if len(auth_methods) > 1:
for auth in auth_methods:
if auth == "aws/":
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Auth Method Suggestion Available")
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Detected AWS platform. Use AWS Auto-Unseal?")
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="To know more about secure auth methods visit:")
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="https://www.vaultproject.io/docs/configuration/seal/awskms")
else:
if auth_methods[0] == "userpass/":
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Auth Method Suggestion Available")
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="You are using UserPass as your only auth method")
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Add more secure auth methods like LDAP or AppRole")
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="To know more about secure auth methods visit:")
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="https://www.vaultproject.io/docs/auth")
return True
def statusserer(self):
status = self.vault_client.get_health()
if status.get('version', False):
seal_state = "Sealed" if status['sealed'] == False else "Unsealed"
init = "Not Initialized" if status['initialized'] == False else "Initialized"
perf_mode = status['replication_perf_mode']
auth_methods = len([k for k in self.vault_client.get_auth_methods()])
policies = len([k for k in self.vault_client.get_policies()])
audit_log = self.vault_client.audit_device_status()
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Vault is reachable :white_check_mark:")
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Vault seal state: ".format(seal_state))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Vault: ".format(init))
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Replication Status: ".format(perf_mode))
if auth_methods <= 1:
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="You are using UserPass as your only auth method")
if policies == 0:
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="You don't have any Vault policies present")
else:
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Vault policies present")
if audit_log == {}:
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="You don't have the audit logs enabled")
else:
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="Vault Audit Logs enabled")
else:
self.slack_client.api_call("chat.postMessage", channel=self.channel, text="*:warning: WARNING: Vault is not reachable*")
return True