コード例 #1
0
def validate_users_gpg_key(users):
    ok = True
    settings = queries.get_app_interface_settings()
    smtp_client = SmtpClient(settings=settings)
    for user in users:
        public_gpg_key = user.get('public_gpg_key')
        if public_gpg_key:
            recipient = smtp_client.get_recipient(user['org_username'])
            try:
                gpg_key_valid(public_gpg_key, recipient)
            except ValueError as e:
                msg = \
                    'invalid public gpg key for user {}: {}'.format(
                        user['org_username'], str(e))
                logging.error(msg)
                ok = False

    return ok
コード例 #2
0
def collect_queries(query_name=None, settings=None):
    """
    Consults the app-interface and constructs the list of queries
    to be executed.

    :param query_name: (optional) query to look for
    :param settings: App Interface settings

    :return: List of queries dictionaries
    """
    queries_list = []

    # Items to be either overridden ot taken from the k8s secret
    db_conn_items = {
        "db.host": None,
        "db.name": None,
        "db.password": None,
        "db.port": None,
        "db.user": None,
    }

    sql_queries = queries.get_app_interface_sql_queries()

    for sql_query in sql_queries:
        name = sql_query["name"]

        for existing in queries_list:
            if existing["name"] == name:
                logging.error(["SQL-Query %s defined more than once"], name)
                sys.exit(ExitCodes.ERROR)

        # Looking for a specific query
        if query_name is not None:
            if name != query_name:
                continue

        namespace = sql_query["namespace"]
        identifier = sql_query["identifier"]

        # Due to an API limitation, the keys are coming with underscore
        # instead of period, so we are using this unpacking routine
        # to also replace "_" by "." in the keys
        if sql_query["overrides"] is not None:
            overrides = {
                key.replace("_", "."): value
                for key, value in sql_query["overrides"].items()
                if value is not None
            }
        else:
            overrides = {}

        # Merging the overrides. Values that are still None after this
        # will be taken from the k8s secret on template rendering
        db_conn = {**db_conn_items, **overrides}

        # Output can be:
        # - stdout
        # - filesystem
        # - encrypted
        output = sql_query["output"]
        if output is None:
            output = "stdout"
        elif output == "encrypted":
            requestor = sql_query.get("requestor")
            if requestor is None:
                logging.error(
                    "a requestor is required to get encrypted output")
                sys.exit(ExitCodes.ERROR)
            public_gpg_key = requestor.get("public_gpg_key")
            user_name = requestor.get("org_username")
            if public_gpg_key is None:
                logging.error(["user %s does not have a public gpg key"],
                              user_name)
                sys.exit(ExitCodes.ERROR)

        # Extracting the terraformResources information from the namespace
        # fo the given identifier
        tf_resource_info = get_tf_resource_info(namespace, identifier)
        if tf_resource_info is None:
            logging.error(
                ["Could not find rds identifier %s in namespace %s"],
                identifier,
                namespace["name"],
            )
            sys.exit(ExitCodes.ERROR)

        sql_queries = []
        if sql_query["query"] is not None:
            sql_queries.append(sql_query["query"])

        if sql_query["queries"] is not None:
            sql_queries.extend(sql_query["queries"])

        sql_queries = [item.replace("'", "''") for item in sql_queries]

        # building up the final query dictionary
        item = {
            "name": name,
            "namespace": namespace,
            "identifier": sql_query["identifier"],
            "db_conn": db_conn,
            "output": output,
            "queries": sql_queries,
            **tf_resource_info,
        }

        if output == "encrypted":
            smtp_client = SmtpClient(settings=settings)
            item["recipient"] = smtp_client.get_recipient(
                sql_query["requestor"]["org_username"])
            item["public_gpg_key"] = sql_query["requestor"][
                "public_gpg_key"].replace("\n", "")

        # If schedule is defined
        # this should be a CronJob
        schedule = sql_query.get("schedule")
        if schedule:
            item["schedule"] = schedule

        queries_list.append(item)

    return queries_list