def getCIFCredentials(dconf, session, prefix=""):
credentials = None
domain = None
if (containsCredentials(dconf, prefix)):
username, domain = splitDomainAndUsername(dconf['username'])
credentials = {}
credentials["USER"] = util.to_plain_string(username)
util.SMlog("CIFS user = {user}".format(user=credentials["USER"]))
key_password, key_secret = getDconfPasswordKey(prefix)
if key_secret in dconf:
password = util.get_secret(session, dconf[key_secret])
if password is not None:
util.SMlog("Obtained CIFS password via secret")
else:
password = dconf[key_password]
if password is not None:
util.SMlog("Obtained CIFS password")
credentials["PASSWD"] = util.to_plain_string(password)
if credentials["PASSWD"] is not None:
util.SMlog("Obtained CIFS plain text password")
domain = util.to_plain_string(domain)
else:
util.SMlog("NOTE: No CIFS credentials found in dconf")
return credentials, domain
def post_user(client, s, c, u, key=None):
data = {'date': 'now', 'result': 2700, 'detail': 'it"s fake'}
if key is None:
with api.app.app_context():
key = get_secret(s)
encrypt(data, key)
data = json.dumps(data)
return client.post('/api/v0/s/{}/c/{}/user/{}'.format(s, c, u), data=data)
def main():
url = get_secret("WEBHOOK") # 웹훅 URL
text = "테스트 메세지 입니다 : " + str(datetime.datetime.now())
payload = {
"text": text,
"username": "******",
"channel": "general",
"icon_emoji": ":ghost:"
}
requests.post(url, json=payload)
def getMountOptions(self):
"""Creates option string based on parameters provided"""
options = ['sec=ntlm',
'cache=loose',
'vers=3.0',
'actimeo=0'
]
if self.dconf.has_key('username') and \
(self.dconf.has_key('password') or
self.dconf.has_key('password_secret')):
dom_username = self.dconf['username'].split('\\')
if len(dom_username) == 1:
domain = None
username = dom_username[0]
elif len(dom_username) == 2:
domain = dom_username[0]
username = dom_username[1]
else:
raise SMBException("A maximum of 2 tokens are expected "
"(<domain>\<username>). {} were given."
.format(len(dom_username)))
domain = util.to_plain_string(domain)
username = util.to_plain_string(username)
if self.dconf.has_key('password_secret'):
password = util.get_secret(
self.session,
self.dconf['password_secret']
)
else:
password = self.dconf['password']
password = util.to_plain_string(password)
cred_str = 'username={}\npassword={}\n'.format(username, password)
if domain:
cred_str += 'domain={}\n'.format(domain)
# Open credentials file and truncate
try:
with open(self.credentials, 'w') as f:
f.write(cred_str)
except IOError, e:
raise SMBException("Failed to create credentials file")
options.append('credentials=%s' % self.credentials)
def getMountOptions(self):
"""Creates option string based on parameters provided"""
options = ['sec=ntlm',
'cache=loose',
'vers=3.0',
'actimeo=0'
]
if self.dconf.has_key('username') and \
(self.dconf.has_key('password') or
self.dconf.has_key('password_secret')):
dom_username = self.dconf['username'].split('\\')
if len(dom_username) == 1:
domain = None
username = dom_username[0]
elif len(dom_username) == 2:
domain = dom_username[0]
username = dom_username[1]
else:
raise SMBException("A maximum of 2 tokens are expected "
"(<domain>\<username>). {} were given."
.format(len(dom_username)))
domain = util.to_plain_string(domain)
username = util.to_plain_string(username)
if self.dconf.has_key('password_secret'):
password = util.get_secret(
self.session,
self.dconf['password_secret']
)
else:
password = self.dconf['password']
password = util.to_plain_string(password)
cred_str = 'username={}\npassword={}\n'.format(username, password)
if domain:
cred_str += 'domain={}\n'.format(domain)
# Open credentials file and truncate
try:
with open(self.credentials, 'w') as f:
f.write(cred_str)
except IOError, e:
raise SMBException("Failed to create credentials file")
options.append('credentials=%s' % self.credentials)
def __init__(self, email: Email, config: EWSConfig):
self._email = email
self._config = config
self._gcs_client = storage.Client()
credentials = Credentials(config.email_account, config.password)
version = Version(build=Build(config.exchange_version["major"],
config.exchange_version["minor"]))
ews_config = Configuration(
service_endpoint=config.exchange_url,
credentials=credentials,
auth_type="basic",
version=version,
retry_policy=FaultTolerance(max_wait=300),
)
self._account = Account(
primary_smtp_address=config.email_account,
config=ews_config,
autodiscover=False,
access_type="delegate",
)
# Setup reply-mail client.
recipient = ""
if self._config.hardcoded_recipients:
recipient = self._config.mail_to_mapping.get(self._email.recipient)
else:
recipient = self._config.mail_to_mapping.get("STANDARD")
acc_credentials = Credentials(
username=recipient["sender_account"],
password=util.get_secret(os.environ["PROJECT_ID"],
recipient["sender_account_secret"]),
)
acc_config = Configuration(
service_endpoint=config.exchange_url,
credentials=acc_credentials,
auth_type="basic",
version=version,
retry_policy=FaultTolerance(max_wait=300),
)
self._reply_email_account = Account(
primary_smtp_address=recipient["sender_account"],
config=acc_config,
autodiscover=False,
access_type="delegate",
)
def _getCEPH_response(self, cmd):
s = pxssh.pxssh()
s.force_password = True
password = ""
if self.dconf.has_key('chappassword_secret'):
password = util.get_secret(self.session, self.dconf['chappassword_secret'])
elif self.dconf.has_key('chappassword'):
password = self.dconf['chappassword']
user = self.srcmd.dconf['chapuser']
target = self.srcmd.dconf['target'].split(',')[0]
port = self.srcmd.dconf['port']
if not s.login(target,user,password):
util.SMlog('ssh login failed with last message %s' % s)
else:
s.sendline (cmd)
s.prompt()
result = s.before.split('\n')
return result
def generate_config(self, sr_uuid, vdi_uuid):
util.SMlog("OCFSoISCSIVDI.generate_config")
dict = {}
self.sr.dconf['localIQN'] = self.sr.iscsi.localIQN
self.sr.dconf['multipathing'] = self.sr.mpath
self.sr.dconf['multipathhandle'] = self.sr.mpathhandle
dict['device_config'] = self.sr.dconf
if dict['device_config'].has_key('chappassword_secret'):
s = util.get_secret(self.session, dict['device_config']['chappassword_secret'])
del dict['device_config']['chappassword_secret']
dict['device_config']['chappassword'] = s
dict['sr_uuid'] = sr_uuid
dict['vdi_uuid'] = vdi_uuid
dict['command'] = 'vdi_attach_from_config'
# Return the 'config' encoded within a normal XMLRPC response so that
# we can use the regular response/error parsing code.
config = xmlrpclib.dumps(tuple([dict]), "vdi_attach_from_config")
return xmlrpclib.dumps((config,), "", True)
def generate_config(self, sr_uuid, vdi_uuid):
util.SMlog("OCFSoISCSIVDI.generate_config")
dict = {}
self.sr.dconf['localIQN'] = self.sr.iscsi.localIQN
self.sr.dconf['multipathing'] = self.sr.mpath
self.sr.dconf['multipathhandle'] = self.sr.mpathhandle
dict['device_config'] = self.sr.dconf
if dict['device_config'].has_key('chappassword_secret'):
s = util.get_secret(self.session, dict['device_config']['chappassword_secret'])
del dict['device_config']['chappassword_secret']
dict['device_config']['chappassword'] = s
dict['sr_uuid'] = sr_uuid
dict['vdi_uuid'] = vdi_uuid
dict['command'] = 'vdi_attach_from_config'
# Return the 'config' encoded within a normal XMLRPC response so that
# we can use the regular response/error parsing code.
config = xmlrpclib.dumps(tuple([dict]), "vdi_attach_from_config")
return xmlrpclib.dumps((config,), "", True)
def _getCEPH_response(self, cmd):
s = pxssh.pxssh()
s.force_password = True
password = ""
if self.dconf.has_key('chappassword_secret'):
password = util.get_secret(self.session,
self.dconf['chappassword_secret'])
elif self.dconf.has_key('chappassword'):
password = self.dconf['chappassword']
user = self.srcmd.dconf['chapuser']
target = self.srcmd.dconf['target'].split(',')[0]
port = self.srcmd.dconf['port']
if not s.login(target, user, password):
util.SMlog('ssh login failed with last message %s' % s)
else:
s.sendline(cmd)
s.prompt()
result = s.before.split('\n')
return result
def handler(request):
"""
Handler function that extracts a mail message
from a pubsub message for processing.
"""
try:
envelope = json.loads(request.data.decode('utf-8'))
bytes = base64.b64decode(envelope['message']['data'])
message = json.loads(bytes)
except Exception as e:
logging.exception('Failed while extracting message!')
raise e
if message['email'].get('subject', None) is None:
message['email']['subject'] = ''
if message['email'].get('body', None) is None:
message['email']['body'] = ''
email = from_dict(data_class=Email, data=message['email'])
configuration = EWSConfig(
email_account=config.EMAIL_ADDRESS,
password=util.get_secret(os.environ['PROJECT_ID'], config.SECRET_ID),
mail_from=config.EMAIL_ADDRESS,
mail_to_mapping=config.EMAILS_SENDER_RECEIVER_MAPPING,
hardcoded_recipients=config.HARDCODED_RECIPIENTS,
send_replies=config.SEND_REPLIES,
needs_pdfs=config.NEEDS_PDFS,
pdf_only=config.PDF_ONLY,
merge_pdfs=config.MERGE_PDF,
exchange_url=config.EXCHANGE_URL,
exchange_version=config.EXCHANGE_VERSION,
reply_to_email=config.REPLY_TO_EMAIL_ADDRESS,
ignore_reply_subjects=config.IGNORE_REPLY_SUBJECTS,
ignore_reply_senders=config.IGNORE_REPLY_SENDERS)
processor = MailProcessor(email, configuration)
process_bool = processor.process()
if not process_bool:
logging.error("Mail was not send")
def create_password(args):
"""
Change the rethinkdb admin password.
"""
host = util.get_pod_ip(db='rethinkdb')
if not host:
raise RuntimeError(
"no running rethinkdb servers, so can't change password")
path = args.path
if not os.path.exists(path):
os.makedirs(path)
elif not os.path.isdir(path):
raise RuntimeError('path must be a directory')
new_password = util.random_password(63)
name = 'rethinkdb-password'
# Get the current RethinkDB password from Kubernetes
old_password = util.get_secret(name).get('rethinkdb', None)
if old_password:
if input(
"Password already set. Are you sure you want to change it? type 'YES'"
) != 'YES':
raise RuntimeError("NOT changing password")
if old_password == '':
old_password = None
# Write the new password to disk (better to have it so if we set it below and die then at least it isn't lost!)
open(os.path.join(path, 'rethinkdb'), 'w').write(new_password)
# Set the new password in rethinkdb
import rethinkdb as r
conn = r.connect(host=host, auth_key=old_password)
r.db('rethinkdb').table('users').get('admin').update({
'password':
new_password
}).run(conn)
# Load the new password into Kubernetes
util.create_secret(name, path)
def getCIFCredentials(dconf, session, prefix=""):
credentials = None
domain = None
if (containsCredentials(dconf, prefix)):
username, domain = splitDomainAndUsername(dconf['username'])
credentials = {}
credentials["USER"] = util.to_plain_string(username)
key_password, key_secret = getDconfPasswordKey(prefix)
if key_secret in dconf:
password = util.get_secret(session, dconf[key_secret])
else:
password = dconf[key_password]
credentials["PASSWD"] = util.to_plain_string(password)
domain = util.to_plain_string(domain)
return credentials, domain
def _getCEPH_response(self, cmd):
dbg_prt("[rbdsr] _getCEPH_response")
s = pxssh.pxssh()
s.force_password = True
password = ""
if self.dconf.has_key('chappassword_secret'):
password = util.get_secret(self.session, self.dconf['chappassword_secret'])
elif self.dconf.has_key('chappassword'):
password = self.dconf['chappassword']
user = self.srcmd.dconf['chapuser']
target = self.srcmd.dconf['target'].split(',')[0]
port = self.srcmd.dconf['port']
if not s.login(target,user,password):
util.SMlog('ssh login failed with last message %s' % s)
else:
s.sendline (cmd)
s.prompt()
result = s.before.split('\n')
# remove the last one which is a blank
dbg_prt("[rbdsr] ceph_response cmd : [%s], result : [%s], result_len : %d", cmd, result, len(result))
return result[1:]
def generate_config(self, sr_uuid, vdi_uuid):
util.SMlog("LVHDoISCSIVDI.generate_config")
if not lvutil._checkLV(self.path):
raise xs_errors.XenError('VDIUnavailable')
dict = {}
self.sr.dconf['localIQN'] = self.sr.iscsi.localIQN
self.sr.dconf['multipathing'] = self.sr.mpath
self.sr.dconf['multipathhandle'] = self.sr.mpathhandle
dict['device_config'] = self.sr.dconf
if 'chappassword_secret' in dict['device_config']:
s = util.get_secret(self.session,
dict['device_config']['chappassword_secret'])
del dict['device_config']['chappassword_secret']
dict['device_config']['chappassword'] = s
dict['sr_uuid'] = sr_uuid
dict['vdi_uuid'] = vdi_uuid
dict['command'] = 'vdi_attach_from_config'
# Return the 'config' encoded within a normal XMLRPC response so that
# we can use the regular response/error parsing code.
config = xmlrpclib.dumps(tuple([dict]), "vdi_attach_from_config")
return xmlrpclib.dumps((config, ), "", True)
def post_result(service, category, username):
with get_db() as conn:
c = conn.cursor()
# Check for service and category
c.execute("SELECT 1 FROM service WHERE id = ?", (service, ))
if not c.fetchone():
raise APIError("Service not found")
# get the JSON
try:
key = get_secret(service)
data = request.get_json(force=True)
if not verify(data, key):
raise Exception
except:
raise APIError("Bad JSON")
score = (service, category, username, data["date"], data["result"],
data["detail"])
c.execute("""INSERT INTO score VALUES (?,?,?,?,?,?)""", score)
return 'Successful'
def generate_config(self, sr_uuid, vdi_uuid):
util.SMlog("LVHDoISCSIVDI.generate_config")
if not lvutil._checkLV(self.path):
raise xs_errors.XenError('VDIUnavailable')
if self.sr.sm_config['allocation'] == "xlvhd":
lvutil.flushLV(self.path)
dict = {}
self.sr.dconf['localIQN'] = self.sr.iscsi.localIQN
self.sr.dconf['multipathing'] = self.sr.mpath
self.sr.dconf['multipathhandle'] = self.sr.mpathhandle
dict['device_config'] = self.sr.dconf
if dict['device_config'].has_key('chappassword_secret'):
s = util.get_secret(self.session, dict['device_config']['chappassword_secret'])
del dict['device_config']['chappassword_secret']
dict['device_config']['chappassword'] = s
dict['sr_uuid'] = sr_uuid
dict['vdi_uuid'] = vdi_uuid
dict['allocation'] = self.sr.sm_config['allocation']
dict['command'] = 'vdi_attach_from_config'
# Return the 'config' encoded within a normal XMLRPC response so that
# we can use the regular response/error parsing code.
config = xmlrpclib.dumps(tuple([dict]), "vdi_attach_from_config")
return xmlrpclib.dumps((config,), "", True)
def create_password(args):
"""
Change the rethinkdb admin password.
"""
host = util.get_pod_ip(db='rethinkdb')
if not host:
raise RuntimeError("no running rethinkdb servers, so can't change password")
path = args.path
if not os.path.exists(path):
os.makedirs(path)
elif not os.path.isdir(path):
raise RuntimeError('path must be a directory')
new_password = util.random_password(63)
name = 'rethinkdb-password'
# Get the current RethinkDB password from Kubernetes
old_password = util.get_secret(name).get('rethinkdb', None)
if old_password:
if input("Password already set. Are you sure you want to change it? type 'YES'") != 'YES':
raise RuntimeError("NOT changing password")
if old_password == '':
old_password = None
# Write the new password to disk (better to have it so if we set it below and die then at least it isn't lost!)
open(os.path.join(path, 'rethinkdb'), 'w').write(new_password)
# Set the new password in rethinkdb
import rethinkdb as r
conn = r.connect(host=host, auth_key=old_password)
r.db('rethinkdb').table('users').get('admin').update({'password': new_password}).run(conn)
# Load the new password into Kubernetes
util.create_secret(name, path)
def _getCEPH_response(self, cmd):
dbg_prt("[rbdsr] _getCEPH_response")
s = pxssh.pxssh()
s.force_password = True
password = ""
if self.dconf.has_key('chappassword_secret'):
password = util.get_secret(self.session,
self.dconf['chappassword_secret'])
elif self.dconf.has_key('chappassword'):
password = self.dconf['chappassword']
user = self.srcmd.dconf['chapuser']
target = self.srcmd.dconf['target'].split(',')[0]
port = self.srcmd.dconf['port']
if not s.login(target, user, password):
util.SMlog('ssh login failed with last message %s' % s)
else:
s.sendline(cmd)
s.prompt()
result = s.before.split('\n')
# remove the last one which is a blank
dbg_prt(
"[rbdsr] ceph_response cmd : [%s], result : [%s], result_len : %d",
cmd, result, len(result))
return result[1:]
def load(self, sr_uuid):
if self.force_tapdisk:
self.sr_vditype = 'aio'
else:
self.sr_vditype = 'phy'
self.discoverentry = 0
self.default_vdi_visibility = False
# Required parameters
if 'target' not in self.dconf or not self.dconf['target']:
raise xs_errors.XenError('ConfigTargetMissing')
# we are no longer putting hconf in the xml.
# Instead we pass a session and host ref and let the SM backend query XAPI itself
try:
if 'localIQN' not in self.dconf:
self.localIQN = self.session.xenapi.host.get_other_config(
self.host_ref)['iscsi_iqn']
else:
self.localIQN = self.dconf['localIQN']
except:
raise xs_errors.XenError('ConfigISCSIIQNMissing')
# Check for empty string
if not self.localIQN:
raise xs_errors.XenError('ConfigISCSIIQNMissing')
try:
self.target = util._convertDNS(self.dconf['target'].split(',')[0])
except:
raise xs_errors.XenError('DNSError')
self.targetlist = self.target
if 'targetlist' in self.dconf:
self.targetlist = self.dconf['targetlist']
# Optional parameters
self.chapuser = ""
self.chappassword = ""
if 'chapuser' in self.dconf \
and ('chappassword' in self.dconf or 'chappassword_secret' in self.dconf):
self.chapuser = self.dconf['chapuser'].encode('utf-8')
if 'chappassword_secret' in self.dconf:
self.chappassword = util.get_secret(
self.session, self.dconf['chappassword_secret'])
else:
self.chappassword = self.dconf['chappassword']
self.chappassword = self.chappassword.encode('utf-8')
self.incoming_chapuser = ""
self.incoming_chappassword = ""
if 'incoming_chapuser' in self.dconf \
and ('incoming_chappassword' in self.dconf or 'incoming_chappassword_secret' in self.dconf):
self.incoming_chapuser = self.dconf['incoming_chapuser'].encode(
'utf-8')
if 'incoming_chappassword_secret' in self.dconf:
self.incoming_chappassword = util.get_secret(
self.session, self.dconf['incoming_chappassword_secret'])
else:
self.incoming_chappassword = self.dconf[
'incoming_chappassword']
self.incoming_chappassword = self.incoming_chappassword.encode(
'utf-8')
self.port = DEFAULT_PORT
if 'port' in self.dconf and self.dconf['port']:
try:
self.port = long(self.dconf['port'])
except:
raise xs_errors.XenError('ISCSIPort')
if self.port > MAXPORT or self.port < 1:
raise xs_errors.XenError('ISCSIPort')
# For backwards compatibility
if 'usediscoverynumber' in self.dconf:
self.discoverentry = self.dconf['usediscoverynumber']
self.multihomed = False
if 'multihomed' in self.dconf:
if self.dconf['multihomed'] == "true":
self.multihomed = True
elif self.mpath == 'true':
self.multihomed = True
if 'targetIQN' not in self.dconf or not self.dconf['targetIQN']:
self._scan_IQNs()
raise xs_errors.XenError('ConfigTargetIQNMissing')
self.targetIQN = unicode(self.dconf['targetIQN']).encode('utf-8')
self._attached = None
self._pathdict = None
self._adapter = None
self._devs = None
self._tgtidx = None
self._path = None
self._address = None
def load(self, sr_uuid):
self.sr_vditype = 'phy'
self.discoverentry = 0
self.default_vdi_visibility = False
# Required parameters
if not self.dconf.has_key('target') or not self.dconf['target']:
raise xs_errors.XenError('ConfigTargetMissing')
# we are no longer putting hconf in the xml.
# Instead we pass a session and host ref and let the SM backend query XAPI itself
try:
if not self.dconf.has_key('localIQN'):
self.localIQN = self.session.xenapi.host.get_other_config(self.host_ref)['iscsi_iqn']
else:
self.localIQN = self.dconf['localIQN']
except:
raise xs_errors.XenError('ConfigISCSIIQNMissing')
# Check for empty string
if not self.localIQN:
raise xs_errors.XenError('ConfigISCSIIQNMissing')
try:
self.target = util._convertDNS(self.dconf['target'].split(',')[0])
except:
raise xs_errors.XenError('DNSError')
self.targetlist = self.target
if self.dconf.has_key('targetlist'):
self.targetlist = self.dconf['targetlist']
# Optional parameters
self.chapuser = ""
self.chappassword = ""
if self.dconf.has_key('chapuser') \
and (self.dconf.has_key('chappassword') or self.dconf.has_key('chappassword_secret')):
self.chapuser = self.dconf['chapuser']
if self.dconf.has_key('chappassword_secret'):
self.chappassword = util.get_secret(self.session, self.dconf['chappassword_secret'])
else:
self.chappassword = self.dconf['chappassword']
self.incoming_chapuser = ""
self.incoming_chappassword = ""
if self.dconf.has_key('incoming_chapuser') \
and (self.dconf.has_key('incoming_chappassword') or self.dconf.has_key('incoming_chappassword_secret')):
self.incoming_chapuser = self.dconf['incoming_chapuser']
if self.dconf.has_key('incoming_chappassword_secret'):
self.incoming_chappassword = util.get_secret(self.session, self.dconf['incoming_chappassword_secret'])
else:
self.incoming_chappassword = self.dconf['incoming_chappassword']
self.port = DEFAULT_PORT
if self.dconf.has_key('port') and self.dconf['port']:
try:
self.port = long(self.dconf['port'])
except:
raise xs_errors.XenError('ISCSIPort')
if self.port > MAXPORT or self.port < 1:
raise xs_errors.XenError('ISCSIPort')
# For backwards compatibility
if self.dconf.has_key('usediscoverynumber'):
self.discoverentry = self.dconf['usediscoverynumber']
self.multihomed = False
if self.dconf.has_key('multihomed'):
if self.dconf['multihomed'] == "true":
self.multihomed = True
elif self.mpath == 'true':
self.multihomed = True
if not self.dconf.has_key('targetIQN') or not self.dconf['targetIQN']:
self._scan_IQNs()
raise xs_errors.XenError('ConfigTargetIQNMissing')
self.targetIQN = self.dconf['targetIQN']
self.attached = False
try:
self.attached = iscsilib._checkTGT(self.targetIQN)
except:
pass
self._initPaths()
from typing import List
# import boto3
import requests
from requests.auth import HTTPBasicAuth
from slack_api import Slack
from util import get_secret
logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)
secrets = json.loads(get_secret("message-all-users/secrets"))
logger.info(secrets)
bamboo_domain = secrets.get("BAMBOO_DOMAIN")
bamboo_reports_url = f"https://api.bamboohr.com/api/gateway.php/{bamboo_domain}/v1/reports/custom"
bamboo_api_key = secrets.get("BAMBOO_API_KEY")
bamboo_auth = HTTPBasicAuth(bamboo_api_key, "x")
slack_token = secrets.get('SLACK_TOKEN')
# with statement is a context manager
# with open("message_format.json", "r") as json_file:
# message_format = json.loads(json_file.read())
#List of users to message goes into 'lll' in CSV format.
lll = [
def initiate_connection(username, cluster):
""" Initiate connection with Redshift cluster
@param username: master username from replay.yaml
@param cluster: cluster dictionary
"""
response = None
logger = logging.getLogger("SimpleReplayLogger")
if cluster.get("is_serverless"):
secret_name = get_secret(cluster.get('secret_name'),
cluster.get("region"))
response = {
'DbUser': secret_name["admin_username"],
'DbPassword': secret_name["admin_password"]
}
else:
rs_client = client('redshift', region_name=cluster.get("region"))
# get response from redshift to get cluster credentials using provided cluster info
try:
response = rs_client.get_cluster_credentials(
DbUser=username,
DbName=cluster.get("database"),
ClusterIdentifier=cluster.get("id"),
DurationSeconds=900,
AutoCreate=False,
)
except rs_client.exceptions.ClusterNotFoundFault:
logger.error(
f"Cluster {cluster.get('id')} not found. Please confirm cluster endpoint, account, and region."
)
exit(-1)
except Exception as e:
logger.error(
f"Unable to connect to Redshift. Confirm IAM permissions include Redshift::GetClusterCredentials."
f" {e}")
exit(-1)
if response is None or response.get('DbPassword') is None:
logger.error(f"Failed to retrieve credentials for user {username} ")
response = None
# define cluster string/dict
cluster_string = {
"username": response["DbUser"],
"password": response["DbPassword"],
"host": cluster.get("host"),
"port": cluster.get("port"),
"database": cluster.get("database"),
}
conn = None
try:
logger.info(f"Connecting to {cluster.get('id')}")
conn = db_connect(
host=cluster_string["host"],
port=int(cluster_string["port"]),
username=cluster_string["username"],
password=cluster_string["password"],
database=cluster_string["database"]) # yield to reuse connection
yield conn
except redshift_connector.error.Error as e:
logger.error(
f"Unable to connect to Redshift. Please confirm credentials. {e} ")
exit(-1)
except Exception as e:
logger.error(f"Unable to connect to Redshift. {e}")
exit(-1)
finally:
if conn is not None:
conn.close()
def load(self, sr_uuid):
if self.force_tapdisk:
self.sr_vditype = "aio"
else:
self.sr_vditype = "phy"
self.discoverentry = 0
self.default_vdi_visibility = False
# Required parameters
if not self.dconf.has_key("target") or not self.dconf["target"]:
raise xs_errors.XenError("ConfigTargetMissing")
# we are no longer putting hconf in the xml.
# Instead we pass a session and host ref and let the SM backend query XAPI itself
try:
if not self.dconf.has_key("localIQN"):
self.localIQN = self.session.xenapi.host.get_other_config(self.host_ref)["iscsi_iqn"]
else:
self.localIQN = self.dconf["localIQN"]
except:
raise xs_errors.XenError("ConfigISCSIIQNMissing")
# Check for empty string
if not self.localIQN:
raise xs_errors.XenError("ConfigISCSIIQNMissing")
try:
self.target = util._convertDNS(self.dconf["target"].split(",")[0])
except:
raise xs_errors.XenError("DNSError")
self.targetlist = self.target
if self.dconf.has_key("targetlist"):
self.targetlist = self.dconf["targetlist"]
# Optional parameters
self.chapuser = ""
self.chappassword = ""
if self.dconf.has_key("chapuser") and (
self.dconf.has_key("chappassword") or self.dconf.has_key("chappassword_secret")
):
self.chapuser = self.dconf["chapuser"]
if self.dconf.has_key("chappassword_secret"):
self.chappassword = util.get_secret(self.session, self.dconf["chappassword_secret"])
else:
self.chappassword = self.dconf["chappassword"]
self.incoming_chapuser = ""
self.incoming_chappassword = ""
if self.dconf.has_key("incoming_chapuser") and (
self.dconf.has_key("incoming_chappassword") or self.dconf.has_key("incoming_chappassword_secret")
):
self.incoming_chapuser = self.dconf["incoming_chapuser"]
if self.dconf.has_key("incoming_chappassword_secret"):
self.incoming_chappassword = util.get_secret(self.session, self.dconf["incoming_chappassword_secret"])
else:
self.incoming_chappassword = self.dconf["incoming_chappassword"]
self.port = DEFAULT_PORT
if self.dconf.has_key("port") and self.dconf["port"]:
try:
self.port = long(self.dconf["port"])
except:
raise xs_errors.XenError("ISCSIPort")
if self.port > MAXPORT or self.port < 1:
raise xs_errors.XenError("ISCSIPort")
# For backwards compatibility
if self.dconf.has_key("usediscoverynumber"):
self.discoverentry = self.dconf["usediscoverynumber"]
self.multihomed = False
if self.dconf.has_key("multihomed"):
if self.dconf["multihomed"] == "true":
self.multihomed = True
elif self.mpath == "true":
self.multihomed = True
if not self.dconf.has_key("targetIQN") or not self.dconf["targetIQN"]:
self._scan_IQNs()
raise xs_errors.XenError("ConfigTargetIQNMissing")
self.targetIQN = self.dconf["targetIQN"]
self.attached = False
try:
self.attached = iscsilib._checkTGT(self.targetIQN)
except:
pass
self._initPaths()
# from mongoengine import connect
import os
import motor.motor_asyncio
from util import get_secret
# from models import User, Position, Order
# connect('trader', host=f'mongodb://*****:*****@{os.environ["DATABASE_HOSTNAME"]}:27017',
io_loop=loop)
import os
import boto3
from util import get_secret
FQDN = os.getenv("FQDN")
if not FQDN:
raise ValueError("Need to define FQDN environment variable")
AZURE_SCOPE = ["User.ReadBasic.All", "profile", "openid", "User.Read", "email"]
APP_DEBUG = os.getenv("APP_DEBUG")
if not APP_DEBUG:
APP_DEBUG = 0
REGION = "us-east-1"
SECRET_NAME = os.getenv("SECRET_NAME")
if not SECRET_NAME:
raise ValueError("Need to define SECRET_NAME environment variable")
STAGE = os.getenv("STAGE")
if not STAGE:
raise ValueError("Need to define STAGE environment variable")
USERS_TABLE = os.getenv("USERS_TABLE")
if not USERS_TABLE:
raise ValueError("Need to define USERS_TABLE environment variable")
# get secrets
SECRETS = get_secret(SECRET_NAME, REGION)
if not SECRETS:
raise Exception('Unable to load secrets')
def load(self, sr_uuid):
self.sr_vditype = 'phy'
self.discoverentry = 0
self.default_vdi_visibility = False
# Required parameters
if not self.dconf.has_key('target') or not self.dconf['target']:
raise xs_errors.XenError('ConfigTargetMissing')
# we are no longer putting hconf in the xml.
# Instead we pass a session and host ref and let the SM backend query XAPI itself
try:
if not self.dconf.has_key('localIQN'):
self.localIQN = self.session.xenapi.host.get_other_config(
self.host_ref)['iscsi_iqn']
else:
self.localIQN = self.dconf['localIQN']
except:
raise xs_errors.XenError('ConfigISCSIIQNMissing')
# Check for empty string
if not self.localIQN:
raise xs_errors.XenError('ConfigISCSIIQNMissing')
try:
self.target = util._convertDNS(self.dconf['target'].split(',')[0])
except:
raise xs_errors.XenError('DNSError')
self.targetlist = self.target
if self.dconf.has_key('targetlist'):
self.targetlist = self.dconf['targetlist']
# Optional parameters
self.chapuser = ""
self.chappassword = ""
if self.dconf.has_key('chapuser') \
and (self.dconf.has_key('chappassword') or self.dconf.has_key('chappassword_secret')):
self.chapuser = self.dconf['chapuser']
if self.dconf.has_key('chappassword_secret'):
self.chappassword = util.get_secret(
self.session, self.dconf['chappassword_secret'])
else:
self.chappassword = self.dconf['chappassword']
self.incoming_chapuser = ""
self.incoming_chappassword = ""
if self.dconf.has_key('incoming_chapuser') \
and (self.dconf.has_key('incoming_chappassword') or self.dconf.has_key('incoming_chappassword_secret')):
self.incoming_chapuser = self.dconf['incoming_chapuser']
if self.dconf.has_key('incoming_chappassword_secret'):
self.incoming_chappassword = util.get_secret(
self.session, self.dconf['incoming_chappassword_secret'])
else:
self.incoming_chappassword = self.dconf[
'incoming_chappassword']
self.port = DEFAULT_PORT
if self.dconf.has_key('port') and self.dconf['port']:
try:
self.port = long(self.dconf['port'])
except:
raise xs_errors.XenError('ISCSIPort')
if self.port > MAXPORT or self.port < 1:
raise xs_errors.XenError('ISCSIPort')
# For backwards compatibility
if self.dconf.has_key('usediscoverynumber'):
self.discoverentry = self.dconf['usediscoverynumber']
self.multihomed = False
if self.dconf.has_key('multihomed'):
if self.dconf['multihomed'] == "true":
self.multihomed = True
elif self.mpath == 'true':
self.multihomed = True
if not self.dconf.has_key('targetIQN') or not self.dconf['targetIQN']:
self._scan_IQNs()
raise xs_errors.XenError('ConfigTargetIQNMissing')
self.targetIQN = self.dconf['targetIQN']
self.attached = False
try:
self.attached = iscsilib._checkTGT(self.targetIQN)
except:
pass
self._initPaths()
from util import get_secret
API_TOKEN = get_secret("API_TOKEN")
PLUGINS = [
"dice_bot"
]
# import time
import json
import os
from pywebpush import webpush, WebPushException
from util import get_secret
VAPID_PRIVATE_KEY = None
VAPID_PUBLIC_KEY = None
if 'VAPID_PRIVATE_KEY' in os.environ:
VAPID_PRIVATE_KEY = os.environ["VAPID_PRIVATE_KEY"]
else:
VAPID_PRIVATE_KEY = get_secret('vapid_key_txt').strip("\n")
# VAPID_PRIVATE_KEY = open('/run/secrets/vapid_key_txt', "r+").readline().strip("\n")
if 'VAPID_PUBLIC_KEY' in os.environ:
VAPID_PRIVATE_KEY = os.environ["VAPID_PUBLIC_KEY"]
else:
VAPID_PUBLIC_KEY = get_secret('vapid_public_key_txt').strip("\n")
# VAPID_PUBLIC_KEY = open('/run/secrets/vapid_public_key_txt', "r+").read().strip("\n")
VAPID_CLAIMS = {"sub": "mailto:[email protected]"}
def send_web_push(subscription_information, message_body):
return webpush(subscription_info=subscription_information,
data=message_body,
vapid_private_key=VAPID_PRIVATE_KEY,
vapid_claims=VAPID_CLAIMS)
