def encrypt_credential(text):
secret = config.vault.get('secret')
options = {
'vault_pass': secret
}
vault = Vault(options=options)
return vault.encrypt_string(text)
def get_variables(self, ids, decode=False):
records = self.find_by_ids(ids)
variables = {}
vault = Vault({'vault_pass': config.vault.get('secret')})
for record in records:
config_vars = record.get('variables')
if not config_vars:
continue
for k, v in config_vars.items():
key = '_'.join(
['ECLOGUE', 'CONFIG',
record.get('name', ''), k])
if not decode:
variables[key] = v
continue
is_encrypt = Vault.is_encrypted(v)
value = v
if is_encrypt:
value = vault.decrypt_string(value)
variables[key] = value
return variables
def parse_register(record):
register = record.get('register')
if not register:
return record
c_ids = map(lambda i: ObjectId(i), register)
cfg_records = Configuration.find({'_id': {'$in': list(c_ids)}})
if not cfg_records:
return record
try:
variables = {}
content = yaml.safe_load(record.get('content', ''))
if not content:
return record
vault = Vault({'vault_pass': config.vault.get('secret')})
for cfg in cfg_records:
config_vars = cfg.get('variables')
if not config_vars:
continue
for k, v in config_vars.items():
key = '_'.join(
['ECLOGUE', 'CONFIG',
cfg.get('name', ''), k])
is_encrypt = Vault.is_encrypted(v)
value = v
if is_encrypt:
value = vault.decrypt_string(value)
variables[key] = value
content = dict(content)
content.update(variables)
record['content'] = yaml.safe_dump(content)
except Exception as e:
print(e)
return record
def add_key():
user = login_user
payload = request.get_json()
if not payload:
return jsonify({
'message': 'illegal params',
'code': 104000,
}), 400
public_key = payload.get('public_key')
name = payload.get('name')
if not public_key:
return jsonify({'message': 'invalid public key', 'code': 104000}), 400
ssh = SSHKey(public_key)
try:
ssh.parse()
except Exception as err:
return jsonify({
'message': 'invalid ssh key: {}'.format(str(err)),
'code': 104001,
}), 400
fingerprint = ssh.hash_md5()
existed = db.collection('public_keys').find_one(
{'fingerprint': fingerprint})
if existed:
return jsonify({
'message': 'ssh public key existed',
'code': 104003
}), 400
options = {'vault_pass': config.vault.get('secret')}
encode = Vault(options).encrypt_string(public_key)
data = {
'fingerprint': fingerprint,
'user_id': user.get('user_id'),
'content': encode,
'name': name,
'created_at': time.time()
}
result = db.collection('public_keys').insert_one(data)
data['_id'] = result.inserted_id
logger.info('add public_keys', extra={'record': data})
return jsonify({
'message': 'ok',
'code': 0,
})
def update_credential(_id):
payload = request.get_json()
current_user = login_user
allow_types = [
'vault_pass',
'private_key',
'token',
]
record = db.collection('credentials').find_one({'_id': ObjectId(_id)})
if not record:
return jsonify({
'message': 'record not found',
'code': 134040,
}), 404
data = {}
description = payload.get('description')
name = payload.get('name')
status = payload.get('status')
if name and record.get('name') != name:
data['name'] = name
existed = db.collection('credentials').find_one({'name': name})
if existed:
return jsonify({
'message': 'name already existed',
'code': 134002
}), 400
if status is not None:
data['status'] = int(status)
if description:
data['description'] = description
credential_type = payload.get('type')
if credential_type:
data['type'] = credential_type
if credential_type not in allow_types:
return jsonify({
'message': 'invalid type',
'code': 134001
}), 400
body = payload.get('body')
if not body or not body.get(credential_type):
return jsonify({
'message': 'illegal credential params',
'code': 134002
}), 400
is_encrypt = Vault.is_encrypted(body[credential_type])
if not is_encrypt:
body[credential_type] = encrypt_credential(body[credential_type])
data['body'] = body
scope = payload.get('scope', 'global')
data['scope'] = scope
users = payload.get('users', [login_user.get('username')])
user_list = db.collection('users').find({'username': {'$in': users}})
user_list = list(user_list)
data['maintainer'] = []
for item in user_list:
data['maintainer'].append(item.get('username'))
Credential.update_one({'_id': record['_id']}, {'$set': data})
return jsonify({
'message': 'ok',
'code': 0,
})
def import_book_from_dir(self,
home_path,
book_id,
exclude=['*.retry'],
links=False):
bucket = []
cursor = 0
parent = home_path
book_record = Book.find_one({'_id': ObjectId(book_id)})
pattern = '|'.join(exclude).replace('*', '.*?')
for current, dirs, files in os.walk(home_path,
topdown=True,
followlinks=links):
pathname = current.replace(home_path, '') or '/'
if exclude:
match = re.search(pattern, pathname)
if match:
continue
dir_record = {
'book_id': str(book_record.get('_id')),
'path': pathname,
'is_dir': True,
'is_edit': False,
'seq_no': cursor,
'parent': None,
'created_at': int(time.time()),
}
if not current == home_path:
dir_record['parent'] = parent
meta = Workspace.get_meta(pathname=pathname)
dir_record.update(meta)
dir_record['additions'] = meta
parent = pathname
bucket.append(dir_record)
for file in files:
pathname = parent.rstrip('/') + '/' + file
if exclude:
match = re.match(pattern, pathname)
if match:
continue
cursor += 1
filename = current + '/' + file
can_edit = is_edit(filename)
file_record = dir_record.copy()
file_record['is_edit'] = can_edit
file_record['path'] = pathname
file_record['parent'] = parent
file_record['is_dir'] = False
file_record['seq_no'] = cursor
if is_edit:
with open(filename, 'r', encoding='utf-8') as fd:
file_record['content'] = fd.read()
file_record['md5'] = md5(file_record['content'])
file_record['is_encrypt'] = Vault.is_encrypted(
file_record['content'])
meta = self._get_role(file_record['path'])
file_record.update(meta)
file_record['additions'] = meta
bucket.append(file_record)
cursor += 1
is_entry = filter(lambda i: i.get('role') == 'entry', bucket)
is_entry = list(is_entry)
if not is_entry:
path = '/entry.yml'
entry = {
'book_id': str(book_record.get('_id')),
'path': path,
'is_dir': False,
'is_edit': True,
'seq_no': 0,
'content': '',
'parent': None,
'created_at': int(time.time()),
}
meta = self._get_role(path)
entry.update(meta)
entry['additions'] = meta
bucket.append(entry)
return bucket