def validate_users_gpg_key(users):
ok = True
settings = queries.get_app_interface_settings()
smtp_client = SmtpClient(settings=settings)
for user in users:
public_gpg_key = user.get('public_gpg_key')
if public_gpg_key:
recipient = smtp_client.get_recipient(user['org_username'])
try:
gpg_key_valid(public_gpg_key, recipient)
except ValueError as e:
msg = \
'invalid public gpg key for user {}: {}'.format(
user['org_username'], str(e))
logging.error(msg)
ok = False
return ok
def collect_queries(query_name=None, settings=None):
"""
Consults the app-interface and constructs the list of queries
to be executed.
:param query_name: (optional) query to look for
:param settings: App Interface settings
:return: List of queries dictionaries
"""
queries_list = []
# Items to be either overridden ot taken from the k8s secret
db_conn_items = {
"db.host": None,
"db.name": None,
"db.password": None,
"db.port": None,
"db.user": None,
}
sql_queries = queries.get_app_interface_sql_queries()
for sql_query in sql_queries:
name = sql_query["name"]
for existing in queries_list:
if existing["name"] == name:
logging.error(["SQL-Query %s defined more than once"], name)
sys.exit(ExitCodes.ERROR)
# Looking for a specific query
if query_name is not None:
if name != query_name:
continue
namespace = sql_query["namespace"]
identifier = sql_query["identifier"]
# Due to an API limitation, the keys are coming with underscore
# instead of period, so we are using this unpacking routine
# to also replace "_" by "." in the keys
if sql_query["overrides"] is not None:
overrides = {
key.replace("_", "."): value
for key, value in sql_query["overrides"].items()
if value is not None
}
else:
overrides = {}
# Merging the overrides. Values that are still None after this
# will be taken from the k8s secret on template rendering
db_conn = {**db_conn_items, **overrides}
# Output can be:
# - stdout
# - filesystem
# - encrypted
output = sql_query["output"]
if output is None:
output = "stdout"
elif output == "encrypted":
requestor = sql_query.get("requestor")
if requestor is None:
logging.error(
"a requestor is required to get encrypted output")
sys.exit(ExitCodes.ERROR)
public_gpg_key = requestor.get("public_gpg_key")
user_name = requestor.get("org_username")
if public_gpg_key is None:
logging.error(["user %s does not have a public gpg key"],
user_name)
sys.exit(ExitCodes.ERROR)
# Extracting the terraformResources information from the namespace
# fo the given identifier
tf_resource_info = get_tf_resource_info(namespace, identifier)
if tf_resource_info is None:
logging.error(
["Could not find rds identifier %s in namespace %s"],
identifier,
namespace["name"],
)
sys.exit(ExitCodes.ERROR)
sql_queries = []
if sql_query["query"] is not None:
sql_queries.append(sql_query["query"])
if sql_query["queries"] is not None:
sql_queries.extend(sql_query["queries"])
sql_queries = [item.replace("'", "''") for item in sql_queries]
# building up the final query dictionary
item = {
"name": name,
"namespace": namespace,
"identifier": sql_query["identifier"],
"db_conn": db_conn,
"output": output,
"queries": sql_queries,
**tf_resource_info,
}
if output == "encrypted":
smtp_client = SmtpClient(settings=settings)
item["recipient"] = smtp_client.get_recipient(
sql_query["requestor"]["org_username"])
item["public_gpg_key"] = sql_query["requestor"][
"public_gpg_key"].replace("\n", "")
# If schedule is defined
# this should be a CronJob
schedule = sql_query.get("schedule")
if schedule:
item["schedule"] = schedule
queries_list.append(item)
return queries_list