def validate_arguments(): val_data = get_validation_data() useLocalAuth = False if 'useLocalAuth' in val_data: useLocalAuth = val_data['useLocalAuth'].lower() if useLocalAuth == "true" or useLocalAuth == "t": useLocalAuth = True if val_data['srcURL'] != "https://localhost:8089": print_error( "Expected srcURL of https://localhost:8089 since useLocalAuth=True" ) sys.exit(1) elif useLocalAuth == "false" or useLocalAuth == "f": useLocalAuth = False else: print_error( "useLocalAuth argument should be true or false, invalid config" ) sys.exit(2) #If we're not using the useLocalAuth we must have a username/password to work with if not useLocalAuth and ('srcUsername' not in val_data or 'srcPassword' not in val_data): print_error( "useLocalAuth is not set to true and srcUsername/srcPassword not set, invalid config" ) sys.exit(3) appName = "SplunkVersionControl" if 'remoteAppName' in val_data: appName = val_data['remoteAppName'] #Run a sanity check and make sure we can connect into the remote Splunk instance if not useLocalAuth: url = val_data[ 'srcURL'] + "/servicesNS/nobody/%s/search/jobs/export?search=makeresults" % ( appName) #Verify=false is hardcoded to workaround local SSL issues srcUsername = val_data['srcUsername'] srcPassword = val_data['srcPassword'] try: logger.debug("Running query against URL %s with username %s" % (url, srcUsername)) res = requests.get(url, auth=(srcUsername, srcPassword), verify=False) logger.debug("End query against URL %s with username %s" % (url, srcUsername)) if (res.status_code != requests.codes.ok): print_error( "Attempt to validate access to Splunk failed with code %s, reason %s, text %s, on URL %s" % (res.status_code, res.reason, res.text, url)) sys.exit(4) except requests.exceptions.RequestException as e: print_error( "Attempt to validate access to Splunk failed with error %s" % (e)) sys.exit(5) gitRepoURL = val_data['gitRepoURL'] (stdout, stderr, res) = runOSProcess(["git ls-remote %s" % (gitRepoURL)], logger) #If we didn't manage to ls-remote perhaps we just need to trust the fingerprint / this is the first run? if res == False: (stdout, stderrout, res) = runOSProcess( "ssh -n -o \"BatchMode yes\" -o StrictHostKeyChecking=no " + gitRepoURL[:gitRepoURL.find(":")], logger) (stdout, stderr, res) = runOSProcess(["git ls-remote %s" % (gitRepoURL)], logger) if res == False: print_error( "Failed to validate the git repo URL, stdout of '%s', stderr of '%s'" % (stdout, stderr)) sys.exit(6)
def validate_arguments(): val_data = get_validation_data() if 'debugMode' in val_data: debugMode = val_data['debugMode'].lower() if debugMode == "true" or debugMode == "t": logging.getLogger().setLevel(logging.DEBUG) useLocalAuth = False if 'useLocalAuth' in val_data: useLocalAuth = val_data['useLocalAuth'].lower() if useLocalAuth == "true" or useLocalAuth == "t": useLocalAuth = True logger.debug("useLocalAuth enabled") if val_data['destURL'] != "https://*****:*****@") logger.debug( "Attempting to replace proxy=%s by subsituting=%s with a password" % (proxies['https'], proxies['https'][start:end])) temp_password = get_password(proxies['https'][start:end], session_key, logger) proxies['https'] = proxies['https'][ 0:start - 9] + temp_password + proxies['https'][end:] try: logger.debug( "Running query against URL %s with username %s proxies_length=%s" % (url, destUsername, len(proxies), sslVerify)) res = requests.get(url, auth=(destUsername, destPassword), verify=sslVerify, proxies=proxies) logger.debug("End query against URL %s with username %s" % (url, destUsername)) if (res.status_code != requests.codes.ok): print_error( "Attempt to validate access to Splunk failed with code %s, reason %s, text %s on URL %s" % (res.status_code, res.reason, res.text, url)) sys.exit(1) except requests.exceptions.RequestException as e: print_error( "Attempt to validate access to Splunk failed with error %s" % (e)) sys.exit(1) gitRepoURL = val_data['gitRepoURL'] if 'git_command' in val_data: git_command = val_data['git_command'].strip() logger.debug("Overriding git command to %s" % (git_command)) else: git_command = "git" if 'ssh_command' in val_data: ssh_command = val_data['ssh_command'].strip() logger.debug("Overriding ssh command to %s" % (ssh_command)) else: ssh_command = "ssh" (stdout, stderr, res) = runOSProcess("%s ls-remote %s" % (git_command, gitRepoURL), logger) #If we didn't manage to ls-remote perhaps we just need to trust the fingerprint / this is the first run? if res == False: (stdout, stderrout, res) = runOSProcess( ssh_command + " -n -o \"BatchMode yes\" -o StrictHostKeyChecking=no " + gitRepoURL[:gitRepoURL.find(":")], logger) (stdout, stderr, res) = runOSProcess("%s ls-remote %s" % (git_command), logger) if res == False: print_error( "Failed to validate the git repo URL, stdout of '%s', stderr of '%s'" % (stdout, stderr)) sys.exit(1)
def validate_arguments(): val_data = get_validation_data() if 'debugMode' in val_data: debugMode = val_data['debugMode'].lower() if debugMode == "true" or debugMode == "t" or debugMode == "1": logging.getLogger().setLevel(logging.DEBUG) session_key = val_data['session_key'] useLocalAuth = False if 'useLocalAuth' in val_data: useLocalAuth = val_data['useLocalAuth'].lower() if useLocalAuth == "true" or useLocalAuth == "t" or useLocalAuth == "1": useLocalAuth = True logger.debug("useLocalAuth enabled") if val_data['srcURL'] != "https://*****:*****@") logger.debug( "Attempting to replace proxy=%s by subsituting=%s with a password" % (proxies['https'], proxies['https'][start:end])) temp_password = get_password(proxies['https'][start:end], session_key, logger) proxies['https'] = proxies['https'][ 0:start - 9] + temp_password + proxies['https'][end:] try: logger.debug( "Running query against URL %s with username %s proxies_length=%s sslVerify=%s" % (url, srcUsername, len(proxies), sslVerify)) res = requests.get(url, auth=(srcUsername, srcPassword), verify=sslVerify, proxies=proxies) logger.debug("End query against URL %s with username %s" % (url, srcUsername)) if (res.status_code != requests.codes.ok): print_error( "Attempt to validate access to Splunk failed with code %s, reason %s, text %s, on URL %s" % (res.status_code, res.reason, res.text, url)) sys.exit(4) except requests.exceptions.RequestException as e: print_error( "Attempt to validate access to Splunk failed with error %s" % (e)) sys.exit(5) gitRepoURL = val_data['gitRepoURL'] proxy_command = "" git_password = False if gitRepoURL.find("http") == 0: gitRepoHTTP = True if gitRepoURL.find("password:"******"password:"******"@") logger.debug( "Attempting to replace gitRepoURL=%s by subsituting=%s with a password" % (gitRepoURL, gitRepoURL[start:end])) git_password = get_password(gitRepoURL[start:end], session_key, logger) gitRepoURL = gitRepoURL[0:start - 9] + git_password + gitRepoURL[end:] else: gitRepoHTTP = False git_proxies = {} if 'git_proxy' in val_data: git_proxies["https"] = val_data['git_proxy'] if git_proxies['https'].find("password:"******"password:"******"@") logger.debug( "Attempting to replace git_proxy=%s by subsituting=%s with a password" % (git_proxies['https'], git_proxies['https'][start:end])) temp_password = get_password(git_proxies['https'][start:end], session_key, logger) git_proxies['https'] = git_proxies['https'][ 0:start - 9] + temp_password + git_proxies['https'][end:] if gitRepoHTTP and len(git_proxies) > 0: logger.debug( "Adding environment variable HTTPS_PROXY before git commands") proxy_command = "HTTPS_PROXY=" + git_proxies["https"] if platform.system() == "Windows": proxy_command = "set " + proxy_command + " & " else: proxy_command = "export " + proxy_command + " ; " show_passwords = False if 'show_passwords' in val_data: if val_data['show_passwords'].lower( ) == 'true' or val_data['show_passwords'] == "1": show_passwords = True logger.debug('show_passwords is now true due to show_passwords: ' + val_data['show_passwords']) (stdout, stderr, res) = runOSProcess( "%s %s ls-remote %s" % (proxy_command, git_command, gitRepoURL), logger, shell=True) #If we didn't manage to ls-remote perhaps we just need to trust the fingerprint / this is the first run? if res == False and not gitRepoHTTP: if not show_passwords and git_password: stdout = stdout.replace(git_password, "password_removed") stderr = stderr.replace(git_password, "password_removed") logger.error("Possible first run trying again" % (stdout, stderr)) (stdout, stderrout, res) = runOSProcess( ssh_command + " -n -o \"BatchMode yes\" -o StrictHostKeyChecking=no " + gitRepoURL[:gitRepoURL.find(":")], logger) (stdout, stderr, res) = runOSProcess("%s ls-remote %s" % (git_command, gitRepoURL), logger) if res == False: if not show_passwords and git_password: stdout = stdout.replace(git_password, "password_removed") stderr = stderr.replace(git_password, "password_removed") print_error( "Failed to validate the git repo URL, stdout of '%s', stderr of '%s'" % (stdout, stderr)) logger.error( "Failed to validate the git repo URL, stdout of '%s', stderr of '%s'" % (stdout, stderr)) sys.exit(6)