def test_vault(self): vault = Vault('password', ':test:') vault.add_entry('TestArgon2', 'username2', 'password') print(vault.get_entries()) del vault vault2 = Vault('password', 'test.db.enc') vault2.add_entry('Test1', 'username', 'password3') print(vault2.get_entries())
def setUpClass(self): self.addr = "http://localhost:8200" self.token = "root" os.environ['VAULT_ADDR'] = self.addr os.environ['VAULT_TOKEN'] = self.token self.v = Vault(self.addr, self.token) # Setup docker self.container = docker.from_env().containers.run( 'vault', 'vault server -dev -dev-root-token-id="root" -dev-listen-address="0.0.0.0:8200"', detach=True, remove=True, name='vault', ports={'8200': '8200'}) # Wait a second for docker # Change to the provisioner directory and run it time.sleep(1) p = subprocess.Popen( ["python", "vault_api_provisioner.py", "--log=Debug"], cwd="vault-api-provisioner") p.wait()
def main(): """Entrypoint when used as an executable :returns: None """ # Initialize Logging logging.basicConfig(level=logging.DEBUG) args = get_commandline_arguments() init_logging(args) vault = Vault(os.environ["VAULT_ADDR"], args.token) secrets = vault.recursive_list(args.engine, args.vaultpath) path_depth = 0 ul_count = 0 for secret in secrets: new_path_depth = secret.count("/") if not secret.endswith("/"): new_path_depth = new_path_depth + 1 if new_path_depth > path_depth: print("<ul>") ul_count = ul_count + 1 if new_path_depth < path_depth: diff = path_depth - new_path_depth for _ in range(diff): print("</ul>") ul_count = ul_count - diff path_depth = new_path_depth ui_link = vault.path_to_ui_link(args.engine, secret) print(html_list_element(html_link(secret, ui_link))) for _ in range(ul_count): print("</ul>")
def env_file_from_vault(self): service_envs = Vault().get_service_envs(self.swarm_stack, self.service) if service_envs: out_file = open(self.env_filename, 'w') for key, value in service_envs.items(): out_file.write(f'{key}={value}\n') out_file.close() print('[INFO] Creating env file')
def log_on(self): """ Logs on to a website, using an url. First checks if the channel requires log on. If so and it's not already logged on, it should handle the log on. That part should be implemented by the specific channel. More arguments can be passed on, but must be handled by custom code. After a successful log on the self.loggedOn property is set to True and True is returned. :return: indication if the login was successful. :rtype: bool """ if self.__idToken: return True # check if there is a refresh token # refresh token: viervijfzes_refresh_token refresh_token = AddonSettings.get_setting("viervijfzes_refresh_token") client = AwsIdp("eu-west-1_dViSsKM5Y", "6s1h851s8uplco5h6mqh1jac8m", proxy=self.proxy, logger=Logger.instance()) if refresh_token: id_token = client.renew_token(refresh_token) if id_token: self.__idToken = id_token return True else: Logger.info("Extending token for VierVijfZes failed.") # username: viervijfzes_username username = AddonSettings.get_setting("viervijfzes_username") # password: viervijfzes_password v = Vault() password = v.get_setting("viervijfzes_password") if not username or not password: XbmcWrapper.show_dialog( title=None, lines=LanguageHelper.get_localized_string( LanguageHelper.MissingCredentials), ) return False id_token, refresh_token = client.authenticate(username, password) if not id_token or not refresh_token: Logger.error("Error getting a new token. Wrong password?") return False self.__idToken = id_token AddonSettings.set_setting("viervijfzes_refresh_token", refresh_token) return True
def main(): """Entrypoint when used as an executable :returns: None """ # Initialize Logging logging.basicConfig(level=logging.DEBUG) args = get_commandline_arguments() init_logging(args) vault = Vault(os.environ["VAULT_ADDR"], args.token) vault.del_userpass_user(args.user)
def main(): """Entrypoint when used as an executable :returns: None """ # Initialize Logging logging.basicConfig(level=logging.DEBUG) args = get_commandline_arguments() init_logging(args) vault = Vault(os.environ["VAULT_ADDR"], args.token) password = vault.add_user(args.firstname, args.lastname) token = vault.wrap({"password": password}) unwrap = vault.unwrap_str(token) print(unwrap)
def main(): """Entrypoint when used as an executable :returns: None """ # Initialize Logging logging.basicConfig(level=logging.DEBUG) args = get_commandline_arguments() init_logging(args) vault = Vault(os.environ["VAULT_ADDR"], args.token) if args.recursive: vault.recursive_delete(args.engine, args.vaultpath) return vault.delete(args.engine, args.vaultpath)
def LogOn(self): signatureSettings = "mediaan_signature" signatureSetting = AddonSettings.GetSetting(signatureSettings) # apiKey = "3_HZ0FtkMW_gOyKlqQzW5_0FHRC7Nd5XpXJZcDdXY4pk5eES2ZWmejRW5egwVm4ug-" # from VTM apiKey = "3_OEz9nzakKMkhPdUnz41EqSRfhJg5z9JXvS4wUORkqNf2M2c1wS81ilBgCewkot97" # from Stievie if signatureSetting and "|" not in signatureSetting: url = "https://accounts.eu1.gigya.com/accounts.getAccountInfo" data = "APIKey=%s" \ "&sdk=js_7.4.30" \ "&login_token=%s" % (apiKey, signatureSetting, ) logonData = UriHandler.Open(url, params=data, proxy=self.proxy, noCache=True) if self.__ExtractSessionData(logonData, signatureSettings): return True Logger.Warning("Failed to extend the VTM.be session.") Logger.Info("Logging onto VTM.be") v = Vault() password = v.GetSetting("mediaan_password") username = AddonSettings.GetSetting("mediaan_username") if not username or not password: XbmcWrapper.ShowDialog( title=None, lines=LanguageHelper.GetLocalizedString( LanguageHelper.MissingCredentials), # notificationType=XbmcWrapper.Error, # displayTime=5000 ) return False Logger.Debug("Using: %s / %s", username, "*" * len(password)) url = "https://accounts.eu1.gigya.com/accounts.login" data = "loginID=%s" \ "&password=%s" \ "&targetEnv=jssdk" \ "&APIKey=%s" \ "&includeSSOToken=true" \ "&authMode=cookie" % \ (HtmlEntityHelper.UrlEncode(username), HtmlEntityHelper.UrlEncode(password), apiKey) logonData = UriHandler.Open(url, params=data, proxy=self.proxy, noCache=True) return self.__ExtractSessionData(logonData, signatureSettings)
def main(self): env = sys.argv[1] stage = sys.argv[2] component = sys.argv[3] context = '' self.vaulter = Vault() configfile = "Bungeefile" while not os.path.isfile(configfile): configfile = "../" + configfile if os.path.abspath(configfile) == '/Bungeefile': raise ValueError("No Bungeefile found") self.basepath = os.path.dirname(os.path.abspath(configfile)) stream = open(configfile, 'r') tmp = yaml.safe_load(stream) envs = tmp['envs'] self.env = envs[env] self.env['name'] = env if tmp['plugins']: if tmp['plugins']['vault']: self.vaulter.envpath = tmp['plugins']['vault'][ 'path'] + '/' + env self.vaulter.component = component self.vaulter.server = tmp['plugins']['vault']['server'] if stage not in ('setup', 'deploy'): pprint("Stage '" + stage + "' not recognised") os.exit(1) if stage == 'setup': self.setup(component, env) elif stage == 'deploy': self.deploy(component, env) else: pprint( "Unrecognised stage, usage : bungee <env> <stage> <component>")
def LogOn(self): if self.__idToken: return True # check if there is a refresh token # refresh token: viervijfzes_refresh_token refreshToken = AddonSettings.GetSetting("viervijfzes_refresh_token") client = AwsIdp("eu-west-1_dViSsKM5Y", "6s1h851s8uplco5h6mqh1jac8m", proxy=self.proxy, logger=Logger.Instance()) if refreshToken: idToken = client.RenewToken(refreshToken) if idToken: self.__idToken = idToken return True else: Logger.Info("Extending token for VierVijfZes failed.") # username: viervijfzes_username username = AddonSettings.GetSetting("viervijfzes_username") # password: viervijfzes_password v = Vault() password = v.GetSetting("viervijfzes_password") if not username or not password: XbmcWrapper.ShowDialog( title=None, lines=LanguageHelper.GetLocalizedString( LanguageHelper.MissingCredentials), ) return False idToken, refreshToken = client.Authenticate(username, password) if not idToken or not refreshToken: Logger.Error("Error getting a new token. Wrong password?") return False self.__idToken = idToken AddonSettings.SetSetting("viervijfzes_refresh_token", refreshToken) return True
def LogOn(self): tokenCookie = UriHandler.GetCookie("X-VRT-Token", ".vrt.be") if tokenCookie is not None: return True username = self._GetSetting("username") if not username: return None v = Vault() password = v.GetChannelSetting(self.guid, "password") if not password: Logger.Warning("Found empty password for VRT user") Logger.Debug("Using: %s / %s", username, "*" * len(password)) url = "https://accounts.eu1.gigya.com/accounts.login" data = "loginID=%s" \ "&password=%s" \ "&targetEnv=jssdk" \ "&APIKey=3_qhEcPa5JGFROVwu5SWKqJ4mVOIkwlFNMSKwzPDAh8QZOtHqu6L4nD5Q7lk0eXOOG" \ "&includeSSOToken=true" \ "&authMode=cookie" % \ (HtmlEntityHelper.UrlEncode(username), HtmlEntityHelper.UrlEncode(password)) logonData = UriHandler.Open(url, params=data, proxy=self.proxy, noCache=True) sig, uid, timestamp = self.__ExtractSessionData(logonData) if sig is None and uid is None and timestamp is None: return False url = "https://token.vrt.be/" tokenData = '{"uid": "%s", ' \ '"uidsig": "%s", ' \ '"ts": "%s", ' \ '"fn": "VRT", "ln": "NU", ' \ '"email": "%s"}' % (uid, sig, timestamp, username) headers = {"Content-Type": "application/json", "Referer": "https://www.vrt.be/vrtnu/"} UriHandler.Open(url, params=tokenData, proxy=self.proxy, additionalHeaders=headers) return True
class TestVault(unittest.TestCase): v = Vault("http://0.0.0.0:8200", "fake token") commonIdentityResponse = dict({ "path": "", "policies": [], }) rootIdentityResponse = dict({ "path": "auth/token/root", "policies": [ "root" ], }) def test_cleanup_json(self): data = { 'a': None, 'b': '', 'c': 'c', 'd': 'd', 'e': 1, 'f': dict(a='a', b='b'), 'g': [1,2,3] } expected = { 'c': 'c', 'd': 'd', 'e': 1, 'f': dict(a='a', b='b'), 'g': [1,2,3] } self.assertEqual(self.v.cleanup_json(data), expected) def test_is_authenticated(self): # True case self.v.is_authenticated = MagicMock(return_value=True) self.assertTrue(self.v.is_authenticated()) # False case self.v.is_authenticated = MagicMock(return_value=False) self.assertFalse(self.v.is_authenticated()) def test_get_status(self): response = { "initialized": True, "sealed": False, "standby": False, "performance_standby": False, "replication_perf_mode": "disabled", "replication_dr_mode": "disabled", "server_time_utc": 1516639589, "version": "0.9.1", "cluster_name": "vault-cluster-3bd69ca2", "cluster_id": "00af5aa8-c87d-b5fc-e82e-97cd8dfaf731" } # JSON case self.v.get_status = MagicMock(return_value=response) self.assertEqual(self.v.get_status(), response) # None case self.v.get_status = MagicMock(return_value=None) self.assertIsNone(self.v.get_status()) def test_get_identity(self): self.v.get_identity = MagicMock(return_value=self.rootIdentityResponse) self.assertEqual(self.v.get_identity(), self.rootIdentityResponse) def test_is_root(self): self.v.get_identity = MagicMock(return_value=self.rootIdentityResponse) self.assertTrue(self.v.is_root()) self.v.get_identity = MagicMock(return_value=self.commonIdentityResponse) self.assertFalse(self.v.is_root()) def test_get_audit_devices(self): response = { "file": { "type": "file", "description": "Store logs in a file", "options": { "file_path": "/var/log/vault.log" } } } self.v.get_audit_devices = MagicMock(return_value=response) self.assertEqual(self.v.get_audit_devices(), response) def test_is_initialized(self): self.v.is_initialized = MagicMock(return_value=False) self.assertFalse(self.v.is_initialized()) self.v.is_initialized = MagicMock(return_value=True) self.assertTrue(self.v.is_initialized()) def test_get_policies(self): response = ["root", "my-policy"] self.v.get_policies = MagicMock(return_value=response) self.assertEqual(self.v.get_policies(), response)
def log_on(self): """ Logs on to a website, using an url. First checks if the channel requires log on. If so and it's not already logged on, it should handle the log on. That part should be implemented by the specific channel. More arguments can be passed on, but must be handled by custom code. After a successful log on the self.loggedOn property is set to True and True is returned. :return: indication if the login was successful. :rtype: bool """ api_key = "3_qhEcPa5JGFROVwu5SWKqJ4mVOIkwlFNMSKwzPDAh8QZOtHqu6L4nD5Q7lk0eXOOG" # Do we still have a valid short living token (1 hour)? If so, we have an active session. short_login_cookie = UriHandler.get_cookie("X-VRT-Token", ".vrt.be") if short_login_cookie is not None: # The old X-VRT-Token expired after 1 year. We don't want that old cookie short_login_cookie_can_live_too_long = \ DateHelper.get_date_from_posix(short_login_cookie.expires) > datetime.datetime.now() + datetime.timedelta(hours=4) if not short_login_cookie_can_live_too_long: Logger.debug("Using existing VRT.be session.") return True # Do we still have a valid long living token? If so, try to extend the session. We need the # original UIDSignature value for that. The 'vrtlogin-rt' and all other related cookies # are valid for a same period (1 year). long_login_cookie = UriHandler.get_cookie("vrtlogin-rt", ".vrt.be") if long_login_cookie is not None: # if we stored a valid user signature, we can use it, together with the 'gmid' and # 'ucid' cookies to extend the session and get new token data data = UriHandler.open("https://token.vrt.be/refreshtoken", proxy=self.proxy, no_cache=True) if "vrtnutoken" in data: Logger.debug("Refreshed the VRT.be session.") return True Logger.warning("Failed to extend the VRT.be session.") username = self._get_setting("username") if not username: Logger.warning("No username configured for VRT.nu") return None v = Vault() password = v.get_channel_setting(self.guid, "password") if not password: Logger.warning("Found empty password for VRT user") # Get a 'gmid' and 'ucid' cookie by logging in. Valid for 10 years Logger.debug("Using: %s / %s", username, "*" * len(password)) url = "https://accounts.vrt.be/accounts.login" data = { "loginID": username, "password": password, "sessionExpiration": "-1", "targetEnv": "jssdk", "include": "profile,data,emails,subscriptions,preferences,", "includeUserInfo": "true", "loginMode": "standard", "lang": "nl-inf", "APIKey": api_key, "source": "showScreenSet", "sdk": "js_latest", "authMode": "cookie", "format": "json" } logon_data = UriHandler.open(url, data=data, proxy=self.proxy, no_cache=True) user_id, signature, signature_time_stamp = self.__extract_session_data( logon_data) if user_id is None or signature is None or signature_time_stamp is None: return False # We need to initialize the token retrieval which will redirect to the actual token UriHandler.open( "https://token.vrt.be/vrtnuinitlogin?provider=site&destination=https://www.vrt.be/vrtnu/", proxy=self.proxy, no_cache=True) # Now get the actual VRT tokens (X-VRT-Token....). Valid for 1 hour. So we call the actual # perform_login url which will redirect and get cookies. token_data = { "UID": user_id, "UIDSignature": signature, "signatureTimestamp": signature_time_stamp, "client_id": "vrtnu-site", "submit": "submit" } UriHandler.open("https://login.vrt.be/perform_login", proxy=self.proxy, data=token_data, no_cache=True) return True
import unittest import sys sys.path.append("../lib") from vault import Vault DEFAULT_VAULT_ADDR = "http://127.0.0.1:8200" vault = Vault(DEFAULT_VAULT_ADDR) class VaultTest(unittest.TestCase): def __init__(self, *args, **kwargs): super(VaultTest, self).__init__(*args, **kwargs) self.engine_name = "test_create_engine" self.key_name = "test_key" self.k_v = [["key1"], ["value1"]] def test_create_engine(self): resStatus = vault.create_engine(self.engine_name) self.assertEqual(resStatus, 204) def test_create_key(self): resStatus = vault.create_key(self.engine_name, self.key_name, self.k_v[0], self.k_v[1]) self.assertEqual(resStatus, 204) def test_get_key(self): resKey = vault.get_key(self.engine_name, self.key_name)[0] self.assertEqual(resKey, [self.k_v[0][0], self.k_v[1][0]])
asset=transfer_asset, inputs=transfer_input, recipients=self.bigchain_keys['public_key'], metadata=metadata ) signed = bdb.transactions.fulfill( prepared_tx, private_keys=self.bigchain_keys['private_key'] ) tx = bdb.transactions.send_commit(signed) return tx if __name__ =='__main__': vault = Vault(config) vault.setup() user = User('pratik', 'doctor', '12345678') # print(user.write_record("sadaedeafefef", {"description": "get allah....lamo"})) # transfer = user.transfer_record(asset="get allah....lamo", doclist=['ajacku']) # print(transfer) # asset = user.get_assets("get allah....lamo") # tx = user.get_transactions(id=asset[0]['id']) # print(tx[-1]) #print(user.get_single_asset(id='d7ac1bb86f149f48b8b291f822867d55423a3e1204a1b2ccf8fd9c6389c53484')) # print(user.get_transactions(id='ca9b52f9f80ef3e2371be172be43f95655d150a93b576cbc5ff09f3a74674b9a')) #print(user.get_single_file('abdullahhh'))
def get_vault(self, name): """ Returns a Vault instance """ return Vault(name, self)
def __init__(self, addon_name, params, handle=0): # NOSONAR complexity """ Initialises the plugin with given arguments. :param str addon_name: The add-on name. :param str params: The input parameters from the query string. :param int handle: The Kodi directory handle. """ Logger.info("******** Starting %s add-on version %s/repo *********", Config.appName, Config.version) # noinspection PyTypeChecker self.handle = int(handle) super(Plugin, self).__init__(addon_name, params) Logger.debug( "Plugin Params: %s (%s)\n" "Handle: %s\n" "Name: %s\n" "Query: %s", self.params, len(self.params), self.handle, self.pluginName, params) # channel objects self.channelObject = None self.channelFile = "" self.channelCode = None self.contentType = "episodes" self.methodContainer = dict( ) # : storage for the inspect.getmembers(channel) method. Improves performance # are we in session? session_active = SessionHelper.is_session_active(Logger.instance()) # fetch some environment settings env_ctrl = envcontroller.EnvController(Logger.instance()) if not session_active: # do add-on start stuff Logger.info("Add-On start detected. Performing startup actions.") # print the folder structure env_ctrl.print_retrospect_settings_and_folders( Config, AddonSettings) # show notification XbmcWrapper.show_notification(None, LanguageHelper.get_localized_string( LanguageHelper.StartingAddonId) % (Config.appName, ), fallback=False, logger=Logger) # check for updates. Using local import for performance from updater import Updater up = Updater(Config.updateUrl, Config.version, UriHandler.instance(), Logger.instance(), AddonSettings.get_release_track()) if up.is_new_version_available(): Logger.info("Found new version online: %s vs %s", up.currentVersion, up.onlineVersion) notification = LanguageHelper.get_localized_string( LanguageHelper.NewVersion2Id) notification = notification % (Config.appName, up.onlineVersion) XbmcWrapper.show_notification(None, lines=notification, display_time=20000) # check for cache folder env_ctrl.cache_check() # do some cache cleanup env_ctrl.cache_clean_up(Config.cacheDir, Config.cacheValidTime) # create a session SessionHelper.create_session(Logger.instance()) #=============================================================================== # Start the plugin version of progwindow #=============================================================================== if len(self.params) == 0: # Show initial start if not in a session # now show the list if AddonSettings.show_categories(): self.show_categories() else: self.show_channel_list() #=============================================================================== # Start the plugin verion of the episode window #=============================================================================== else: # Determine what stage we are in. Check that there are more than 2 Parameters if len(self.params) > 1 and self.keywordChannel in self.params: # retrieve channel characteristics self.channelFile = os.path.splitext( self.params[self.keywordChannel])[0] self.channelCode = self.params[self.keywordChannelCode] Logger.debug( "Found Channel data in URL: channel='%s', code='%s'", self.channelFile, self.channelCode) # import the channel channel_register = ChannelIndex.get_register() channel = channel_register.get_channel(self.channelFile, self.channelCode) if channel is not None: self.channelObject = channel else: Logger.critical( "None or more than one channels were found, unable to continue." ) return # init the channel as plugin self.channelObject.init_channel() Logger.info("Loaded: %s", self.channelObject.channelName) elif self.keywordCategory in self.params \ or self.keywordAction in self.params and ( self.params[self.keywordAction] == self.actionAllFavourites or self.params[self.keywordAction] == self.actionRemoveFavourite): # no channel needed for these favourites actions. pass # =============================================================================== # Vault Actions # =============================================================================== elif self.keywordAction in self.params and \ self.params[self.keywordAction] in \ ( self.actionSetEncryptedValue, self.actionSetEncryptionPin, self.actionResetVault ): try: # Import vault here, as it is only used here or in a channel # that supports it from vault import Vault action = self.params[self.keywordAction] if action == self.actionResetVault: Vault.reset() return v = Vault() if action == self.actionSetEncryptionPin: v.change_pin() elif action == self.actionSetEncryptedValue: v.set_setting( self.params[self.keywordSettingId], self.params.get(self.keywordSettingName, ""), self.params.get(self.keywordSettingActionId, None)) finally: if self.keywordSettingTabFocus in self.params: AddonSettings.show_settings( self.params[self.keywordSettingTabFocus], self.params.get(self.keywordSettingSettingFocus, None)) return elif self.keywordAction in self.params and \ self.actionPostLog in self.params[self.keywordAction]: self.__send_log() return elif self.keywordAction in self.params and \ self.actionProxy in self.params[self.keywordAction]: # do this here to not close the busy dialog on the SetProxy when # a confirm box is shown title = LanguageHelper.get_localized_string( LanguageHelper.ProxyChangeConfirmTitle) content = LanguageHelper.get_localized_string( LanguageHelper.ProxyChangeConfirm) if not XbmcWrapper.show_yes_no(title, content): Logger.warning( "Stopping proxy update due to user intervention") return language = self.params.get(self.keywordLanguage, None) proxy_id = self.params.get(self.keywordProxy, None) local_ip = self.params.get(self.keywordLocalIP, None) self.__set_proxy(language, proxy_id, local_ip) return else: Logger.critical("Error determining Plugin action") return #=============================================================================== # See what needs to be done. #=============================================================================== if self.keywordAction not in self.params: Logger.critical( "Action parameters missing from request. Parameters=%s", self.params) return elif self.params[self.keywordAction] == self.actionListCategory: self.show_channel_list(self.params[self.keywordCategory]) elif self.params[ self.keywordAction] == self.actionConfigureChannel: self.__configure_channel(self.channelObject) elif self.params[self.keywordAction] == self.actionFavourites: # we should show the favourites self.show_favourites(self.channelObject) elif self.params[self.keywordAction] == self.actionAllFavourites: self.show_favourites(None) elif self.params[self.keywordAction] == self.actionListFolder: # channelName and URL is present, Parse the folder self.process_folder_list() elif self.params[self.keywordAction] == self.actionPlayVideo: self.play_video_item() elif not self.params[self.keywordAction] == "": self.on_action_from_context_menu( self.params[self.keywordAction]) else: Logger.warning( "Number of parameters (%s) or parameter (%s) values not implemented", len(self.params), self.params) self.__fetch_textures() return
def setUp(self): self.vault = Vault(':memory:') self.vault.nuke_table()
) docs.append(packer) # Terraform terraform_config = config["terraform"] terraform = Terraform( path=terraform_config["path"], repository_path=terraform_config["repository_path"], git_url=terraform_config["git_url"] ) docs.append(terraform) # Vault vault_config = config["vault"] vault = Vault( path=vault_config["path"], repository_path=vault_config["repository_path"], git_url=vault_config["git_url"], minimum_version=vault_config["minimum_version"] ) docs.append(vault) # Start processing. for doc in docs: # Update documentation. updates = doc.update() # Add new versions. dash.add_versions(doc_name=doc.name, versions=updates)
import argparse vault_addr = os.environ[ 'VAULT_ADDR'] if 'VAULT_ADDR' in os.environ else "http://127.0.0.1:8200" parser = argparse.ArgumentParser(description="Vault - Password Manager") parser.add_argument("command", help="get or create or createengine") parser.add_argument("--env", required=True, help="dev, qac,.. ") parser.add_argument("--key", required=False, help="google, aws,..") parser.add_argument("--kv", nargs="+", required=False, help="key1=value1 key2=value2") args = parser.parse_args() vault = Vault(vault_addr) if args.command == "get": vault.get_key(args.env, args.key) elif args.command == "createengine": vault.create_engine(args.env) elif args.command == "create": k = [] v = [] for item in args.kv: item = item.split("=") k.append(item[0]) v.append(item[1]) vault.create_key(args.env, args.key, k, v) elif args.command == "unseal": vault.unseal() else:
def __init__(self): """ initialize and check configuration """ # rancher api service self.rancher_api_url=os.getenv('AUTOFW_RANCHER_API_URL','') self.rancher_api_key=os.getenv('AUTOFW_RANCHER_API_KEY','') self.rancher_api_secret=os.getenv('AUTOFW_RANCHER_API_SECRET','') # we use paramiko to access the ssh interface of the mikrotik # router. (with username and password) self.mikrotik_user=os.getenv('AUTOFW_MIKROTIK_USER','') self.mikrotik_pass=os.getenv('AUTOFW_MIKROTIK_PASS','') # mikrotik network config self.mikrotik_address=os.getenv('AUTOFW_MIKROTIK_ADDRESS','') self.mikrotik_ssh_port=os.getenv('AUTOFW_MIKROTIK_SSH_PORT','22') # approle key and secret id for vault self.vault_server=os.getenv('AUTOFW_VAULT_SERVER','') self.vault_role_id=os.getenv('AUTOFW_VAULT_ROLE_ID','') self.vault_secret_id=os.getenv('AUTOFW_VAULT_SECRET_ID','') # if all three values are specified we try to load the credentials for the # rancher api and the mikrotik firewall from the vault if self.vault_server and self.vault_role_id and self.vault_secret_id: try: # load the vault vault = Vault(self.vault_server, role_id=self.vault_role_id, secret_id=self.vault_secret_id) vault.request_access_token() # now load the different config values (if they exist) try: self.rancher_api_key = vault.retrieve_secret('rancher/api/home/autofw','key') except: pass try: self.rancher_api_secret = vault.retrieve_secret('rancher/api/home/autofw','secret') except: pass try: self.mikrotik_user = vault.retrieve_secret('mikrotik/autofw','username') except: pass try: self.mikrotik_pass = vault.retrieve_secret('mikrotik/autofw','password') except: pass except: pass self.rancher_api_key rancher/api/home/autofw # if no mikrotik address or no mikrotik credentials are specified # raise an error if not self.mikrotik_address or not self.mikrotik_user or not self.mikrotik_pass: raise Exception('Invalid Mikrotik Configuration') # if no rancher api config was given raise an error if not self.rancher_api_url or not self.rancher_api_key or not self.rancher_api_secret: raise Exception('Invalid Rancher Configuration') # docker labels for config # only check running containers? self.docker_check_running=os.getenv('AUTOFW_DOCKER_CHECK_RUNNING','true') # whats the container label which activates or disables the automatic fw settings self.docker_label_enable=os.getenv('AUTOFW_DOCKER_LABEL_ENABLE','cloud.hutter.autofw.enable') # nat lables # whats the label defining the nat rules self.docker_label_dstnat=os.getenv('AUTOFW_DOCKER_LABEL_NAT','cloud.hutter.autofw.ip.firewall.dstnat') # label for additional comment self.docker_label_dstnat_comment=os.getenv('AUTOFW_DOCKER_LABEL_NAT_COMMENT','cloud.hutter.autofw.ip.firewall.dstnat.comment') # dns labels # whats the label which holds the dns names self.docker_label_staticdns=os.getenv('AUTOFW_DOCKER_LABEL_DNS','cloud.hutter.autofw.ip.dns.static') self.docker_label_staticdns_comment=os.getenv('AUTOFW_DOCKER_LABEL_DNS_COMMENT','cloud.hutter.autofw.ip.dns.static.comment') # the comment which is used to filter for firewall rules self.mikrotik_comment=os.getenv('AUTOFW_MIKROTIK_COMMENT','generated by autofw') # loglevel self.loglevel = os.getenv('AUTOFW_LOGLEVEL','info') # time in seconds between runs self.schedule = os.getenv('AUTOFW_SCHEDULE','10')
def LogOn(self): """ Makes sure that we are logged on. """ username = self._GetSetting("username") if not username: Logger.Info("No user name for NPO, not logging in") return False # cookieValue = self._GetSetting("cookie") cookie = UriHandler.GetCookie("isAuthenticatedUser", "www.npo.nl") if cookie: expireDate = DateHelper.GetDateFromPosix(float(cookie.expires)) Logger.Info("Found existing valid NPO token (valid until: %s)", expireDate) return True v = Vault() password = v.GetChannelSetting(self.guid, "password") # get a token (why?), cookies and an xsrf token token = UriHandler.Open("https://www.npo.nl/api/token", proxy=self.proxy, noCache=True, additionalHeaders={"X-Requested-With": "XMLHttpRequest"}) jsonToken = JsonHelper(token) token = jsonToken.GetValue("token") if not token: return False xsrfToken = UriHandler.GetCookie("XSRF-TOKEN", "www.npo.nl").value xsrfToken = HtmlEntityHelper.UrlDecode(xsrfToken) data = "username=%s&password=%s" % (HtmlEntityHelper.UrlEncode(username), HtmlEntityHelper.UrlEncode(password)) UriHandler.Open("https://www.npo.nl/api/login", proxy=self.proxy, noCache=True, additionalHeaders={ "X-Requested-With": "XMLHttpRequest", "X-XSRF-TOKEN": xsrfToken }, params=data) # token = Regexer.DoRegex('name="authenticity_token"[^>]+value="([^"]+)"', tokenData)[0] # # # login: https://mijn.npo.nl/sessions POST # # utf8=%E2%9C%93&authenticity_token=<token>&email=<username>&password=<password>&remember_me=1&commit=Inloggen # postData = { # "token": HtmlEntityHelper.UrlEncode(token), # "email": HtmlEntityHelper.UrlEncode(username), # "password": HtmlEntityHelper.UrlEncode(password) # } # postData = "utf8=%%E2%%9C%%93&authenticity_token=%(token)s&email=%(email)s&" \ # "password=%(password)s&remember_me=1&commit=Inloggen" % postData # data = UriHandler.Open("https://mijn.npo.nl/sessions", noCache=True, proxy=self.proxy, # params=postData) # if not data: # Logger.Error("Error logging in: no response data") # return False # # # extract the cookie and store # authCookie = UriHandler.GetCookie("npo_portal_auth_token", ".mijn.npo.nl") # if not authCookie: # Logger.Error("Error logging in: Cookie not found.") # return False # The cookie should already be in the jar now return True