Exemplo n.º 1
0
    def prep_nova_creds(self):
        """
        Finds relevant config options in the supernova config and cleans them
        up for novaclient.
        """
        self.check_deprecated_options()
        raw_creds = self.get_nova_creds().items(self.nova_env)
        nova_re = re.compile(r"(^nova_|^os_|^novaclient|^trove_)")

        creds = []
        for param, value in raw_creds:

            # Skip parameters we're unfamiliar with
            if not nova_re.match(param):
                continue

            param = param.upper()

            # Get values from the keyring if we find a USE_KEYRING constant
            if value.startswith("USE_KEYRING"):
                rex = "USE_KEYRING\[([\x27\x22])(.*)\\1\]"
                if value == "USE_KEYRING":
                    username = "******" % (self.nova_env, param)
                else:
                    global_identifier = re.match(rex, value).group(2)
                    username = "******" % ('global', global_identifier)
                credential = credentials.password_get(username)
            else:
                credential = value.strip("\"'")

            # Make sure we got something valid from the configuration file or
            # the keyring
            if not credential:
                msg = """
While connecting to %s, supernova attempted to retrieve a credential
for %s but couldn't find it within the keyring.  If you haven't stored
credentials for %s yet, try running:

    supernova-keyring -s %s
""" % (self.nova_env, username, username, ' '.join(username.split(':')))
                print msg
                sys.exit(1)

            creds.append((param, credential))

        return creds
Exemplo n.º 2
0
def run_supernova_keyring():
    """
    Handles all of the prep work and error checking for the
    supernova-keyring executable.
    """
    s = supernova.SuperNova()
    parser = argparse.ArgumentParser()
    group = parser.add_mutually_exclusive_group(required=True)
    group.add_argument(
        "-g", "--get", action="store_true", dest="get_password", help="retrieves credentials from keychain storage"
    )
    group.add_argument(
        "-s", "--set", action="store_true", dest="set_password", help="stores credentials in keychain storage"
    )
    parser.add_argument("env", help="environment to set parameter in")
    parser.add_argument("parameter", help="parameter to set")
    args = parser.parse_args()

    username = "******" % (args.env, args.parameter)

    if args.set_password:
        print "[%s] Preparing to set a password in the keyring for:" % (gwrap("Keyring operation"))
        print "  - Environment  : %s" % args.env
        print "  - Parameter    : %s" % args.parameter
        print "\n  If this is correct, enter the corresponding credential " "to store in \n  your keyring or press CTRL-D to abort: ",

        # Prompt for a password and catch a CTRL-D
        try:
            password = getpass.getpass("")
        except:
            password = None
            print

        # Did we get a password from the prompt?
        if not password or len(password) < 1:
            print "\n[%s] No data was altered in your keyring." % (rwrap("Canceled"))
            sys.exit()

        # Try to store the password
        try:
            store_ok = credentials.password_set(username, password)
        except:
            store_ok = False

        if store_ok:
            print "\n[%s] Successfully stored credentials for %s under the " "supernova service." % (
                gwrap("Success"),
                username,
            )
        else:
            print "\n[%s] Unable to store credentials for %s under the " "supernova service." % (
                rwrap("Failed"),
                username,
            )

        sys.exit()

    if args.get_password:
        print "[%s] If this operation is successful, the credential " "stored \nfor %s will be displayed in your terminal as " "plain text." % (
            rwrap("Warning"),
            username,
        )
        print "\nIf you really want to proceed, type yes and press enter:",
        confirm = raw_input("")

        if confirm != "yes":
            print "\n[%s] Your keyring was not read or altered." % (rwrap("Canceled"))
            sys.exit()

        try:
            password = credentials.password_get(username)
        except:
            password = None

        if password:
            print "\n[%s] Found credentials for %s: %s" % (gwrap("Success"), username, password)
        else:
            print "\n[%s] Unable to retrieve credentials for %s.\nThere are " "probably no credentials stored for this environment/" "parameter combination (try --set)." % (
                rwrap("Failed"),
                username,
            )
            sys.exit(1)