Exemplo n.º 1
0
def credstash_getall(args):
    if args.verbose:
        print('fetching your secrets from "{table}" '
              '(Credstash is slow, this may take a few minutes...)'.format(
                  table=args.src_table))
    session_params = credstash.get_session_params(None, None)
    secrets = credstash.getAllSecrets('',
                                      region=args.region,
                                      table=args.src_table,
                                      **session_params)
    return secrets
Exemplo n.º 2
0
def credstash_getall(args):
    """ Returns an object containing all your Credstash secrets from `args.table`. """
    # https://github.com/fugue/credstash/blob/master/credstash.py#L297
    if args.verbose:
        print('fetching your secrets from "{table}" '
              '(Credstash is slow, this may take a few minutes...)'.format(table=args.table))
    session_params = credstash.get_session_params(None, None)
    secrets = credstash.getAllSecrets('',
                                      region=args.region,
                                      table=args.table,
                                      **session_params)
    return secrets
Exemplo n.º 3
0
def query():
    json = app.current_request.query_params
    try:
        token = json.pop('token')
        response_url = json.pop('response_url')
    except KeyError:
        logger.info(json)
        logger.info('external request')
    logger.info(json)

    env = app.current_request.to_dict()['context']['stage']
    config = credstash.getAllSecrets(context={'env': env, 'app': 'confluence'})
    if not _is_authenticated_slack(token, **config):
        return {'text': 'Sorry, {} only works in Slack!'
                ''.format(json['command'])}

    _greet(response_url)
    cql = json['text']
    config = credstash.getAllSecrets(context={'env': 'dev', 'app': 'confluence'})

    result = _process(cql, **config)
    payload = dumps({"response_type": "in_channel", "text": result })
    requests.post(response_url, data=payload)
Exemplo n.º 4
0
def find_secrets(env_file=None, credstash_table=None, allowed_keys=None,
                 region=None, verbose=1):
    secrets = Secrets()  # unprintable dict

    # Fill with credstash secrets
    if credstash_table:
        import credstash
        region = region or _region_from_credstash_tablename(credstash_table)
        if verbose > 0:
            print("Fetching secrets from {table}...".format(table=credstash_table))
        new_secrets = credstash.getAllSecrets(table=credstash_table, region=region)
        new_secrets = filter_dict(new_secrets, allowed_keys=allowed_keys)
        secrets.update(new_secrets)

    # Fill with local/.env secrets (override remote)
    env_file = env_file or find_dotenv(search_path=caller_dir(frames_above=1))
    if env_file:
        import dotenv
        dotenv.load_dotenv(env_file, verbose=verbose > 0, override=True)
        new_secrets = filter_dict(os.environ, allowed_keys=allowed_keys)
        secrets.update(new_secrets)

    return secrets
Exemplo n.º 5
0
def howdoi_slack():
    json = app.current_request.query_params
    try:
        token = json.pop('token')
        response_url = json.pop('response_url')
    except KeyError:
        logger.info(json)
        logger.info('external request')
    logger.info(json)

    env = app.current_request.to_dict()['context']['stage']
    config = credstash.getAllSecrets(context={'env': env, 'app': 'howdoi_'})
    if not _is_authenticated_slack(token, **config):
        logger.info('Invalid token')
        return {'text': 'Sorry, {} only works in Slack!'
                ''.format(json['command'])}

    text = json['text']
    _greet(response_url)
    query_response = _process_text(text)
    formatted_response = _format_text(query_response, text)
    payload = {'response_type': 'in_channel','text': formatted_response}
    requests.post(response_url, data=dumps(payload))
Exemplo n.º 6
0
from flask import Flask, jsonify, session
from flask_pyoidc.flask_pyoidc import OIDCAuthentication
import os
import credstash

app = Flask(__name__)

try:
    secrets = credstash.getAllSecrets(
        context={'application': 'example-auth0-flask-app'},
        credential='example-auth0-flask-app:*',
        region="us-west-2"
    )
except:
    app.logger.error("Unable to load credentials with credstash")

# TODO : conditional on credstash vs env vars

client_info = dict()

# Required settings set in environment variables
app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY', 'SecretKeyGoesHere')
client_info['client_id'] = os.environ.get('OIDC_CLIENT_ID')
client_info['client_secret'] = os.environ.get('OIDC_CLIENT_SECRET')
issuer = os.environ.get('OIDC_ISSUER')

# Optional settings set in environment variables
app.config['SERVER_NAME'] = os.environ.get('SERVER_NAME', 'localhost:3000')
app.config['PREFERRED_URL_SCHEME'] = os.environ.get('PREFERRED_URL_SCHEME', 'http')
app.config['DEBUG'] = True if os.environ.get('DEBUG', 'True').lower() == 'true' else False
Exemplo n.º 7
0
 def listSecrets(self,
                 table='credential-store',
                 region=credstash.DEFAULT_REGION):
     return credstash.getAllSecrets(table=table, region=region)
Exemplo n.º 8
0
def test_getAllSecrets_no_secrets():
    s = credstash.getAllSecrets()
    assert s == dict()
Exemplo n.º 9
0
def test_getAllSecrets(secret):
    s = credstash.getAllSecrets()
    assert s == {secret['name']: secret['value']}
Exemplo n.º 10
0
from credstash import getAllSecrets
import os

# on aws get secrets and export to env
os.environ.update(getAllSecrets(region="eu-west-1"))

from app import create_app  # noqa

application = create_app()

if __name__ == "__main__":
        application.run()
Exemplo n.º 11
0
from flask.ext.script import Manager, Server
from flask_migrate import Migrate, MigrateCommand
from app import create_app, db
from credstash import getAllSecrets

secrets = getAllSecrets(region="eu-west-1")

application = create_app('live', secrets)

manager = Manager(application)
migrate = Migrate(application, db)
manager.add_command('db', MigrateCommand)

if __name__ == '__main__':
    manager.run()
Exemplo n.º 12
0
    config = credstash.getAllSecrets(context={'env': env, 'app': 'confluence'})
    if not _is_authenticated_slack(token, **config):
        return {'text': 'Sorry, {} only works in Slack!'
                ''.format(json['command'])}

    _greet(response_url)
    cql = json['text']
    config = credstash.getAllSecrets(context={'env': 'dev', 'app': 'confluence'})

    result = _process(cql, **config)
    payload = dumps({"response_type": "in_channel", "text": result })
    requests.post(response_url, data=payload)

def _process(cql, **config):
    session = _connect_confluence(**config)
    url = ('https://{JIRA_CLIENT_URL}/wiki/dosearchsite.action'
           ''.format(**config))
    add_params = _add_params(cql, space=config.get('SPACE'))
    content = _get_content(session, url, add_params)
    parsed_content = _parse_content(content, **config)
    result = ('{}\n\n*View all ->* {}?{}\n\n^ /wiki {}'
              ''.format(parsed_content, url, urllib.urlencode(add_params), cql))
    return result

if __name__ == '__main__':
    import sys
    cql = sys.argv[1]
    config = credstash.getAllSecrets(context={'env': 'dev', 'app': 'confluence'})
    result = _process(cql, **config)
    print(result)