def __init__(self, uda_class, view_name, uda_fields, key_fields=None): self.uda_class = uda_class self.uda_encoded = base64.b64_encode(pickle_dump(uda_class)) self.view_name = view_name self.uda_fields = uda_fields self.key_fields = key_fields
def encode(data): """ base64 encode helper for jinja :param data: encodeable bytes-object :type model: byte :returns: base64 encoded bytes-object :rtype: byte """ return b64_encode(data)
def encodes(data, code="ascii"): """ base64 encode helper for jinja taking string and returning string :param data: string which should be encoded :type model: string :param code: code to use for bytes en-/decoding (default: ascii) :type model: string :returns: base64-encoded string :rtype: string """ return b64_encode(data.encode(code)).decode(code)
def post_process(output): cleanup = output['cleanup'] if cleanup: cleanup = '/' + cleanup datapack = output['datapack'] from base64 import encodestring as b64_encode return { 'zip': b64_encode(datapack).decode('utf8'), 'cleanup': cleanup, 'namespace': output['namespace'], }
def _request(self, method, url, data=None): authorization = '%s:%s' % (self.user, self.token) base64 = b64_encode(authorization).replace('\n', '') headers = {'Authorization': 'Basic %s' % base64} if data: headers['Content-Type'] = 'application/json' data = json.dumps(data) req_method = getattr(requests, method.lower()) resp = req_method(url, data=data, headers=headers) data, code = resp.text, resp.status_code if code < 200 or code >= 300: print 'Got a %s response: %r' % (code, data) raise Exception if resp.headers.get('Content-Encoding') == 'gzip': fd = GzipFile(fileobj=StringIO(data)) data = fd.read() return (resp.headers, json.loads(data))
def build(self, build_context): """Build launches the previously-built AMI. Requires: build_context['image_id'] build_context['build_vpc'] build_context['build_region'] build_context['key_name'] build_context['customer_id'] build_context['customer_email'] build_context['basiton_id'] build_context['vpn_password'] """ self._ec2 = boto3.client('ec2', region_name=build_context['build_region']) self._cfn = boto3.client('cloudformation', region_name=build_context['build_region']) self._iam = boto3.client('iam', region_name=build_context['build_region']) self._as = boto3.client('autoscaling', region_name=build_context['build_region']) customer_id = build_context['customer_id'] build_time = int(time.time()) stack_name = 'opsee-stack-%s' % customer_id role_name = 'opsee-role-%s' % customer_id policy_name = 'opsee-policy-%s' % customer_id resp = requests.get( get_bucket_path(build_context['build_region'], 'opsee-role.json')) policy = resp.text self._iam.create_role(RoleName=role_name, AssumeRolePolicyDocument=assume_role_policy) self._iam.put_role_policy(RoleName=role_name, PolicyName=policy_name, PolicyDocument=policy) build_context['role_name'] = role_name build_context['policy_name'] = policy_name userdata_t = Template(userdata_template) userdata = b64_encode( userdata_t.render( customer_id=build_context['customer_id'], bastion_id=build_context['bastion_id'], customer_email=build_context['customer_email'], vpn_password=build_context['vpn_password'], )) build_context['launch_stack_name'] = stack_name resp = self._ec2.describe_subnets(Filters=[ { 'Name': 'vpc-id', 'Values': [build_context['build_vpc']] }, { 'Name': 'availabilityZone', # ${reigon}a is almost always going to exist. We can get AZs and pick one # later if we need to. 'Values': ['%sa' % build_context['build_region']] }, { 'Name': 'defaultForAz', 'Values': ['true'] }, ]) subnet_id = resp['Subnets'][0]['SubnetId'] build_context['launch_subnet_id'] = subnet_id resp = self._cfn.create_stack( StackName=stack_name, TemplateURL=get_bucket_path(build_context['build_region'], 'bastion-cf.template'), Capabilities=['CAPABILITY_IAM'], Parameters=[ { 'ParameterKey': 'AllowSSH', 'ParameterValue': 'False', 'UsePreviousValue': False, }, { 'ParameterKey': 'ImageId', 'ParameterValue': build_context['image_id'], 'UsePreviousValue': False, }, { 'ParameterKey': 'UserData', 'ParameterValue': userdata, 'UsePreviousValue': False, }, { 'ParameterKey': 'KeyName', 'ParameterValue': build_context['key_name'], 'UsePreviousValue': False, }, { 'ParameterKey': 'VpcId', 'ParameterValue': build_context['build_vpc'], 'UsePreviousValue': False, }, { 'ParameterKey': 'SubnetId', 'ParameterValue': subnet_id, 'UsePreviousValue': False, }, { 'ParameterKey': 'CustomerId', 'ParameterValue': stack_name, 'UsePreviousValue': False, }, { 'ParameterKey': 'BastionId', 'ParameterValue': stack_name, 'UsePreviousValue': False, }, { 'ParameterKey': 'BastionIngressTemplateUrl', 'ParameterValue': get_bucket_path(build_context['build_region'], 'bastion-ingress-cf.template'), 'UsePreviousValue': False, }, ], ) stack_id = resp['StackId'] print 'Test stack id: %s' % stack_id print 'Waiting for stack creation to finish...' waiter = waiters.CloudFormationWaiter(self._cfn) waiter.wait(stack_name, 'CREATE_COMPLETE') resources = self._cfn.describe_stack_resources(StackName=stack_name) asg_id = [ x for x in resources['StackResources'] if x['ResourceType'] == 'AWS::AutoScaling::AutoScalingGroup' ][0]['PhysicalResourceId'] resp = self._as.describe_auto_scaling_groups( AutoScalingGroupNames=[asg_id]) instance_id = resp['AutoScalingGroups'][0]['Instances'][0][ 'InstanceId'] print 'Waiting for build instance (%s) to become available...' % instance_id waiter = self._ec2.get_waiter('instance_running') waiter.wait(InstanceIds=[instance_id]) instance_info = self._ec2.describe_instances( InstanceIds=[instance_id])['Reservations'][0]['Instances'][0] public_ip = instance_info['NetworkInterfaces'][0]['Association'][ 'PublicIp'] sg_id = instance_info['SecurityGroups'][0]['GroupId'] self._ec2.authorize_security_group_ingress( GroupId=sg_id, IpProtocol='tcp', FromPort=22, ToPort=22, CidrIp='0.0.0.0/0', ) print 'Got instance public IP: %s' % public_ip build_context['launch_public_ip'] = public_ip print 'Sleeping for 240 seconds to allow bastion to finish initialization...' time.sleep(240) return build_context
# See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/ # Frankiz secret Key FKZ_KEY = None fkzkeyfile = os.path.join(BASE_DIR, ".keys/fkz.key") if not os.path.exists(fkzkeyfile): with open(fkzkeyfile, "wb") as f: f.write("None") with open(fkzkeyfile, "r") as f: FKZ_KEY = f.read().strip() # SECURITY WARNING: keep the secret key used in production secret! secretkeyfile = os.path.join(BASE_DIR, ".keys/secret.key") if not os.path.exists(secretkeyfile): with open(secretkeyfile, "wb") as f: f.write(base64.b64_encode(os.urandom(30))) with open(secretkeyfile, "r") as f: SECRET_KEY = f.read().strip() # SECURITY WARNING: don't run with debug turned on in production! DEBUG = os.environ.get("DJANGO_DEBUG", False) ALLOWED_HOSTS = ["*"] AUTH_USER_MODEL = 'event.User' # Emails DEFAULT_FROM_EMAIL = "*****@*****.**" SERVER_EMAIL = DEFAULT_FROM_EMAIL