def fetch_word_cloud(username):
try:
vault = Vault.instance(**vault_conf)
client = vault.client
res = client.read('kv/usernames/{}'.format(
hashlib.sha512(str(username).encode('utf-8')).hexdigest()))
except:
raise VaultError('VE')
try:
entity_id = res['data']['entity_id']
except:
raise VaultUserNotFound('VUNF')
try:
res = client.read('kv/words/{}'.format(entity_id))
except:
raise VaultUserWordCloudNotAccessible('VUWCNA')
try:
word_cloud = res['data']
except:
raise VaultUserWordCloudNotFound('VUWCNF')
return word_cloud
parser.print_usage()
print("Error: SSH key not provided and SSH_KEY is not defined")
sys.exit(1)
session = aws.create_session(args.aws_credentials)
bastion = aws.machine_lookup(session, 'bastion.' + args.domain)
iam = session.resource('iam')
client = session.client('iam')
domain = args.domain.replace('.', '-')
print("Opening ssh tunnel")
with vault_tunnel(args.ssh_key, bastion):
print("\tcomplete")
v = Vault('vault.' + args.domain)
#while True:
# try:
# v.revoke_secret_prefix('aws/creds/ingest-loadtest')
# except Exception as ex:
# print(ex)
#
# time.sleep(10)
#sys.exit(0)
print("Creating IAM policy")
policy = iam.create_policy(
PolicyName = '{}-ingest_client-loadtest'.format(domain),
PolicyDocument = json.dumps({
"Version": "2012-10-17",
private = args.internal
else:
private = aws.machine_lookup(session, args.internal, public_ip=False)
ssh = SSHConnection(args.ssh_key, private, bastion)
if args.command in ("ssh", ):
ssh.shell()
elif args.command in ("scp", ):
ret = ssh.scp(*args.arguments)
sys.exit(ret)
elif args.command in ("ssh-cmd", ):
ret = ssh.cmd(*args.arguments)
sys.exit(ret)
elif args.command in ("ssh-tunnel", ):
ssh.external_tunnel(*args.arguments)
elif args.command in ("ssh-all", ):
addrs = aws.machine_lookup_all(session, args.internal, public_ip=False)
for addr in addrs:
print("{} at {}".format(args.internal, addr))
ssh = SSHConnection(args.ssh_key, addr, bastion)
ssh.cmd(*args.arguments)
print()
elif args.command in vault.COMMANDS:
with vault_tunnel(args.ssh_key, bastion):
vault.COMMANDS[args.command](Vault(args.internal, private),
*args.arguments)
else:
parser.print_usage()
sys.exit(1)
ssh.shell()
elif args.command in ("scp", ):
ret = ssh.scp(*args.arguments)
sys.exit(ret)
elif args.command in ("ssh-cmd", ):
ret = ssh.cmd(*args.arguments)
sys.exit(ret)
elif args.command in ("ssh-tunnel", ):
with ssh.tunnel() as local_port:
print("Connect to localhost:{} to be forwarded to {}:{}".format(
local_port, args.ip, args.port))
input("Waiting to close tunnel...")
elif args.command in ("ssh-all", ):
addrs = aws.machine_lookup_all(bosslet_config.session,
args.hostname,
public_ip=False)
for addr in addrs:
print("{} at {}".format(args.hostname, addr))
ssh_target = SSHTarget(bosslet_config.ssh_key, addr, args.port,
args.user)
ssh = SSHConnection(ssh_target, bastions)
ssh.cmd(*args.arguments)
print()
elif args.command in vault.COMMANDS:
with vault_tunnel(bosslet_config.ssh_key, bastions):
vault.COMMANDS[args.command](Vault(args.hostname, args.ip),
*args.arguments)
else:
parser.print_usage()
sys.exit(1)
return "\n" + header + "\n" + \
"\n".join(map(lambda x: " " + x, options)) + "\n"
commands = list(COMMANDS.keys())
commands_help = create_help("command supports the following:", commands)
parser = argparse.ArgumentParser(
description="Script for manipulating Vault instances",
formatter_class=argparse.RawDescriptionHelpFormatter,
epilog=commands_help)
parser.add_argument(
"--machine",
"-m",
help="The name of the Vault server, used to read/write tokens and keys."
)
parser.add_argument("command",
choices=commands,
metavar="command",
help="Command to execute")
parser.add_argument("arguments",
nargs="*",
help="Arguments to pass to the command")
args = parser.parse_args()
if args.command in COMMANDS:
COMMANDS[args.command](Vault(args.machine), *args.arguments)
else:
parser.print_usage()
sys.exit(1)