def get_token(self, username, password, hostname): self._logger.info("Get token from GUI.") vault_client = VaultClient(hostname, username, password, tokenfile) login_status = vault_client.login(username, password) if login_status: return "Token obtained." else: return "Unable to obtain token. Verify your credentials and Vault URL."
def get_entity_name(self, username, password, vault_token, hostname, entity_id): try: vault_client = VaultClient(hostname, username, password, tokenfile, vault_token) return (True, vault_client.read_entity_by_id(entity_id)) except Exception as e: return (False, str(e))
def decrypt(self, username, password, vault_token, hostname, url, output_path): try: self._logger.info("Decrypt files in the path {}".format( self._input_path)) vault_client = VaultClient(hostname, username, password, tokenfile, vault_token) dataset_name = url.split("/")[-1] key_manager = KeyManagementVault(vault_client, dataset_name) arguments = { "--input": self._input_path, "--output": output_path, "--username": username, "--password": password, "--vault": hostname, "--url": url, "--decrypt": True, "--encrypt": False } encryptor = Cryptor(arguments, key_manager, self._logger, dataset_name) encryptor.decrypt() return (True, None) except Exception as e: return (False, str(e))
def create_access_granter(self, username, password, vault_token, hostname): try: vault_client = VaultClient(hostname, username, password, tokenfile, vault_token) # TODO: add another method to set self._access_granter to null when the review window is closed access_granter = AccessManager(vault_client) self._access_granter = access_granter return (True, None) except Exception as e: return (False, str(e))
def grant_access(self, username, password, vault_token, hostname, dataset_name, requester_id, expiry_date): try: vault_client = VaultClient(hostname, username, password, tokenfile, vault_token) access_granter = AccessManager(vault_client) access_granter.grant_access(requester_id, dataset_name, expiry_date) return (True, None) except Exception as e: return (False, str(e))
def encrypt(self, username, password, vault_token, hostname, output_path): try: self._logger.info("Encrypt files in the path {}".format( self._input_path)) vault_client = VaultClient(hostname, username, password, tokenfile, vault_token) dataset_name = str(uuid.uuid4()) key_manager = KeyManagementVault(vault_client, dataset_name) arguments = { "--input": self._input_path, "--output": output_path, "--username": username, "--password": password, "--vault": hostname, "--encrypt": True } encryptor = Cryptor(arguments, key_manager, self._logger, dataset_name) bag_path = encryptor.encrypt() return (True, bag_path) except Exception as e: self._logger.info(str(e)) return (False, str(e))
""" Usage: expire_permission.py --vault <vault_addr> --tokenfile <root_tokenfile> Options: --vault <vault_addr> using hashicorp vault for key generation and storage --tokenfile <root_tokenfile> """ import datetime from docopt import docopt from modules.VaultClient import VaultClient from util import constants from util.util import Util from modules.AccessManager import AccessManager import os __version__ = constants.VERSION if __name__ == "__main__": arguments = docopt(__doc__, version=__version__) Util.get_logger("cron-monitor-expired-shares", log_level="info", filepath=os.path.join(os.path.expanduser('~'), "logs", "permission_monitor.log")) with open(arguments["--tokenfile"]) as f: vault_root_token = f.read() vault_client = VaultClient(vault_addr=arguments["--vault"], vault_token=vault_root_token) access_manager = AccessManager(vault_client) access_manager.check_access()
from util import constants from util.util import Util import click import webbrowser from urllib.parse import urljoin __version__ = constants.VERSION dirs = AppDirs(constants.APP_NAME, constants.APP_AUTHOR) os.makedirs(dirs.user_data_dir, exist_ok=True) tokenfile = os.path.join(dirs.user_data_dir, "vault_token") if __name__ == "__main__": arguments = docopt(__doc__, version=__version__) if arguments["--username"]: vault_client = VaultClient(vault_addr=arguments["--vault"], vault_username=arguments["--username"], vault_passowrd=arguments["--password"], tokenfile=tokenfile) elif arguments["--oauth"]: vault_ui_url = urljoin(arguments["--vault"], "/ui/vault/auth?with=oidc") webbrowser.open_new_tab(vault_ui_url) token = input('Please input your vault client token: ') vault_client = VaultClient(vault_addr=arguments["--vault"], vault_username=arguments["--username"], vault_passowrd=arguments["--password"], tokenfile=tokenfile, vault_token=token) access_manager = AccessManager(vault_client) if arguments["--mode"] == "review-shares": print(access_manager.list_members())