def token_create(): _warning_root_token() token = utils.get_input('token display name: ') if not token or not token.strip(): print("a token display name is required") sys.exit(1) cmd = "VAULT_ADDR=%s vault token create -policy=%s -display-name=%s" % (vault_addr(), vault_policy(), token) local(cmd)
def _clone_project_formula(furl): """clones a formula to `./cloned-projects/$formulaname`, if it doesn't already exist. if it does exist, it attempts to update it with a `git pull`.""" destination = config.CLONED_PROJECT_FORMULA_DIR # /path/to/builder/cloned-projects fpath = os.path.join(destination, os.path.basename( furl)) # /path/to/builder/cloned-projects/builder-base-formula cmd = "cd %s; git clone %s" % (destination, furl) if os.path.exists(fpath): cmd = "cd %s; git pull" % (fpath, ) with settings(warn_only=True): local(cmd)
def diff_builder_config(): "helps keep three" file_sets = [ [ "./builder-private-example/pillar/elife.sls", "./cloned-projects/builder-base-formula/pillar/elife.sls", "./builder-private/pillar/elife.sls" ], [ "./projects/elife.yaml", "./builder-private/projects/elife-private.yaml", ] ] for paths in file_sets: local("meld " + " ".join(paths))
def _interactive_ssh(username, public_ip, private_key): try: command = "ssh -o \"ConnectionAttempts 3\" %s@%s -i %s" % ( username, public_ip, private_key) return local(command) except CommandException as e: LOG.warning(e)
def server_access(): """returns True if this builder instance has access to the master server. access may be available through presence of the master-server's bootstrap user's identify file OR current user is in master server's allowed_keys list""" stackname = core.find_master(core.find_region()) public_ip = core.stack_data(stackname, ensure_single_instance=True)[0]['PublicIpAddress'] result = local('ssh -o "StrictHostKeyChecking no" %s@%s "exit"' % (config.BOOTSTRAP_USER, public_ip)) return result['succeeded']
def parse_validate_repolist(fdata, *repolist): "returns a list of triples" known_formulas = fdata.get('formula-dependencies', []) known_formulas.extend([fdata['formula-repo'], fdata['private-repo']]) known_formula_map = OrderedDict( zip(map(os.path.basename, known_formulas), known_formulas)) arglist = [] for user_string in repolist: if '@' not in user_string: print('skipping %r, no revision component' % user_string) continue repo, rev = user_string.split('@') if not rev.strip(): print('skipping %r, empty revision component' % user_string) continue if repo not in known_formula_map: print('skipping %r, unknown formula. known formulas: %s' % (repo, ', '.join(known_formula_map.keys()))) continue arglist.append((repo, known_formula_map[repo], rev)) # test given revisions actually exist in formulas for name, _, revision in arglist: path = join(config.PROJECT_PATH, "cloned-projects", name) if not os.path.exists(path): LOG.warn( "couldn't find formula %r locally, revision check skipped", path) continue with lcd(path), settings(warn_only=True): ensure( local("git fetch --quiet")['succeeded'], "failed to fetch remote refs for %s" % path) ensure( local("git cat-file -e %s^{commit}" % revision)['succeeded'], "failed to find ref %r in %s" % (revision, name)) return arglist
def token_revoke(token): cmd = "VAULT_ADDR=%s vault token revoke %s" % (vault_addr(), token) local(cmd)
def token_lookup_accessor(accessor): _warning_root_token() cmd = "VAULT_ADDR=%s vault token lookup -accessor %s" % (vault_addr(), accessor) local(cmd)
def token_list_accessors(): _warning_root_token() cmd = "VAULT_ADDR=%s vault list auth/token/accessors" % (vault_addr()) local(cmd)
def token_lookup(token): cmd = "VAULT_ADDR=%s VAULT_TOKEN=%s vault token lookup" % (vault_addr(), token) local(cmd)
def policies_update(): _warning_root_token() cmd = "VAULT_ADDR=%s vault policy write %s .vault/%s.hcl" % (vault_addr(), vault_policy(), vault_policy()) local(cmd)
def logout(): cmd = "rm -f ~/.vault-token" local(cmd)
def login(): cmd = "VAULT_ADDR=%s vault login" % vault_addr() local(cmd)
def _interactive_ssh(command): try: local(command) except CommandException as e: LOG.warn(e)
def _git_remote_refs(url): cmd = "git ls-remote --heads %s" % url output = local(cmd, capture=True)['stdout'] return [line.split() for line in output]
def new(): "creates a new project formula from a template" pname = utils.uin('project name') local('./scripts/new-project.sh %s' % pname)