def test_user_rotate_api_key_without_param_rotates_logged_in_user(self): some_user_api_key = self.invoke_cli( self.cli_auth_params, ['user', 'rotate-api-key', '-i', 'someuser']) # extract the API key from the returned message extract_api_key_from_message = some_user_api_key.split(":")[1].strip() self.invoke_cli( self.cli_auth_params, ['login', '-i', 'someuser', '-p', extract_api_key_from_message]) credential_store = CredentialStoreFactory.create_credential_store() loaded_conjurrc = ConjurrcData.load_from_file() old_api_key = credential_store.load( loaded_conjurrc.conjur_url).password some_user_api_key = self.invoke_cli(self.cli_auth_params, ['user', 'rotate-api-key']) extract_api_key_from_message = some_user_api_key.split(":")[1].strip() assert old_api_key != extract_api_key_from_message, "the API keys are the same!" credential_store = CredentialStoreFactory.create_credential_store() new_api_key = credential_store.load( loaded_conjurrc.conjur_url).password assert new_api_key.strip( ) == extract_api_key_from_message, "the API keys are not the same!"
def _run_command_flow(self, args, resource): ssl_verification_meta_data = get_ssl_verification_meta_data_from_conjurrc(args.ssl_verify) client = Client(ssl_verification_mode=ssl_verification_meta_data.mode, connection_info=ConjurrcData.load_from_file().get_client_connection_info(), debug=args.debug, credentials_provider=self.credential_provider, async_mode=False) if resource == 'list': cli_actions.handle_list_logic(args, client) elif resource == 'whoami': result = client.whoami() print(json.dumps(result, indent=4)) elif resource == 'variable': cli_actions.handle_variable_logic(args, client) elif resource == 'policy': policy_data = PolicyData(action=args.action, branch=args.branch, file=args.file) cli_actions.handle_policy_logic(policy_data, client) elif resource == 'user': cli_actions.handle_user_logic(self.credential_provider, args, client) elif resource == 'host': cli_actions.handle_host_logic(args, client) elif resource == 'hostfactory': cli_actions.handle_hostfactory_logic(args, client)
def get_credentials() -> CredentialsData: try: cred_store = create_cred_store() conjurrc = ConjurrcData.load_from_file() return cred_store.load(conjurrc.conjur_url) except: print("Unable to fetch credentials")
def is_credentials_exist(conjur_url=None) -> bool: try: cred_store = create_cred_store() if conjur_url is None: conjur_url = ConjurrcData.load_from_file().conjur_url return cred_store.is_exists(conjur_url) except: print("Unable to validate that credentials exist")
def delete_credentials(): try: cred_store = create_cred_store() conjurrc = ConjurrcData.load_from_file() if cred_store.is_exists(conjurrc.conjur_url): return cred_store.remove_credentials(conjurrc.conjur_url) except: # this is a util test not throwing for now. user should make sure conjurrc file exists pass
def _perofrm_auth_if_not_login(self, args): self._run_init_if_not_occur() # If the user runs a command without logging into the CLI, # we request they do so before executing their request if not self.is_testing_env: loaded_conjurrc = ConjurrcData.load_from_file() if not self.credential_provider.is_exists(loaded_conjurrc.conjur_url): # The below message when a user implicitly requested to init # pylint: disable=logging-fstring-interpolation sys.stdout.write(f"{LOGIN_IS_REQUIRED}\n") cli_actions.handle_login_logic(self.credential_provider, ssl_verify=args.ssl_verify)