def prep_nova_creds(self): """ Finds relevant config options in the supernova config and cleans them up for novaclient. """ self.check_deprecated_options() raw_creds = self.get_nova_creds().items(self.nova_env) nova_re = re.compile(r"(^nova_|^os_|^novaclient|^trove_)") creds = [] for param, value in raw_creds: # Skip parameters we're unfamiliar with if not nova_re.match(param): continue param = param.upper() # Get values from the keyring if we find a USE_KEYRING constant if value.startswith("USE_KEYRING"): rex = "USE_KEYRING\[([\x27\x22])(.*)\\1\]" if value == "USE_KEYRING": username = "******" % (self.nova_env, param) else: global_identifier = re.match(rex, value).group(2) username = "******" % ('global', global_identifier) credential = credentials.password_get(username) else: credential = value.strip("\"'") # Make sure we got something valid from the configuration file or # the keyring if not credential: msg = """ While connecting to %s, supernova attempted to retrieve a credential for %s but couldn't find it within the keyring. If you haven't stored credentials for %s yet, try running: supernova-keyring -s %s """ % (self.nova_env, username, username, ' '.join(username.split(':'))) print msg sys.exit(1) creds.append((param, credential)) return creds
def run_supernova_keyring(): """ Handles all of the prep work and error checking for the supernova-keyring executable. """ s = supernova.SuperNova() parser = argparse.ArgumentParser() group = parser.add_mutually_exclusive_group(required=True) group.add_argument( "-g", "--get", action="store_true", dest="get_password", help="retrieves credentials from keychain storage" ) group.add_argument( "-s", "--set", action="store_true", dest="set_password", help="stores credentials in keychain storage" ) parser.add_argument("env", help="environment to set parameter in") parser.add_argument("parameter", help="parameter to set") args = parser.parse_args() username = "******" % (args.env, args.parameter) if args.set_password: print "[%s] Preparing to set a password in the keyring for:" % (gwrap("Keyring operation")) print " - Environment : %s" % args.env print " - Parameter : %s" % args.parameter print "\n If this is correct, enter the corresponding credential " "to store in \n your keyring or press CTRL-D to abort: ", # Prompt for a password and catch a CTRL-D try: password = getpass.getpass("") except: password = None print # Did we get a password from the prompt? if not password or len(password) < 1: print "\n[%s] No data was altered in your keyring." % (rwrap("Canceled")) sys.exit() # Try to store the password try: store_ok = credentials.password_set(username, password) except: store_ok = False if store_ok: print "\n[%s] Successfully stored credentials for %s under the " "supernova service." % ( gwrap("Success"), username, ) else: print "\n[%s] Unable to store credentials for %s under the " "supernova service." % ( rwrap("Failed"), username, ) sys.exit() if args.get_password: print "[%s] If this operation is successful, the credential " "stored \nfor %s will be displayed in your terminal as " "plain text." % ( rwrap("Warning"), username, ) print "\nIf you really want to proceed, type yes and press enter:", confirm = raw_input("") if confirm != "yes": print "\n[%s] Your keyring was not read or altered." % (rwrap("Canceled")) sys.exit() try: password = credentials.password_get(username) except: password = None if password: print "\n[%s] Found credentials for %s: %s" % (gwrap("Success"), username, password) else: print "\n[%s] Unable to retrieve credentials for %s.\nThere are " "probably no credentials stored for this environment/" "parameter combination (try --set)." % ( rwrap("Failed"), username, ) sys.exit(1)