def prep_nova_creds(self):
"""
Finds relevant config options in the supernova config and cleans them
up for novaclient.
"""
self.check_deprecated_options()
raw_creds = self.get_nova_creds().items(self.nova_env)
nova_re = re.compile(r"(^nova_|^os_|^novaclient|^trove_)")
creds = []
for param, value in raw_creds:
# Skip parameters we're unfamiliar with
if not nova_re.match(param):
continue
param = param.upper()
# Get values from the keyring if we find a USE_KEYRING constant
if value.startswith("USE_KEYRING"):
rex = "USE_KEYRING\[([\x27\x22])(.*)\\1\]"
if value == "USE_KEYRING":
username = "******" % (self.nova_env, param)
else:
global_identifier = re.match(rex, value).group(2)
username = "******" % ('global', global_identifier)
credential = credentials.password_get(username)
else:
credential = value.strip("\"'")
# Make sure we got something valid from the configuration file or
# the keyring
if not credential:
msg = """
While connecting to %s, supernova attempted to retrieve a credential
for %s but couldn't find it within the keyring. If you haven't stored
credentials for %s yet, try running:
supernova-keyring -s %s
""" % (self.nova_env, username, username, ' '.join(username.split(':')))
print msg
sys.exit(1)
creds.append((param, credential))
return creds
def run_supernova_keyring():
"""
Handles all of the prep work and error checking for the
supernova-keyring executable.
"""
s = supernova.SuperNova()
parser = argparse.ArgumentParser()
group = parser.add_mutually_exclusive_group(required=True)
group.add_argument(
"-g", "--get", action="store_true", dest="get_password", help="retrieves credentials from keychain storage"
)
group.add_argument(
"-s", "--set", action="store_true", dest="set_password", help="stores credentials in keychain storage"
)
parser.add_argument("env", help="environment to set parameter in")
parser.add_argument("parameter", help="parameter to set")
args = parser.parse_args()
username = "******" % (args.env, args.parameter)
if args.set_password:
print "[%s] Preparing to set a password in the keyring for:" % (gwrap("Keyring operation"))
print " - Environment : %s" % args.env
print " - Parameter : %s" % args.parameter
print "\n If this is correct, enter the corresponding credential " "to store in \n your keyring or press CTRL-D to abort: ",
# Prompt for a password and catch a CTRL-D
try:
password = getpass.getpass("")
except:
password = None
print
# Did we get a password from the prompt?
if not password or len(password) < 1:
print "\n[%s] No data was altered in your keyring." % (rwrap("Canceled"))
sys.exit()
# Try to store the password
try:
store_ok = credentials.password_set(username, password)
except:
store_ok = False
if store_ok:
print "\n[%s] Successfully stored credentials for %s under the " "supernova service." % (
gwrap("Success"),
username,
)
else:
print "\n[%s] Unable to store credentials for %s under the " "supernova service." % (
rwrap("Failed"),
username,
)
sys.exit()
if args.get_password:
print "[%s] If this operation is successful, the credential " "stored \nfor %s will be displayed in your terminal as " "plain text." % (
rwrap("Warning"),
username,
)
print "\nIf you really want to proceed, type yes and press enter:",
confirm = raw_input("")
if confirm != "yes":
print "\n[%s] Your keyring was not read or altered." % (rwrap("Canceled"))
sys.exit()
try:
password = credentials.password_get(username)
except:
password = None
if password:
print "\n[%s] Found credentials for %s: %s" % (gwrap("Success"), username, password)
else:
print "\n[%s] Unable to retrieve credentials for %s.\nThere are " "probably no credentials stored for this environment/" "parameter combination (try --set)." % (
rwrap("Failed"),
username,
)
sys.exit(1)
