def _get_datastore_value_for_expression(self, key, value, config_schema_item=None): """ Retrieve datastore value by first resolving the datastore expression and then retrieving the value from the datastore. :param key: Full path to the config item key (e.g. "token" / "auth.settings.token", etc.) """ from st2common.services.config import deserialize_key_value config_schema_item = config_schema_item or {} secret = config_schema_item.get("secret", False) try: value = render_template_with_system_and_user_context( value=value, user=self.user ) except Exception as e: # Throw a more user-friendly exception on failed render exc_class = type(e) original_msg = six.text_type(e) msg = ( 'Failed to render dynamic configuration value for key "%s" with value ' '"%s" for pack "%s" config: %s %s ' % (key, value, self.pack_name, exc_class, original_msg) ) raise RuntimeError(msg) if value: # Deserialize the value value = deserialize_key_value(value=value, secret=secret) else: value = None return value
def _get_datastore_value_for_expression(self, key, value, config_schema_item=None): """ Retrieve datastore value by first resolving the datastore expression and then retrieving the value from the datastore. :param key: Full path to the config item key (e.g. "token" / "auth.settings.token", etc.) """ from st2common.services.config import deserialize_key_value config_schema_item = config_schema_item or {} secret = config_schema_item.get('secret', False) try: value = render_template_with_system_and_user_context(value=value, user=self.user) except Exception as e: # Throw a more user-friendly exception on failed render exc_class = type(e) original_msg = str(e) msg = ('Failed to render dynamic configuration value for key "%s" with value ' '"%s" for pack "%s" config: %s ' % (key, value, self.pack_name, original_msg)) raise exc_class(msg) if value: # Deserialize the value value = deserialize_key_value(value=value, secret=secret) else: value = None return value
def get_key(key=None, user=None, scope=None, decrypt=False): """Retrieve key from KVP store """ if not isinstance(key, six.string_types): raise TypeError('Given key is not typeof string.') if not isinstance(decrypt, bool): raise TypeError('Decrypt parameter is not typeof bool.') if not user: user = UserDB(cfg.CONF.system_user.user) scope, key_id = _derive_scope_and_key(key, user, scope) scope = get_datastore_full_scope(scope) LOG.debug('get_key scope: %s', scope) _validate_scope(scope=scope) is_admin = rbac_utils.user_is_admin(user_db=user) # User needs to be either admin or requesting item for itself _validate_decrypt_query_parameter(decrypt=decrypt, scope=scope, is_admin=is_admin, user=user) value = KeyValuePair.get_by_scope_and_name(scope, key_id) if value: return deserialize_key_value(value.value, decrypt) return None
def _get_datastore_value_for_expression(self, value, config_schema_item=None): """ Retrieve datastore value by first resolving the datastore expression and then retrieving the value from the datastore. """ config_schema_item = config_schema_item or {} secret = config_schema_item.get('secret', False) # TODO: Get key name so we can throw a more friendly exception value = render_template_with_system_and_user_context(value=value, user=self.user) if value: # Deserialize the value value = deserialize_key_value(value=value, secret=secret) else: value = None return value
def get_key(key=None, user_db=None, scope=None, decrypt=False): """ Retrieve key from KVP store """ if not isinstance(key, six.string_types): raise TypeError('Given key is not typeof string.') if not isinstance(decrypt, bool): raise TypeError('Decrypt parameter is not typeof bool.') if not user_db: # Use system user user_db = UserDB(cfg.CONF.system_user.user) scope, key_id = _derive_scope_and_key(key=key, user=user_db.name, scope=scope) scope = get_datastore_full_scope(scope) LOG.debug('get_key key_id: %s, scope: %s, user: %s, decrypt: %s' % (key_id, scope, str(user_db.name), decrypt)) _validate_scope(scope=scope) rbac_utils = get_rbac_backend().get_utils_class() is_admin = rbac_utils.user_is_admin(user_db=user_db) # User needs to be either admin or requesting item for itself _validate_decrypt_query_parameter(decrypt=decrypt, scope=scope, is_admin=is_admin, user_db=user_db) # Get the key value pair by scope and name. kvp = KeyValuePair.get_by_scope_and_name(scope, key_id) # Decrypt in deserialize_key_value cannot handle NoneType. if kvp.value is None: return kvp.value return deserialize_key_value(kvp.value, decrypt)