Merge pull request #151 from tdviet/devel

Initial version of fedcloud.client module
tdviet · Jun 21, 2022 · 6a9deb9 · 6a9deb9
2 parents 201dcbb + 6091cac
commit 6a9deb9
Show file tree

Hide file tree

Showing 7 changed files with 122 additions and 16 deletions.
diff --git a/fedcloudclient/checkin.py b/fedcloudclient/checkin.py
@@ -198,6 +198,27 @@ def check_token(oidc_token, quiet=False, verbose=False, refresh_token=False):
     return oidc_token
 
 
+def get_checkin_id(
+    oidc_token,
+    quiet=False,
+):
+    """
+    Get EGI Check-in ID from access token
+
+    :param oidc_token: the token
+    :param quiet: If true, print no error message
+
+    :return: Check-in ID
+    """
+    try:
+        payload = jwt.decode(oidc_token, options={"verify_signature": False})
+    except jwt.exceptions.InvalidTokenError:
+        print_error("Error: Invalid access token.", quiet)
+        return None
+
+    return payload["sub"]
+
+
 def get_access_token(
     oidc_access_token,
     oidc_refresh_token,

diff --git a/fedcloudclient/cli.py b/fedcloudclient/cli.py
@@ -8,6 +8,7 @@
 from fedcloudclient.ec3 import ec3
 from fedcloudclient.endpoint import endpoint
 from fedcloudclient.openstack import openstack, openstack_int
+from fedcloudclient.secret import secret
 from fedcloudclient.select import select
 from fedcloudclient.sites import site
 
@@ -24,9 +25,11 @@ def cli():
 cli.add_command(endpoint)
 cli.add_command(ec3)
 cli.add_command(site)
+cli.add_command(secret)
 cli.add_command(select)
 cli.add_command(openstack)
 cli.add_command(openstack_int)
 
+
 if __name__ == "__main__":
     cli()
diff --git a/fedcloudclient/decorators.py b/fedcloudclient/decorators.py
@@ -1,7 +1,6 @@
 """
 Decorators for command-line parameters
 """
-
 from functools import wraps
 
 import click

diff --git a/fedcloudclient/endpoint.py b/fedcloudclient/endpoint.py
@@ -353,7 +353,7 @@ def token(
         print(f"Error: Unable to get Keystone token from site {site}")
 
 
-@endpoint.command()
+@endpoint.command("list")
 @all_site_params
 @click.option(
     "--service-type",
@@ -373,7 +373,7 @@ def token(
     help="Monitoring status",
     show_default=True,
 )
-def list(service_type, production, monitored, site, all_sites):
+def list_(service_type, production, monitored, site, all_sites):
     """
     List endpoints in site(s), will query GOCDB
     """

diff --git a/fedcloudclient/secret.py b/fedcloudclient/secret.py
@@ -0,0 +1,82 @@
+"""
+Implementation of "fedcloud secret" commands for accessing secret management service
+"""
+
+import click
+import hvac
+
+from tabulate import tabulate
+
+from fedcloudclient.checkin import get_checkin_id
+from fedcloudclient.decorators import oidc_params
+
+VAULT_ADDR = "https://vault.services.fedcloud.eu:8200"
+VAULT_ROLE = "demo"
+VAULT_MOUNT_POINT = "/secrets"
+
+
+def secret_client(access_token, command, path, data):
+    """
+    Client function for accessing secrets
+    :param path: path to secret
+    :param access_token: access token for authentication
+    :param command: the command to perform
+    :param data: input data
+    :return: Output data from the service
+    """
+
+    client = hvac.Client(url=VAULT_ADDR)
+    client.auth.jwt.jwt_login(role=VAULT_ROLE, jwt=access_token)
+    checkin_id = get_checkin_id(access_token)
+    full_path = checkin_id + "/" + path
+    function_list = {
+        "list_secrets": client.secrets.kv.v1.list_secrets,
+        "read_secret": client.secrets.kv.v1.read_secret,
+        "delete_secret": client.secrets.kv.v1.read_secret,
+    }
+    if command == "set":
+        response = client.secrets.kv.v1.create_or_update_secret(
+            path=full_path,
+            mount_point=VAULT_MOUNT_POINT,
+            secret=data,
+        )
+    else:
+        response = function_list[command](path=full_path, mount_point=VAULT_MOUNT_POINT)
+    return response
+
+
+@click.group()
+def secret():
+    """
+    Commands for accessing secrets
+    """
+
+
+@secret.command()
+@oidc_params
+@click.argument("short_path")
+def get(
+    access_token,
+    short_path,
+):
+    """
+    Get a secret from the path
+    """
+
+    data = secret_client(access_token, "read_secret", short_path, None)
+    print(tabulate(data["data"].items(), headers=["key", "value"]))
+
+
+@secret.command("list")
+@oidc_params
+@click.argument("short_path", required=False, default="")
+def list_(
+    access_token,
+    short_path,
+):
+    """
+    List secrets in the path
+    """
+
+    data = secret_client(access_token, "list_secrets", short_path, None)
+    print("\n".join(map(str, data["data"]["keys"])))
diff --git a/fedcloudclient/sites.py b/fedcloudclient/sites.py
@@ -316,8 +316,8 @@ def save_config():
     save_site_config(config_dir)
 
 
-@site.command()
-def list():
+@site.command("list")
+def list_():
     """
     List all sites
     """

diff --git a/requirements.txt b/requirements.txt
@@ -1,13 +1,14 @@
-click>=8.0.1
+click==8.1.3
 click_option_group>=0.5.3
-tabulate
-requests
-defusedxml
-pyjwt>=2.0.1
-python-openstackclient
-liboidcagent
+tabulate~=0.8.9
+requests==2.28.0
+defusedxml==0.7.1
+pyjwt==2.4.0
+python-openstackclient==5.8.0
+liboidcagent==0.4.0
 jsonpath-ng==1.5.3
-PyYAML>=5.4.1
-setuptools
-jsonschema
-psutil
+PyYAML==6.0
+setuptools==62.6.0
+jsonschema==4.6.0
+psutil==5.9.1
+hvac~=0.11.2