diff --git a/piu/cli.py b/piu/cli.py index b231454..90f458d 100644 --- a/piu/cli.py +++ b/piu/cli.py @@ -137,7 +137,7 @@ def tunnel_validation(ctx, param, value): def _request_access(even_url, cacert, username, hostname, reason, remote_host, - lifetime, user, password, clip, connect, tunnel): + lifetime, clip, connect, tunnel): data = {'username': username, 'hostname': hostname, 'reason': reason} host_via = hostname if remote_host: @@ -146,12 +146,11 @@ def _request_access(even_url, cacert, username, hostname, reason, remote_host, if lifetime: data['lifetime_minutes'] = lifetime try: - token = zign.api.get_named_token(['uid'], 'employees', 'piu', user, password, prompt=True) + access_token = zign.api.get_token("piu", ['uid']) except zign.api.ServerError as e: click.secho('{}'.format(e), fg='red', bold=True) return 500 - access_token = token.get('access_token') click.secho('Requesting access to host {host_via} for {username}..'.format(host_via=host_via, username=username), bold=True) r = requests.post(even_url, headers={'Content-Type': 'application/json', @@ -199,9 +198,6 @@ def cli(ctx, config_file): @click.argument('host', metavar='[USER]@HOST', required=False) @click.argument('reason', required=False) @click.argument('reason_cont', nargs=-1, metavar='[..]', required=False) -@click.option('-U', '--user', help='Username to use for OAuth2 authentication', envvar='PIU_USER', metavar='NAME') -@click.option('-p', '--password', help='Password to use for OAuth2 authentication', - envvar='PIU_PASSWORD', metavar='PWD') @click.option('-E', '--even-url', help='Even SSH Access Granting Service URL', envvar='EVEN_URL', metavar='URI') @click.option('-O', '--odd-host', help='Odd SSH bastion hostname', envvar='ODD_HOST', metavar='HOSTNAME') @click.option('-t', '--lifetime', help='Lifetime of the SSH access request in minutes (default: 60)', @@ -213,7 +209,7 @@ def cli(ctx, config_file): @click.option('--tunnel', help='Tunnel to the host', envvar='PIU_TUNNEL', callback=tunnel_validation, metavar='LOCALPORT:REMOTEPORT') @click.pass_obj -def request_access(obj, host, reason, reason_cont, user, password, even_url, odd_host, lifetime, interactive, +def request_access(obj, host, reason, reason_cont, even_url, odd_host, lifetime, interactive, insecure, clip, connect, tunnel): '''Request SSH access to a single host''' @@ -227,13 +223,11 @@ def request_access(obj, host, reason, reason_cont, user, password, even_url, odd if connect and tunnel: raise click.UsageError('Cannot specify both "connect" and "tunnel"') - user = user or zign.api.get_config().get('user') or os.getenv('USER') - parts = host.split('@') if len(parts) > 1: username = parts[0] else: - username = user + username = zign.api.get_config().get('user') or os.getenv('USER') hostname = parts[-1] @@ -294,7 +288,7 @@ def request_access(obj, host, reason, reason_cont, user, password, even_url, odd remote_host = None return_code = _request_access(even_url, cacert, username, first_host, reason, remote_host, lifetime, - user, password, clip, connect, tunnel) + clip, connect, tunnel) if return_code != 200: sys.exit(return_code) @@ -398,5 +392,6 @@ def list_access_requests(obj, user, odd_host, status, limit, offset, output): def main(): handle_exceptions(cli)() + if __name__ == '__main__': main() diff --git a/requirements.txt b/requirements.txt index 5eb75b7..a706c90 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,6 +2,6 @@ clickclick>=0.10 PyYAML requests pyperclip -stups-zign>=0.16 +stups-zign>=1.1.26 boto3>=1.3.0 botocore>=1.4.10 diff --git a/setup.py b/setup.py index c8209e1..9999cfc 100644 --- a/setup.py +++ b/setup.py @@ -22,6 +22,7 @@ def read_version(package): exec(fd.read(), data) return data['__version__'] + NAME = 'stups-piu' MAIN_PACKAGE = 'piu' VERSION = read_version(MAIN_PACKAGE) diff --git a/tests/test_cli.py b/tests/test_cli.py index a5fa99f..1d7337b 100644 --- a/tests/test_cli.py +++ b/tests/test_cli.py @@ -16,9 +16,8 @@ def test_missing_reason(): def test_success(monkeypatch): response = MagicMock(status_code=200, text='**MAGIC-SUCCESS**') - monkeypatch.setattr('zign.api.get_named_token', MagicMock(return_value={'access_token': '123'})) + monkeypatch.setattr('zign.api.get_token', MagicMock(return_value='123')) monkeypatch.setattr('requests.post', MagicMock(return_value=response)) - monkeypatch.setattr('keyring.set_password', MagicMock()) runner = CliRunner() with runner.isolated_filesystem(): @@ -27,7 +26,6 @@ def test_success(monkeypatch): '--lifetime=15', '--even-url=https://localhost/', '--odd-host=odd.example.org', - '--password=foobar', 'my reason'], catch_exceptions=False) @@ -36,9 +34,8 @@ def test_success(monkeypatch): def test_bad_request(monkeypatch): response = MagicMock(status_code=400, text='**MAGIC-BAD-REQUEST**') - monkeypatch.setattr('zign.api.get_named_token', MagicMock(return_value={'access_token': '123'})) + monkeypatch.setattr('zign.api.get_token', MagicMock(return_value='123')) monkeypatch.setattr('requests.post', MagicMock(return_value=response)) - monkeypatch.setattr('keyring.set_password', MagicMock()) runner = CliRunner() with runner.isolated_filesystem(): @@ -46,7 +43,6 @@ def test_bad_request(monkeypatch): ['req', '--lifetime=15', '--even-url=https://localhost/', - '--password=foobar', 'myuser@odd-host', 'my reason'], catch_exceptions=False) @@ -57,16 +53,14 @@ def test_bad_request(monkeypatch): def test_auth_failure(monkeypatch): response = MagicMock(status_code=403, text='**MAGIC-AUTH-FAILED**') - monkeypatch.setattr('zign.api.get_named_token', MagicMock(return_value={'access_token': '123'})) + monkeypatch.setattr('zign.api.get_token', MagicMock(return_value='123')) monkeypatch.setattr('requests.post', MagicMock(return_value=response)) - monkeypatch.setattr('keyring.set_password', MagicMock()) runner = CliRunner() with runner.isolated_filesystem(): result = runner.invoke(cli, ['r', '--even-url=https://localhost/', - '--password=invalid', 'myuser@odd-host', 'my reason'], catch_exceptions=False) @@ -77,12 +71,10 @@ def test_auth_failure(monkeypatch): def test_dialog(monkeypatch): response = MagicMock(status_code=200, text='**MAGIC-SUCCESS**') - monkeypatch.setattr('zign.api.get_named_token', MagicMock(return_value={'access_token': '123'})) + monkeypatch.setattr('zign.api.get_token', MagicMock(return_value='123')) monkeypatch.setattr('requests.post', MagicMock(return_value=response)) monkeypatch.setattr('requests.get', MagicMock(return_value=response)) monkeypatch.setattr('socket.getaddrinfo', MagicMock()) - monkeypatch.setattr('keyring.set_password', MagicMock()) - monkeypatch.setattr('keyring.get_password', MagicMock(return_value=None)) runner = CliRunner() with runner.isolated_filesystem(): @@ -95,12 +87,10 @@ def test_dialog(monkeypatch): def test_oauth_failure(monkeypatch): response = MagicMock(status_code=200, text='**MAGIC-SUCCESS**') - monkeypatch.setattr('zign.api.get_named_token', MagicMock(side_effect=zign.api.ServerError('**MAGIC-FAIL**'))) + monkeypatch.setattr('zign.api.get_token', MagicMock(side_effect=zign.api.ServerError('**MAGIC-FAIL**'))) monkeypatch.setattr('requests.post', MagicMock(return_value=response)) monkeypatch.setattr('requests.get', MagicMock(return_value=response)) monkeypatch.setattr('socket.getaddrinfo', MagicMock()) - monkeypatch.setattr('keyring.set_password', MagicMock()) - monkeypatch.setattr('keyring.get_password', MagicMock(return_value=None)) runner = CliRunner() with runner.isolated_filesystem(): @@ -305,7 +295,7 @@ def test_tunnel_success(monkeypatch): response = MagicMock(status_code=200, text='**MAGIC-SUCCESS**') - monkeypatch.setattr('zign.api.get_named_token', MagicMock(return_value={'access_token': '123'})) + monkeypatch.setattr('zign.api.get_token', MagicMock(return_value='123')) monkeypatch.setattr('requests.post', MagicMock(return_value=response)) monkeypatch.setattr('subprocess.call', MagicMock())