-
Notifications
You must be signed in to change notification settings - Fork 14
/
SecurityMigrator.py
172 lines (145 loc) · 7.77 KB
/
SecurityMigrator.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
import argparse
import logging
import sys
from migrator.ArtifactoryDockerAccess import ArtifactoryDockerAccess
from migrator.ArtifactoryUserAccess import ArtifactoryUserAccess
from migrator.UCPAccess import UCPAccess
from migrator.DTRAccess import DTRAccess
from migrator.DockerEESecurityMigrator import DockerEESecurityMigrator
from migrator.QuayEEAccess import QuayEEAccess
from migrator.QuayEESecurityMigrator import QuayEESecurityMigrator
'''
Entry point and argument parser for security data migration to Artifactory
Supports:
dockeree - Migrate from a Docker EE.
'''
def add_extra_args(parser):
parser.add_argument('--ignore-certs', dest='ignore_cert', action='store_const', const=True, default=False,
help='Ignore any certificate errors from both source and destination')
parser.add_argument('--overwrite', action='store_true',
help='Overwrite existing users, groups or permissions on the destination')
parser.add_argument('-v', '--verbose', action='store_true', help='Make the operation more talkative')
parser.add_argument('initial-password', help='The password to be assigned to migrated users in Artifactory')
def add_art_access(parser):
art_group = parser.add_argument_group('artifactory')
art_group.add_argument('artifactory', help='The destination Artifactory URL')
art_group.add_argument('username', help='The username to use for authentication to Artifactory')
art_group.add_argument('password', help='The password to use for authentication to Artifactory')
art_group.add_argument('repo', help='The docker repository')
# Sets up the argument parser for the application
def get_arg_parser():
parser = argparse.ArgumentParser(prog='python SecurityMigrator.py',
description='Docker registry security data to Artifactory migrator.')
# Docker EE Parser
subparsers = parser.add_subparsers(help='sub-command help')
parser_dockeree = subparsers.add_parser('dockeree',
help='Request security migration from Docker EE tools',
description='Docker EE security data to Artifactory migrator. Migrates users, teams and permissions from Docker EE UCP and DTR to Artifactory.')
# Docker EE tools access
dockeree_group = parser_dockeree.add_argument_group('dockeree')
dockeree_group.add_argument('ucp', help='The Docker Universal Control Plane (UCP) URL')
dockeree_group.add_argument('dtr', help='The Docker Trusted Registry (DTR) URL')
dockeree_group.add_argument('dockeree-username', help='The username to use for authentication to the Docker EE tools')
dockeree_group.add_argument('dockeree-password', help='The password to use for authentication to the Docker EE tools')
# Artifactory access
add_art_access(parser_dockeree)
# Extra options
add_extra_args(parser_dockeree)
parser_dockeree.add_argument('email-suffix', help='The email suffix to be assigned to migrated users in Artifactory',
default="mail.com")
parser_dockeree.set_defaults(func=dockeree_migration)
# Quay EE Parser
parser_quayee = subparsers.add_parser('quayee',
help='Request security migration from Quay EE tools',
description='Quay EE security data to Artifactory migrator. Migrates users, teams and permissions from Quay EE to Artifactory.')
quay_ee_source = parser_quayee.add_argument_group('source')
quay_ee_source.add_argument('source', help='The source registry URL')
quay_ee_source.add_argument('token', help='The OAuth2 Access Token of the super user')
# Artifactory access
add_art_access(parser_quayee)
# Extra options
add_extra_args(parser_quayee)
parser_quayee.set_defaults(func=quayee_migration)
return parser
'''
DockerEE Security Data migration
@param args - The user provided arguments
'''
def dockeree_migration(args):
# Set up and verify the connection to the source components
ucp = UCPAccess(args['ucp'], args['dockeree-username'], args['dockeree-password'], args['ignore_cert'])
if not ucp.test_connection():
sys.exit("Cannot connect to UCP. Check the provided URL and credentials.")
dtr = DTRAccess(args['dtr'], args['dockeree-username'], args['dockeree-password'], args['ignore_cert'])
if not dtr.test_connection():
sys.exit("Cannot connect to DTR. Check the provided URL and credentials.")
# Set up and verify the connection to Artifactory
setup_art_access(args['artifactory'], args['username'],
args['password'], args['repo'], args['ignore_cert'])
art_user_access = ArtifactoryUserAccess(args['artifactory'], args['username'],
args['password'])
# Perform the migration
migrator = DockerEESecurityMigrator(ucp, dtr, art_user_access, args['repo'],
args['overwrite'], args['initial-password'], args['email-suffix'])
migrator.migrate()
'''
QuayEE Security Data migration
@param args - The user provided arguments
'''
def quayee_migration(args):
# Set up and verify the connection to the source
quayee_access = QuayEEAccess(args['source'], args['token'], ignore_cert=args['ignore_cert'])
if not quayee_access.is_quay_ee():
sys.exit("Provided URL does not seem to be a valid Quay Enterprise server.")
bots = quayee_access.get_robots_in_org("org1")
permission = quayee_access.get_team_permissions_for_org("org1", "mendoza")
# Set up and verify the connection to Artifactory
setup_art_access(args['artifactory'], args['username'],
args['password'], args['repo'], args['ignore_cert'])
art_user_access = ArtifactoryUserAccess(args['artifactory'], args['username'],
args['password'])
# Perform the migration
migrator = QuayEESecurityMigrator(quayee_access, art_user_access, args['repo'],
args['overwrite'], args['initial-password'])
migrator.migrate()
'''
Set up and verify the connection to Artifactory
@param artifactory_url - The URL to the Artifactory instance
@param username - The username to access Artifactory
@param password - The password (API Key, encrypted password, token) to access Artifactory
@param repo - The repo name
@param ignore_cert - True if the certificate to this instance should be ignored
'''
def setup_art_access(artifactory_url, username, password, repo, ignore_cert):
art_access = ArtifactoryDockerAccess(url=artifactory_url, username=username,
password=password, repo=repo, ignore_cert=ignore_cert)
if not art_access.is_valid():
sys.exit("The provided Artifactory URL or credentials do not appear valid.")
if not art_access.is_valid_version():
sys.exit("The provided Artifactory instance is version %s but only 4.4.3+ is supported." %
art_access.get_version())
if not art_access.is_valid_docker_repo():
sys.exit("The repo %s does not appear to be a valid V2 Docker repository." % args.repo)
return art_access
def setup_logging(level):
fmt = "%(asctime)s [%(threadName)s] [%(levelname)s]"
fmt += " (%(name)s:%(lineno)d) - %(message)s"
formatter = logging.Formatter(fmt)
stdouth = logging.StreamHandler(sys.stdout)
stdouth.setFormatter(formatter)
logger = logging.getLogger()
logger.setLevel(level)
logger.handlers = []
logger.addHandler(stdouth)
if __name__ == '__main__':
# Argument parsing
logging.info("Parsing and verifying user provided arguments.")
parser = get_arg_parser()
args = parser.parse_args()
# Set log level
if args.verbose:
setup_logging(logging.INFO)
else:
setup_logging(logging.WARN)
# Calls the appropriate function based on user's selected operation
args.func(vars(args))