-
Notifications
You must be signed in to change notification settings - Fork 44
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Refactor * Updated conf with encryption * Added AWS KMS support
- Loading branch information
Showing
32 changed files
with
533 additions
and
85 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
pyms: | ||
crypt: | ||
method: "aws_kms" | ||
key_id: "alias/prueba-avara" | ||
config: | ||
DEBUG: true | ||
TESTING: false | ||
SWAGGER: true | ||
APP_NAME: business-glossary | ||
APPLICATION_ROOT : "" | ||
SECRET_KEY: "gjr39dkjn344_!67#" | ||
enc_encrypted_key: "AQICAHiALhLQv4eW8jqUccFSnkyDkBAWLAm97Lr2qmdItkUCIAEVoPzSHLW+If9sxSRJ420jAAAAoDCBnQYJKoZIhvcNAQcGoIGPMIGMAgEAMIGGBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDHoNko2L0A0m/r/h9QIBEIBZPsxFUeHFQzEacdLde5eeJRTHw8e0eSwG7UkJzc+ZdBp1xS9DyqBsHQw4Xnx58iQxCgH6ivRKOraZGKX5ebIZUrw/d+XD8YmbdCosx/TwnHVLneehSbWjF1c=" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
from base64 import b64decode | ||
|
||
from flask import jsonify | ||
|
||
from pyms.flask.app import Microservice | ||
|
||
ms = Microservice() | ||
app = ms.create_app() | ||
|
||
|
||
@app.route("/") | ||
def example(): | ||
return jsonify({"main": app.ms.config.encrypted_key}) | ||
|
||
|
||
if __name__ == '__main__': | ||
app.run() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
import base64 | ||
|
||
from pyms.crypt.driver import CryptAbstract | ||
from pyms.utils import check_package_exists, import_package | ||
|
||
|
||
class Crypt(CryptAbstract): | ||
encryption_algorithm = "SYMMETRIC_DEFAULT" # 'SYMMETRIC_DEFAULT' | 'RSAES_OAEP_SHA_1' | 'RSAES_OAEP_SHA_256' | ||
key_id = "" | ||
|
||
def __init__(self, *args, **kwargs): | ||
self._init_boto() | ||
super().__init__(*args, **kwargs) | ||
|
||
def encrypt(self, message): # pragma: no cover | ||
ciphertext = self.client.encrypt( | ||
KeyId=self.config.key_id, | ||
Plaintext=bytes(message, encoding="UTF-8"), | ||
) | ||
return str(base64.b64encode(ciphertext["CiphertextBlob"]), encoding="UTF-8") | ||
|
||
def _init_boto(self): # pragma: no cover | ||
check_package_exists("boto3") | ||
boto3 = import_package("boto3") | ||
boto3.set_stream_logger(name='botocore') | ||
self.client = boto3.client('kms') | ||
|
||
def _aws_decrypt(self, blob_text): # pragma: no cover | ||
response = self.client.decrypt( | ||
CiphertextBlob=blob_text, | ||
KeyId=self.config.key_id, | ||
EncryptionAlgorithm=self.encryption_algorithm | ||
) | ||
return str(response['Plaintext'], encoding="UTF-8") | ||
|
||
def _parse_encrypted(self, encrypted): | ||
blob_text = base64.b64decode(encrypted) | ||
return blob_text | ||
|
||
def decrypt(self, encrypted): | ||
blob_text = self._parse_encrypted(encrypted) | ||
decrypted = self._aws_decrypt(blob_text) | ||
|
||
return decrypted |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
from pyms.config import get_conf | ||
|
||
|
||
class ConfigResource: | ||
|
||
config_resource = None | ||
|
||
def __init__(self, *args, **kwargs): | ||
self.config = get_conf(service=self.config_resource, empty_init=True, uppercase=False, *args, **kwargs) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
import logging | ||
from abc import ABC, abstractmethod | ||
|
||
from pyms.config.resource import ConfigResource | ||
from pyms.constants import CRYPT_BASE, LOGGER_NAME | ||
from pyms.utils import import_from | ||
|
||
logger = logging.getLogger(LOGGER_NAME) | ||
|
||
CRYPT_RESOURCES_CLASS = "Crypt" | ||
|
||
|
||
class CryptAbstract(ABC): | ||
|
||
def __init__(self, *args, **kwargs): | ||
self.config = kwargs.get("config") | ||
|
||
@abstractmethod | ||
def encrypt(self, message): | ||
raise NotImplementedError | ||
|
||
@abstractmethod | ||
def decrypt(self, encrypted): | ||
raise NotImplementedError | ||
|
||
|
||
class CryptNone(CryptAbstract): | ||
|
||
def encrypt(self, message): | ||
return message | ||
|
||
def decrypt(self, encrypted): | ||
return encrypted | ||
|
||
|
||
class CryptResource(ConfigResource): | ||
"""This class works between `pyms.flask.create_app.Microservice` and `pyms.flask.services.[THESERVICE]`. Search | ||
for a file with the name you want to load, set the configuration and return a instance of the class you want | ||
""" | ||
config_resource = CRYPT_BASE | ||
|
||
def get_crypt(self, *args, **kwargs) -> CryptAbstract: | ||
if self.config.method == "fernet": | ||
crypt_object = import_from("pyms.crypt.fernet", CRYPT_RESOURCES_CLASS) | ||
elif self.config.method == "aws_kms": | ||
crypt_object = import_from("pyms.cloud.aws.kms", CRYPT_RESOURCES_CLASS) | ||
else: | ||
crypt_object = CryptNone | ||
logger.debug("Init crypt {}".format(crypt_object)) | ||
return crypt_object(config=self.config, *args, **kwargs) | ||
|
||
def __call__(self, *args, **kwargs): | ||
return self.get_crypt(*args, **kwargs) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.