-
Notifications
You must be signed in to change notification settings - Fork 98
/
prepare.py
172 lines (133 loc) · 6.77 KB
/
prepare.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
import ast
import configparser
import os
import botocore.session
from types import MethodType
def get_prepared_config(
profile,
region,
ssl_verification,
adfs_host,
output_format,
provider_id,
s3_signature_version,
):
"""
Prepares ADF configuration for login task.
The task comprises steps as follows:
- default configuration preparation,
- creating aws cli configuration files, if needed
- loading adf configuration for specified aws profiles
The configuration is stored in ctx.adfs_config attribute
:param output_format: output format used by aws cli
:param adfs_host: fqdn of adfs host that will be used to authenticate user
:param ssl_verification: SSL certificate verification: Whether or not strict certificate
verification is done, False should only be used for dev/test
:param region: The default AWS region that this script will connect
to for all API calls
:param profile: aws cli profile
:param provider_id: Provider ID, e.g urn:amazon:webservices (optional)
:param s3_signature_version: s3 signature version
"""
def default_if_none(value, default):
return value if value is not None else default
adfs_config.profile = default_if_none(profile, adfs_config.profile)
_create_base_aws_cli_config_files_if_needed(adfs_config)
_load_adfs_config_from_stored_profile(adfs_config, adfs_config.profile)
adfs_config.ssl_verification = default_if_none(ssl_verification, adfs_config.ssl_verification)
adfs_config.region = default_if_none(region, adfs_config.region)
adfs_config.adfs_host = default_if_none(adfs_host, adfs_config.adfs_host)
adfs_config.output_format = default_if_none(output_format, adfs_config.output_format)
adfs_config.provider_id = default_if_none(provider_id, adfs_config.provider_id)
adfs_config.s3_signature_version = default_if_none(
s3_signature_version,
adfs_config.s3_signature_version
)
return adfs_config
def _create_adfs_default_config():
config = type('', (), {})()
# Use botocore session API to get defaults
session = botocore.session.Session()
# region: The default AWS region that this script will connect
# to for all API calls
config.region = session.get_config_variable('region') or 'eu-central-1'
# aws cli profile to store config and access keys into
config.profile = session.profile or 'default'
# output format: The AWS CLI output format that will be configured in the
# adf profile (affects subsequent CLI calls)
config.output_format = session.get_config_variable('format') or 'json'
# aws credential location: The file where this script will store the temp
# credentials under the configured profile
config.aws_credentials_location = os.path.expanduser(session.get_config_variable('credentials_file'))
config.aws_config_location = os.path.expanduser(session.get_config_variable('config_file'))
# cookie location: The file where this script will store the ADFS session cookies
config.adfs_cookie_location = os.path.join(os.path.dirname(config.aws_credentials_location), 'adfs_cookies')
# SSL certificate verification: Whether or not strict certificate
# verification is done, False should only be used for dev/test
config.ssl_verification = True
# AWS role arn
config.role_arn = None
config.adfs_host = None
config.adfs_user = None
# aws provider id. (Optional - 9/10 times it will always be urn:amazon:websevices)
config.provider_id = session.profile or 'urn:amazon:webservices'
# Note: if your bucket require CORS, it is advised that you use path style addressing
# (which is set by default in signature version 4).
config.s3_signature_version = None
return config
def _load_adfs_config_from_stored_profile(adfs_config, profile):
def get_or(self, profile, option, default_value):
if self.has_option(profile, option):
return self.get(profile, option)
return default_value
def load_from_config(config_location, profile, loader):
config = configparser.RawConfigParser()
config.read(config_location)
if config.has_section(profile):
setattr(config, get_or.__name__, MethodType(get_or, config))
loader(config, profile)
del config
def load_config(config, profile):
adfs_config.region = config.get_or(profile, 'region', adfs_config.region)
adfs_config.output_format = config.get_or(profile, 'output', adfs_config.output_format)
adfs_config.ssl_verification = ast.literal_eval(config.get_or(
profile, 'adfs_config.ssl_verification',
str(adfs_config.ssl_verification)))
adfs_config.role_arn = config.get_or(profile, 'adfs_config.role_arn', adfs_config.role_arn)
adfs_config.adfs_host = config.get_or(profile, 'adfs_config.adfs_host', adfs_config.adfs_host)
adfs_config.adfs_user = config.get_or(profile, 'adfs_config.adfs_user', adfs_config.adfs_user)
adfs_config.provider_id = config.get_or(profile, 'adfs_config.provider_id', adfs_config.provider_id)
adfs_config.s3_signature_version = None
rawS3SubSection = config.get_or(profile, 's3', None)
if rawS3SubSection:
s3SubSection = configparser.RawConfigParser()
setattr(s3SubSection, get_or.__name__, MethodType(get_or, s3SubSection))
s3SubSection.read_string('[s3_section]\n' + rawS3SubSection)
adfs_config.s3_signature_version = s3SubSection.get_or(
's3_section',
'signature_version',
adfs_config.s3_signature_version
)
if profile == 'default':
load_from_config(adfs_config.aws_config_location, profile, load_config)
else:
load_from_config(adfs_config.aws_config_location, 'profile ' + profile, load_config)
def _create_base_aws_cli_config_files_if_needed(adfs_config):
def touch(fname, mode=0o600):
flags = os.O_CREAT | os.O_APPEND
with os.fdopen(os.open(fname, flags, mode)) as f:
try:
os.utime(fname, None)
finally:
f.close()
aws_config_root = os.path.dirname(adfs_config.aws_config_location)
if not os.path.exists(aws_config_root):
os.mkdir(aws_config_root, 0o700)
if not os.path.exists(adfs_config.aws_credentials_location):
touch(adfs_config.aws_credentials_location)
aws_credentials_root = os.path.dirname(adfs_config.aws_credentials_location)
if not os.path.exists(aws_credentials_root):
os.mkdir(aws_credentials_root, 0o700)
if not os.path.exists(adfs_config.aws_config_location):
touch(adfs_config.aws_config_location)
adfs_config = _create_adfs_default_config()