vaultpass/testing/spawn.py

#!/usr/bin/env python3

import json
import os
import re
import socket
import subprocess
##
import hvac
import psutil
##
from . import serverconf
from . import vauptpassconf


_url_re = re.compile(r'^(?P<proto>https?)://(?P<addr>[^:/]+)(:(?P<port>[0-9]+)?)?(?P<path>/.*)?$')


class VaultSpawner(object):
    client = hvac.Client()
    binary_name = 'vault'

    def __init__(self, conf, genconf = True, is_dev = False):
        self.conf = conf
        self.genconf = genconf
        self.pid = None
        self.process = None
        self._parseConf()

    def _getProcess(self):
        processes = [p for p in psutil.process_iter() if p.name() == self.binary_name]
        if not processes:
            self.process = None
            self.pid = None
            return(None)
        r = _url_re.search(self.client.url)
        if not r:
            raise ValueError('Invalid server URL')
        try:
            port = int(r.groupdict().get('port', 8200))
        except ValueError:
            port = 8200
        ip = socket.gethostbyname(r.groupdict('addr'))
        pids = []
        # First we try the easy way, but requires root privs even if you ran vault as your current user.
        has_priv = True
        for p in processes:
            pids.append(p)
            try:
                p_port = p.connections()
            except (psutil.AccessDenied, psutil.AccessDenied):
                has_priv = False
                break
        if not has_priv:
            conns = [c for c in psutil.net_connections() if c.laddr.port == port and c.laddr.ip == ip]
            if not conns:
                self.process = None
                self.pid = None
                return(None)
            for c in conns:
                if not c.pid:
                    continue
                if c.pid in pids:
                    self.pid = c.pid
                    self.process = psutil.Process(pid = self.pid)
            if not all((self.process, self.pid)):
                if len(conns) == 1 and len(pids) == 1:
                    self.process = pids[0]
                    self.pid = self.process.pid
                else:
                    raise RuntimeError('Could not reliably determine which Vault instance to manage')


    def _parseConf(self):
        is_hcl = False
        rawconf = None
        if not self.conf:
            if os.path.isfile(serverconf.conf_file):
                self.conf = serverconf.conf_file
            else:
                # Use the default.
                self.genconf = True
                self.conf = serverconf.default_conf
        elif not isinstance(self.conf, dict):
            # Assume it's a file.
            self.conf = os.path.abspath(os.path.expanduser(self.conf))
            with open(self.conf, 'r') as fh:
                rawconf = fh.read()
            try:
                self.conf = json.loads(rawconf)
            except json.decoder.JSONDecodeError:
                is_hcl = True  # It's probably HCL.
        if is_hcl:
            self.conf = serverconf.parseHCL(rawconf)
        if self.genconf:
            serverconf.genConf(confdict = self.conf)
        listener = self.conf['listener'][0]['tcp']
        addr = listener['address']
        is_tls = listener.get('tls_disable', False)
        url = '{0}://{1}'.format(('https' if is_tls else 'http'), addr)
        if not _url_re.search(url):
            raise ValueError('Invalid server address')
        self.client.url = url
        return(None)

    def start(self):
        if any((self.pid, self.process)):
            # Already started.
            return(None)
adding some testing tools 2020-04-01 11:37:21 -04:00			`#!/usr/bin/env python3`

			`import json`
			`import os`
			`import re`
			`import socket`
			`import subprocess`
			`##`
			`import hvac`
			`import psutil`
			`##`
			`from . import serverconf`
			`from . import vauptpassconf`


			`_url_re = re.compile(r'^(?P<proto>https?)://(?P<addr>[^:/]+)(:(?P<port>[0-9]+)?)?(?P<path>/.*)?$')`


			`class VaultSpawner(object):`
			`client = hvac.Client()`
			`binary_name = 'vault'`

			`def __init__(self, conf, genconf = True, is_dev = False):`
			`self.conf = conf`
			`self.genconf = genconf`
			`self.pid = None`
			`self.process = None`
			`self._parseConf()`

			`def _getProcess(self):`
			`processes = [p for p in psutil.process_iter() if p.name() == self.binary_name]`
			`if not processes:`
			`self.process = None`
			`self.pid = None`
			`return(None)`
			`r = _url_re.search(self.client.url)`
			`if not r:`
			`raise ValueError('Invalid server URL')`
			`try:`
			`port = int(r.groupdict().get('port', 8200))`
			`except ValueError:`
			`port = 8200`
			`ip = socket.gethostbyname(r.groupdict('addr'))`
			`pids = []`
			`# First we try the easy way, but requires root privs even if you ran vault as your current user.`
			`has_priv = True`
			`for p in processes:`
			`pids.append(p)`
			`try:`
			`p_port = p.connections()`
			`except (psutil.AccessDenied, psutil.AccessDenied):`
			`has_priv = False`
			`break`
			`if not has_priv:`
			`conns = [c for c in psutil.net_connections() if c.laddr.port == port and c.laddr.ip == ip]`
			`if not conns:`
			`self.process = None`
			`self.pid = None`
			`return(None)`
			`for c in conns:`
			`if not c.pid:`
			`continue`
			`if c.pid in pids:`
			`self.pid = c.pid`
			`self.process = psutil.Process(pid = self.pid)`
			`if not all((self.process, self.pid)):`
			`if len(conns) == 1 and len(pids) == 1:`
			`self.process = pids[0]`
			`self.pid = self.process.pid`
			`else:`
			`raise RuntimeError('Could not reliably determine which Vault instance to manage')`



			`def _parseConf(self):`
			`is_hcl = False`
			`rawconf = None`
			`if not self.conf:`
			`if os.path.isfile(serverconf.conf_file):`
			`self.conf = serverconf.conf_file`
			`else:`
			`# Use the default.`
			`self.genconf = True`
			`self.conf = serverconf.default_conf`
			`elif not isinstance(self.conf, dict):`
			`# Assume it's a file.`
			`self.conf = os.path.abspath(os.path.expanduser(self.conf))`
			`with open(self.conf, 'r') as fh:`
			`rawconf = fh.read()`
			`try:`
			`self.conf = json.loads(rawconf)`
			`except json.decoder.JSONDecodeError:`
			`is_hcl = True # It's probably HCL.`
			`if is_hcl:`
			`self.conf = serverconf.parseHCL(rawconf)`
			`if self.genconf:`
			`serverconf.genConf(confdict = self.conf)`
			`listener = self.conf['listener'][0]['tcp']`
			`addr = listener['address']`
			`is_tls = listener.get('tls_disable', False)`
			`url = '{0}://{1}'.format(('https' if is_tls else 'http'), addr)`
			`if not _url_re.search(url):`
			`raise ValueError('Invalid server address')`
			`self.client.url = url`
			`return(None)`

			`def start(self):`
			`if any((self.pid, self.process)):`
			`# Already started.`
			`return(None)`