some basics for VaultPass
This commit is contained in:
parent
496cf83a60
commit
69dadba825
1
TODO
Normal file
1
TODO
Normal file
@ -0,0 +1 @@
|
||||
- I duplicate a lot of code (logging, conf parsing, etc.) from AIF-NG. I should probably just create a common library.
|
11
example.vaultpass.xml
Normal file
11
example.vaultpass.xml
Normal file
@ -0,0 +1,11 @@
|
||||
<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<vaultpass xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="https://git.square-r00t.net/VaultPass/"
|
||||
xsi:schemaLocation="https://git.square-r00t.net/VaultPass/ http://schema.xml.r00t2.io/projects/vaultpass.xsd"
|
||||
autoUnseal="true"
|
||||
unsealShard="YOUR_UNSEAL_HERE">
|
||||
<uri>https://localhost:8000/</uri>
|
||||
<auth>
|
||||
<token/>
|
||||
</auth>
|
||||
</vaultpass>
|
11
vaultpass/__init__.py
Normal file
11
vaultpass/__init__.py
Normal file
@ -0,0 +1,11 @@
|
||||
import warnings
|
||||
##
|
||||
import hvac
|
||||
##
|
||||
from . import clipboard
|
||||
from . import config
|
||||
|
||||
|
||||
class PassMan(object):
|
||||
def __init__(self):
|
||||
pass
|
2
vaultpass/clipboard.py
Normal file
2
vaultpass/clipboard.py
Normal file
@ -0,0 +1,2 @@
|
||||
import os
|
||||
import subprocess
|
267
vaultpass/config.py
Normal file
267
vaultpass/config.py
Normal file
@ -0,0 +1,267 @@
|
||||
import copy
|
||||
import os
|
||||
import logging
|
||||
import re
|
||||
##
|
||||
import requests
|
||||
from lxml import etree
|
||||
|
||||
|
||||
# TODO: change filehandler of logger? https://stackoverflow.com/a/47447444
|
||||
_logger = logging.getLogger('config:{0}'.format(__name__))
|
||||
|
||||
|
||||
class Config(object):
|
||||
xsd_path = None
|
||||
tree = None
|
||||
namespaced_tree = None
|
||||
xml = None
|
||||
namespaced_xml = None
|
||||
raw = None
|
||||
xsd = None
|
||||
defaultsParser = None
|
||||
|
||||
def __init__(self, xsd_path = None, *args, **kwargs):
|
||||
_logger.info('Instantiated {0}.'.format(type(self).__name__))
|
||||
|
||||
def main(self, validate = True, populate_defaults = True):
|
||||
self.fetch()
|
||||
self.parseRaw()
|
||||
if populate_defaults:
|
||||
self.populateDefaults()
|
||||
if validate:
|
||||
self.validate()
|
||||
return(None)
|
||||
|
||||
def fetch(self): # Just a fail-safe; this is overridden by specific subclasses.
|
||||
pass
|
||||
return(None)
|
||||
|
||||
def getXSD(self, xsdpath = None):
|
||||
if not xsdpath:
|
||||
xsdpath = self.xsd_path
|
||||
raw_xsd = None
|
||||
base_url = None
|
||||
if xsdpath:
|
||||
_logger.debug('XSD path specified.')
|
||||
orig_xsdpath = xsdpath
|
||||
xsdpath = os.path.abspath(os.path.expanduser(xsdpath))
|
||||
_logger.debug('Transformed XSD path: {0} => {1}'.format(orig_xsdpath, xsdpath))
|
||||
if not os.path.isfile(xsdpath):
|
||||
_logger.error('The specified XSD path {0} does not exist on the local filesystem.'.format(xsdpath))
|
||||
raise ValueError('Specified XSD path does not exist')
|
||||
with open(xsdpath, 'rb') as fh:
|
||||
raw_xsd = fh.read()
|
||||
base_url = os.path.split(xsdpath)[0]
|
||||
else:
|
||||
_logger.debug('No XSD path specified; getting it from the configuration file.')
|
||||
xsi = self.xml.nsmap.get('xsi', 'http://www.w3.org/2001/XMLSchema-instance')
|
||||
_logger.debug('xsi: {0}'.format(xsi))
|
||||
schemaLocation = '{{{0}}}schemaLocation'.format(xsi)
|
||||
schemaURL = self.xml.attrib.get(schemaLocation,
|
||||
'https://schema.xml.r00t2.io/projects/vaultpass.xsd')
|
||||
_logger.debug('Detected schema map: {0}'.format(schemaURL))
|
||||
split_url = schemaURL.split()
|
||||
if len(split_url) == 2: # a properly defined schemaLocation
|
||||
schemaURL = split_url[1]
|
||||
else:
|
||||
schemaURL = split_url[0] # a LAZY schemaLocation
|
||||
_logger.info('Detected schema location: {0}'.format(schemaURL))
|
||||
if schemaURL.startswith('file://'):
|
||||
schemaURL = re.sub(r'^file://', r'', schemaURL)
|
||||
_logger.debug('Fetching local file {0}'.format(schemaURL))
|
||||
with open(schemaURL, 'rb') as fh:
|
||||
raw_xsd = fh.read()
|
||||
base_url = os.path.dirname(schemaURL)
|
||||
else:
|
||||
_logger.debug('Fetching remote file: {0}'.format(schemaURL))
|
||||
req = requests.get(schemaURL)
|
||||
if not req.ok:
|
||||
_logger.error('Unable to fetch XSD.')
|
||||
raise RuntimeError('Could not download XSD')
|
||||
raw_xsd = req.content
|
||||
base_url = os.path.split(req.url)[0] # This makes me feel dirty.
|
||||
_logger.debug('Loaded XSD at {0} ({1} bytes).'.format(xsdpath, len(raw_xsd)))
|
||||
_logger.debug('Parsed XML base URL: {0}'.format(base_url))
|
||||
self.xsd = etree.XMLSchema(etree.XML(raw_xsd, base_url = base_url))
|
||||
_logger.info('Rendered XSD.')
|
||||
return(None)
|
||||
|
||||
def parseRaw(self, parser = None):
|
||||
self.xml = etree.fromstring(self.raw, parser = parser)
|
||||
_logger.debug('Generated xml.')
|
||||
self.namespaced_xml = etree.fromstring(self.raw, parser = parser)
|
||||
_logger.debug('Generated namespaced xml.')
|
||||
self.tree = self.xml.getroottree()
|
||||
_logger.debug('Generated tree.')
|
||||
self.namespaced_tree = self.namespaced_xml.getroottree()
|
||||
_logger.debug('Generated namespaced tree.')
|
||||
self.tree.xinclude()
|
||||
_logger.debug('Parsed XInclude for tree.')
|
||||
self.namespaced_tree.xinclude()
|
||||
_logger.debug('Parsed XInclude for namespaced tree.')
|
||||
self.stripNS()
|
||||
return(None)
|
||||
|
||||
def populateDefaults(self):
|
||||
_logger.info('Populating missing values with defaults from XSD.')
|
||||
if not self.xsd:
|
||||
self.getXSD()
|
||||
if not self.defaultsParser:
|
||||
self.defaultsParser = etree.XMLParser(schema = self.xsd, attribute_defaults = True)
|
||||
self.parseRaw(parser = self.defaultsParser)
|
||||
return(None)
|
||||
|
||||
def removeDefaults(self):
|
||||
_logger.info('Removing default values from missing values.')
|
||||
self.parseRaw()
|
||||
return(None)
|
||||
|
||||
def stripNS(self, obj = None):
|
||||
_logger.debug('Stripping namespace.')
|
||||
# https://stackoverflow.com/questions/30232031/how-can-i-strip-namespaces-out-of-an-lxml-tree/30233635#30233635
|
||||
xpathq = "descendant-or-self::*[namespace-uri()!='']"
|
||||
if not obj:
|
||||
_logger.debug('No XML object selected; using instance\'s xml and tree.')
|
||||
for x in (self.tree, self.xml):
|
||||
for e in x.xpath(xpathq):
|
||||
e.tag = etree.QName(e).localname
|
||||
elif isinstance(obj, (etree._Element, etree._ElementTree)):
|
||||
_logger.debug('XML object provided: {0}'.format(etree.tostring(obj, with_tail = False).decode('utf-8')))
|
||||
obj = copy.deepcopy(obj)
|
||||
for e in obj.xpath(xpathq):
|
||||
e.tag = etree.QName(e).localname
|
||||
return(obj)
|
||||
else:
|
||||
_logger.error('A non-XML object was provided.')
|
||||
raise ValueError('Did not know how to parse obj parameter')
|
||||
return(None)
|
||||
|
||||
def toString(self, stripped = False, obj = None):
|
||||
if isinstance(obj, (etree._Element, etree._ElementTree)):
|
||||
_logger.debug('Converting an XML object to a string')
|
||||
if stripped:
|
||||
_logger.debug('Stripping before stringifying.')
|
||||
obj = self.stripNS(obj)
|
||||
elif obj in ('tree', None):
|
||||
if not stripped:
|
||||
_logger.debug('Converting the instance\'s namespaced tree to a string.')
|
||||
obj = self.namespaced_tree
|
||||
else:
|
||||
_logger.debug('Converting the instance\'s stripped tree to a string.')
|
||||
obj = self.tree
|
||||
elif obj == 'xml':
|
||||
if not stripped:
|
||||
_logger.debug('Converting instance\'s namespaced XML to a string')
|
||||
obj = self.namespaced_xml
|
||||
else:
|
||||
_logger.debug('Converting instance\'s stripped XML to a string')
|
||||
obj = self.xml
|
||||
else:
|
||||
_logger.error(('obj parameter must be "tree", "xml", or of type '
|
||||
'lxml.etree._Element or lxml.etree._ElementTree'))
|
||||
raise TypeError('Invalid obj type')
|
||||
obj = copy.deepcopy(obj)
|
||||
strxml = etree.tostring(obj,
|
||||
encoding = 'utf-8',
|
||||
xml_declaration = True,
|
||||
pretty_print = True,
|
||||
with_tail = True,
|
||||
inclusive_ns_prefixes = True)
|
||||
_logger.debug('Rendered string output successfully.')
|
||||
return(strxml)
|
||||
|
||||
def validate(self):
|
||||
if not self.xsd:
|
||||
self.getXSD()
|
||||
_logger.debug('Checking validation against namespaced tree.')
|
||||
self.xsd.assertValid(self.namespaced_tree)
|
||||
return(None)
|
||||
|
||||
|
||||
class LocalFile(Config):
|
||||
def __init__(self, path, xsd_path = None, *args, **kwargs):
|
||||
super().__init__(xsd_path = xsd_path, *args, **kwargs)
|
||||
self.type = 'local'
|
||||
self.source = path
|
||||
|
||||
def fetch(self):
|
||||
orig_src = self.source
|
||||
self.source = os.path.abspath(os.path.expanduser(self.source))
|
||||
_logger.debug('Canonized path: {0} => {1}'.format(orig_src, self.source))
|
||||
if not os.path.isfile(self.source):
|
||||
_logger.error('Config at {0} not found.'.format(self.source))
|
||||
raise ValueError('Config file does not exist'.format(self.source))
|
||||
with open(self.source, 'rb') as fh:
|
||||
self.raw = fh.read()
|
||||
_logger.debug('Fetched configuration ({0} bytes).'.format(len(self.raw)))
|
||||
return(None)
|
||||
|
||||
|
||||
class RemoteFile(Config):
|
||||
def __init__(self, uri, xsd_path = None, *args, **kwargs):
|
||||
super().__init__(*args, **kwargs)
|
||||
self.type = 'remote'
|
||||
self.source = uri
|
||||
|
||||
def fetch(self):
|
||||
r = requests.get(self.source)
|
||||
if not r.ok():
|
||||
_logger.error('Could not fetch {0}'.format(self.source))
|
||||
raise RuntimeError('Could not download XML')
|
||||
self.raw = r.content
|
||||
_logger.debug('Fetched configuration ({0} bytes).'.format(len(self.raw)))
|
||||
return(None)
|
||||
|
||||
|
||||
class ConfigStr(Config):
|
||||
def __init__(self, rawxml, xsd_path = None, *args, **kwargs):
|
||||
super().__init__(*args, **kwargs)
|
||||
self.type = 'raw_str'
|
||||
self.source = rawxml
|
||||
|
||||
def fetch(self):
|
||||
self.raw = self.source.encode('utf-8')
|
||||
_logger.debug('Raw configuration (str) passed in ({0} bytes); converted to bytes.'.format(len(self.raw)))
|
||||
return(None)
|
||||
|
||||
|
||||
class ConfigBin(Config):
|
||||
def __init__(self, rawbinaryxml, xsd_path = None, *args, **kwargs):
|
||||
super().__init__(*args, **kwargs)
|
||||
self.type = 'raw_bin'
|
||||
self.source = rawbinaryxml
|
||||
|
||||
def fetch(self):
|
||||
self.raw = self.source
|
||||
_logger.debug('Raw configuration (binary) passed in ({0} bytes); converted to bytes.'.format(len(self.raw)))
|
||||
return(None)
|
||||
|
||||
|
||||
detector = {'raw': (re.compile(r'^\s*(?P<xml><(\?xml|vaultpass)\s+.*)\s*$', re.DOTALL | re.MULTILINE), ConfigStr),
|
||||
'remote': (re.compile(r'^(?P<uri>(?P<scheme>(https?|ftps?)://)(?P<path>.*))\s*$'), RemoteFile),
|
||||
'local': (re.compile(r'^(file://)?(?P<path>(/?[^/]+)+/?)$'), LocalFile)}
|
||||
|
||||
|
||||
def getConfig(cfg_ref, validate = True, populate_defaults = True, xsd_path = None):
|
||||
cfgobj = None
|
||||
# This is kind of gross.
|
||||
for configtype, (pattern, configClass) in detector.items():
|
||||
try:
|
||||
if pattern.search(cfg_ref):
|
||||
cfgobj = configClass(cfg_ref, xsd_path = xsd_path)
|
||||
_logger.info('Config detected as {0}.'.format(configtype))
|
||||
break
|
||||
except TypeError:
|
||||
ptrn = re.compile(detector['raw'][0].pattern.encode('utf-8'))
|
||||
if not ptrn.search(cfg_ref):
|
||||
_logger.error('Could not detect which configuration type was passed.')
|
||||
raise ValueError('Unexpected/unparseable cfg_ref.')
|
||||
else:
|
||||
_logger.info('Config detected as ConfigBin.')
|
||||
cfgobj = ConfigBin(cfg_ref, xsd_path = xsd_path)
|
||||
break
|
||||
if cfgobj:
|
||||
_logger.info('Parsing configuration.')
|
||||
cfgobj.main(validate = validate, populate_defaults = populate_defaults)
|
||||
return(cfgobj)
|
54
vaultpass/logger.py
Normal file
54
vaultpass/logger.py
Normal file
@ -0,0 +1,54 @@
|
||||
import logging
|
||||
import logging.handlers
|
||||
import os
|
||||
##
|
||||
try:
|
||||
# https://www.freedesktop.org/software/systemd/python-systemd/journal.html#journalhandler-class
|
||||
from systemd import journal
|
||||
_has_journald = True
|
||||
except ImportError:
|
||||
_has_journald = False
|
||||
|
||||
|
||||
logfile = os.path.abspath(os.path.expanduser('~/.cache/vaultpass/vaultpass.log'))
|
||||
|
||||
|
||||
def prepLogfile(path = logfile):
|
||||
path = os.path.abspath(os.path.expanduser(path))
|
||||
# Set up the permissions beforehand.
|
||||
os.makedirs(os.path.dirname(logfile), exist_ok = True, mode = 0o0700)
|
||||
os.chmod(logfile, 0o0600)
|
||||
return(path)
|
||||
|
||||
|
||||
_cfg_args = {'handlers': [],
|
||||
'level': logging.DEBUG} # TEMPORARY FOR TESTING
|
||||
if _has_journald:
|
||||
# There were some weird changes somewhere along the line.
|
||||
try:
|
||||
# But it's *probably* this one.
|
||||
h = journal.JournalHandler()
|
||||
except AttributeError:
|
||||
h = journal.JournaldLogHandler()
|
||||
# Systemd includes times, so we don't need to.
|
||||
h.setFormatter(logging.Formatter(style = '{',
|
||||
fmt = ('{name}:{levelname}:{name}:{filename}:'
|
||||
'{funcName}:{lineno}: {message}')))
|
||||
_cfg_args['handlers'].append(h)
|
||||
# Logfile
|
||||
h = logging.handlers.RotatingFileHandler(prepLogfile(),
|
||||
encoding = 'utf8',
|
||||
# Disable rotating for now.
|
||||
# maxBytes = 50000000000,
|
||||
# backupCount = 30
|
||||
)
|
||||
h.setFormatter(logging.Formatter(style = '{',
|
||||
fmt = ('{asctime}:'
|
||||
'{levelname}:{name}:{filename}:'
|
||||
'{funcName}:{lineno}: {message}')))
|
||||
_cfg_args['handlers'].append(h)
|
||||
|
||||
logging.basicConfig(**_cfg_args)
|
||||
logger = logging.getLogger()
|
||||
|
||||
logger.info('Logging initialized.')
|
Reference in New Issue
Block a user