Skip to content
Snippets Groups Projects
Commit e5497bae authored by František Dvořák's avatar František Dvořák
Browse files

Python linting

parent 66c78806
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 30 additions and 22 deletions
vault-login.py
+ 30
22
View file @ e5497bae
...@@ -8,18 +8,18 @@ ...@@ -8,18 +8,18 @@
import json import json
import os import os
import re import re
import requests
import shutil import shutil
import subprocess import subprocess
import sys import sys
import requests
payload = { payload = {
"grant_type": "client_credentials", "grant_type": "client_credentials",
"scope": "openid profile eduperson_entitlement email voperson_id", "scope": "openid profile eduperson_entitlement email voperson_id",
} }
token_url = "https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/token" token_url = "https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/token"
userinfo_url = \ userinfo_url = "https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/userinfo"
"https://aai.egi.eu/auth/realms/egi/protocol/openid-connect/userinfo"
# input # input
if "CLIENT_ID" in os.environ: if "CLIENT_ID" in os.environ:
...@@ -32,39 +32,47 @@ else: ...@@ -32,39 +32,47 @@ else:
payload["client_secret"] = input("OIDC Client Secret: ") payload["client_secret"] = input("OIDC Client Secret: ")
# get OIDC token # get OIDC token
r = requests.post(token_url, data=payload) r = requests.post(token_url, data=payload, timeout=20)
data = json.loads(r.text) data = json.loads(r.text)
if 'access_token' not in data: if "access_token" not in data:
print('Error getting access token') print("Error getting access token")
sys.exit(1) sys.exit(1)
print("# export OIDC_ACCESS_TOKEN='%s'" % data["access_token"]) print("# export OIDC_ACCESS_TOKEN='%s'" % data["access_token"])
# get vault token # get vault token
token = None token = None
p = subprocess.Popen([ vaultbin = shutil.which("vault")
shutil.which("vault"), if vaultbin is None:
"write", print("vault command not found")
"auth/jwt/login", sys.exit(1)
"jwt=%s" % data["access_token"], p = subprocess.Popen(
], stdout=subprocess.PIPE) [
for line in p.stdout: vaultbin,
print('# %s' % line.decode("UTF-8").rstrip()) "write",
m = re.search(r'^token\s+(.*)', line.decode("UTF-8")) "auth/jwt/login",
if m is not None: "jwt=%s" % data["access_token"],
token = m.group(1) ],
stdout=subprocess.PIPE,
)
if p.stdout is not None:
for line in p.stdout:
print("# %s" % line.decode("UTF-8").rstrip())
m = re.search(r"^token\s+(.*)", line.decode("UTF-8"))
if m is not None:
token = m.group(1)
retval = p.wait() retval = p.wait()
if token is None: if token is None:
print('Error signing to vault (no token returned)') print("Error signing to vault (no token returned)")
sys.exit(1) sys.exit(1)
print("export VAULT_TOKEN='%s'" % token) print("export VAULT_TOKEN='%s'" % token)
if retval != 0: if retval != 0:
print('Error signing to vault (code %d returned)' % retval) print("Error signing to vault (code %d returned)" % retval)
sys.exit(1) sys.exit(1)
# store vault token # store vault token
token_path = os.path.expanduser('~/.vault-token') token_path = os.path.expanduser("~/.vault-token")
with open(token_path, 'w') as f: with open(token_path, "w") as f:
pass pass
os.chmod(token_path, 0o600) os.chmod(token_path, 0o600)
with open(token_path, 'w') as f: with open(token_path, "w") as f:
f.write(token) f.write(token)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment