External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-07 11:41:08 -03:30
Code Issues Packages Projects Releases Wiki Activity

move code linting to a stricter pep8-esque auto-formatting tool, black

Browse Source
This commit is contained in:
Ryan Petrello
2021-03-19 12:44:51 -04:00
parent 9b702e46fe
commit c2ef0a6500
671 changed files with 20538 additions and 21924 deletions
Download Patch File Download Diff File Expand all files Collapse all files

163
awx/main/credential_plugins/centrify_vault.py
View File

@@ -2,68 +2,68 @@ from .plugin import CredentialPlugin, raise_for_status
from django.utils.translation import ugettext_lazy as _
from urllib.parse import urljoin
import requests
pas_inputs = {
'fields': [{
'id': 'url',
'label': _('Centrify Tenant URL'),
'type': 'string',
'help_text': _('Centrify Tenant URL'),
'format': 'url',
}, {
'id':'client_id',
'label':_('Centrify API User'),
'type':'string',
'help_text': _('Centrify API User, having necessary permissions as mentioned in support doc'),
}, {
'id':'client_password',
'label':_('Centrify API Password'),
'type':'string',
'help_text': _('Password of Centrify API User with necessary permissions'),
'secret':True,
},{
'id':'oauth_application_id',
'label':_('OAuth2 Application ID'),
'type':'string',
'help_text': _('Application ID of the configured OAuth2 Client (defaults to \'awx\')'),
'default': 'awx',
},{
'id':'oauth_scope',
'label':_('OAuth2 Scope'),
'type':'string',
'help_text': _('Scope of the configured OAuth2 Client (defaults to \'awx\')'),
'default': 'awx',
}],
'metadata': [{
'id': 'account-name',
'label': _('Account Name'),
'type': 'string',
'help_text': _('Local system account or Domain account name enrolled in Centrify Vault. eg. (root or DOMAIN/Administrator)'),
},{
'id': 'system-name',
'label': _('System Name'),
'type': 'string',
'help_text': _('Machine Name enrolled with in Centrify Portal'),
}],
'required': ['url', 'account-name', 'system-name','client_id','client_password'],
pas_inputs = {
'fields': [
{
'id': 'url',
'label': _('Centrify Tenant URL'),
'type': 'string',
'help_text': _('Centrify Tenant URL'),
'format': 'url',
},
{
'id': 'client_id',
'label': _('Centrify API User'),
'type': 'string',
'help_text': _('Centrify API User, having necessary permissions as mentioned in support doc'),
},
{
'id': 'client_password',
'label': _('Centrify API Password'),
'type': 'string',
'help_text': _('Password of Centrify API User with necessary permissions'),
'secret': True,
},
{
'id': 'oauth_application_id',
'label': _('OAuth2 Application ID'),
'type': 'string',
'help_text': _('Application ID of the configured OAuth2 Client (defaults to \'awx\')'),
'default': 'awx',
},
{
'id': 'oauth_scope',
'label': _('OAuth2 Scope'),
'type': 'string',
'help_text': _('Scope of the configured OAuth2 Client (defaults to \'awx\')'),
'default': 'awx',
},
],
'metadata': [
{
'id': 'account-name',
'label': _('Account Name'),
'type': 'string',
'help_text': _('Local system account or Domain account name enrolled in Centrify Vault. eg. (root or DOMAIN/Administrator)'),
},
{
'id': 'system-name',
'label': _('System Name'),
'type': 'string',
'help_text': _('Machine Name enrolled with in Centrify Portal'),
},
],
'required': ['url', 'account-name', 'system-name', 'client_id', 'client_password'],
}
# generate bearer token to authenticate with PAS portal, Input : Client ID, Client Secret
def handle_auth(**kwargs):
post_data = {
"grant_type": "client_credentials",
"scope": kwargs['oauth_scope']
}
response = requests.post(
kwargs['endpoint'],
data = post_data,
auth = (kwargs['client_id'],kwargs['client_password']),
verify = True,
timeout = (5, 30)
)
post_data = {"grant_type": "client_credentials", "scope": kwargs['oauth_scope']}
response = requests.post(kwargs['endpoint'], data=post_data, auth=(kwargs['client_id'], kwargs['client_password']), verify=True, timeout=(5, 30))
raise_for_status(response)
try:
try:
return response.json()['access_token']
except KeyError:
raise RuntimeError('OAuth request to tenant was unsuccessful')
@@ -71,20 +71,11 @@ def handle_auth(**kwargs):
# fetch the ID of system with RedRock query, Input : System Name, Account Name
def get_ID(**kwargs):
endpoint = urljoin(kwargs['url'],'/Redrock/query')
name=" Name='{0}' and User='{1}'".format(kwargs['system_name'],kwargs['acc_name'])
query = 'Select ID from VaultAccount where {0}'.format(name)
post_headers = {
"Authorization": "Bearer " + kwargs['access_token'],
"X-CENTRIFY-NATIVE-CLIENT":"true"
}
response = requests.post(
endpoint,
json = {'Script': query},
headers = post_headers,
verify = True,
timeout = (5, 30)
)
endpoint = urljoin(kwargs['url'], '/Redrock/query')
name = " Name='{0}' and User='{1}'".format(kwargs['system_name'], kwargs['acc_name'])
query = 'Select ID from VaultAccount where {0}'.format(name)
post_headers = {"Authorization": "Bearer " + kwargs['access_token'], "X-CENTRIFY-NATIVE-CLIENT": "true"}
response = requests.post(endpoint, json={'Script': query}, headers=post_headers, verify=True, timeout=(5, 30))
raise_for_status(response)
try:
result_str = response.json()["Result"]["Results"]
@@ -95,23 +86,14 @@ def get_ID(**kwargs):
# CheckOut Password from Centrify Vault, Input : ID
def get_passwd(**kwargs):
endpoint = urljoin(kwargs['url'],'/ServerManage/CheckoutPassword')
post_headers = {
"Authorization": "Bearer " + kwargs['access_token'],
"X-CENTRIFY-NATIVE-CLIENT":"true"
}
response = requests.post(
endpoint,
json = {'ID': kwargs['acc_id']},
headers = post_headers,
verify = True,
timeout = (5, 30)
)
endpoint = urljoin(kwargs['url'], '/ServerManage/CheckoutPassword')
post_headers = {"Authorization": "Bearer " + kwargs['access_token'], "X-CENTRIFY-NATIVE-CLIENT": "true"}
response = requests.post(endpoint, json={'ID': kwargs['acc_id']}, headers=post_headers, verify=True, timeout=(5, 30))
raise_for_status(response)
try:
return response.json()["Result"]["Password"]
except KeyError:
raise RuntimeError("Password Not Found")
raise RuntimeError("Password Not Found")
def centrify_backend(**kwargs):
@@ -122,21 +104,12 @@ def centrify_backend(**kwargs):
client_password = kwargs.get('client_password')
app_id = kwargs.get('oauth_application_id', 'awx')
endpoint = urljoin(url, f'/oauth2/token/{app_id}')
endpoint = {
'endpoint': endpoint,
'client_id': client_id,
'client_password': client_password,
'oauth_scope': kwargs.get('oauth_scope', 'awx')
}
endpoint = {'endpoint': endpoint, 'client_id': client_id, 'client_password': client_password, 'oauth_scope': kwargs.get('oauth_scope', 'awx')}
token = handle_auth(**endpoint)
get_id_args = {'system_name':system_name,'acc_name':acc_name,'url':url,'access_token':token}
get_id_args = {'system_name': system_name, 'acc_name': acc_name, 'url': url, 'access_token': token}
acc_id = get_ID(**get_id_args)
get_pwd_args = {'url':url,'acc_id':acc_id,'access_token':token}
get_pwd_args = {'url': url, 'acc_id': acc_id, 'access_token': token}
return get_passwd(**get_pwd_args)
centrify_plugin = CredentialPlugin(
'Centrify Vault Credential Provider Lookup',
inputs=pas_inputs,
backend=centrify_backend
)
centrify_plugin = CredentialPlugin('Centrify Vault Credential Provider Lookup', inputs=pas_inputs, backend=centrify_backend)