PyPI - clear-skies-aws - Versions diffs - 2.0.11__py3-none-any.whl → 2.0.13__py3-none-any.whl - Mend

clear-skies-aws 2.0.11py3-none-any.whl → 2.0.13py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

clearskies_aws/secrets/additional_configs/iam_db_auth_with_ssm.py DELETED Viewed

@@ -1,96 +0,0 @@
-from __future__ import annotations
-import time
-import clearskies
-class IAMDBAuthWithSSM(clearskies.di.AdditionalConfig):
-    def provide_subprocess(self):
-        import subprocess
-        return subprocess
-    def provide_socket(self):
-        import socket
-        return socket
-    def provide_connection_details(self, environment, subprocess, socket, boto3):
-        local_port = self.open_tunnel(environment, subprocess, socket, boto3)
-        return {
-            "host": "127.0.0.1",
-            "database": environment.get("db_database"),
-            "username": environment.get("db_username"),
-            "password": self.get_password(environment, boto3),
-            "ssl_ca": "rds-cert-bundle.pem",
-            "port": local_port,
-        }
-    def get_password(self, environment, boto3):
-        endpoint = environment.get("db_endpoint")
-        username = environment.get("db_username")
-        region = environment.get("db_region")
-        rds_api = boto3.Session().client("rds", region_name=region)
-        return rds_api.generate_db_auth_token(DBHostname=endpoint, Port="3306", DBUsername=username, Region=region)
-    def open_tunnel(self, environment, subprocess, socket, boto3):
-        endpoint = environment.get("db_endpoint")
-        region = environment.get("db_region")
-        instance_name = environment.get("instance_name")
-        local_proxy_port = int(environment.get("local_proxy_port", "9000"))
-        ec2_api = boto3.client("ec2", region_name=region)
-        running_instances = ec2_api.describe_instances(
-            Filters=[
-                {"Name": "tag:Name", "Values": [instance_name]},
-                {"Name": "instance-state-name", "Values": ["running"]},
-            ],
-        )
-        instance_ids = []
-        for reservation in running_instances["Reservations"]:
-            for instance in reservation["Instances"]:
-                instance_ids.append(instance["InstanceId"])
-        if len(instance_ids) == 0:
-            raise ValueError("Failed to launch SSM tunnel! Cannot find bastion!")
-        instance_id = instance_ids.pop()
-        self._connect_to_bastion(local_proxy_port, instance_id, endpoint, subprocess, socket)
-        return local_proxy_port
-    def _connect_to_bastion(self, local_proxy_port, instance_id, endpoint, subprocess, socket):
-        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        result = sock.connect_ex(("127.0.0.1", local_proxy_port))
-        if result == 0:
-            sock.close()
-            return
-        tunnel_command = [
-            "aws",
-            "--region",
-            "us-east-1",
-            "ssm",
-            "start-session",
-            "--target",
-            "{}".format(instance_id),
-            "--document-name",
-            "AWS-StartPortForwardingSessionToRemoteHost",
-            '--parameters={{"host":["{}"], "portNumber":["3306"],"localPortNumber":["{}"]}}'.format(
-                endpoint, local_proxy_port
-            ),
-        ]
-        subprocess.Popen(tunnel_command)
-        connected = False
-        attempts = 0
-        while not connected and attempts < 6:
-            attempts += 1
-            time.sleep(0.5)
-            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-            result = sock.connect_ex(("127.0.0.1", local_proxy_port))
-            if result == 0:
-                return
-        raise ValueError("Failed to launch SSM tunnel with command: " + " ".join(tunnel_command))

clearskies_aws/secrets/additional_configs/mysql_connection_dynamic_producer_via_ssh_cert_bastion.py DELETED Viewed

@@ -1,80 +0,0 @@
-from __future__ import annotations
-import os
-import socket
-import subprocess
-import time
-from pathlib import Path
-from clearskies.secrets.additional_configs import MySQLConnectionDynamicProducerViaSSHCertBastion as Base
-class MySQLConnectionDynamicProducerViaSSHCertBastion(Base):
-    _config = None
-    _boto3 = None
-    def __init__(
-        self,
-        producer_name=None,
-        bastion_region=None,
-        bastion_name=None,
-        bastion_host=None,
-        bastion_username=None,
-        public_key_file_path=None,
-        local_proxy_port=None,
-        cert_issuer_name=None,
-        database_host=None,
-        database_name=None,
-    ):
-        # not using kwargs because I want the argument list to be explicit
-        self.config = {
-            "producer_name": producer_name,
-            "bastion_host": bastion_host,
-            "bastion_region": bastion_region,
-            "bastion_name": bastion_name,
-            "bastion_username": bastion_username,
-            "public_key_file_path": public_key_file_path,
-            "local_proxy_port": local_proxy_port,
-            "cert_issuer_name": cert_issuer_name,
-            "database_host": database_host,
-            "database_name": database_name,
-        }
-    def provide_connection_details(self, environment, secrets, boto3):
-        self._boto3 = boto3
-        return super().provide_connection_details(environment, secrets)
-    def _get_bastion_host(self, environment):
-        bastion_host = self._fetch_config(environment, "bastion_host", "akeyless_mysql_bastion_host", default="")
-        bastion_name = self._fetch_config(environment, "bastion_name", "akeyless_mysql_bastion_name", default="")
-        if bastion_host:
-            return bastion_host
-        if bastion_name:
-            bastion_region = self._fetch_config(environment, "bastion_region", "akeyless_mysql_bastion_region")
-            return self._public_ip_from_name(bastion_name, bastion_region)
-        raise ValueError(
-            f"I was asked to connect to a database via an AKeyless dynamic producer through an SSH bastion with certificate auth, but I'm missing some configuration. I need either the bastion host or the name of the instance in AWS.  These can be set in the call to `clearskies.backends.akeyless_aws.mysql_connection_dynamic_producer_via_ssh_cert_bastion()` by providing the 'bastion_host' or 'bastion_name' argument, or by setting an environment variable named 'akeyless_mysql_bastion_host' or 'akeyless_mysql_bastion_name'."
-        )
-    def _public_ip_from_name(self, bastion_name, bastion_region):
-        ec2 = self._boto3.client("ec2", region_name=bastion_region)
-        response = ec2.describe_instances(
-            Filters=[
-                {"Name": "tag:Name", "Values": [bastion_name]},
-                {"Name": "instance-state-name", "Values": ["running"]},
-            ],
-        )
-        if not response.get("Reservations"):
-            raise ValueError(
-                f"Could not find a running instance with the designated bastion name, '{bastion_name}' in region '{bastion_region}'"
-            )
-        if not response.get("Reservations")[0].get("Instances"):
-            raise ValueError(
-                f"Could not find a running instance with the designated bastion name, '{bastion_name}' in region '{bastion_region}'"
-            )
-        instance = response.get("Reservations")[0].get("Instances")[0]
-        if not instance.get("PublicIpAddress"):
-            raise ValueError(
-                f"I found the bastion instance with a name of '{bastion_name}' in region '{bastion_region}', but it doesn't have a public IP address"
-            )
-        return instance.get("PublicIpAddress")

clearskies_aws/secrets/additional_configs/mysql_connection_dynamic_producer_via_ssm_bastion.py DELETED Viewed

@@ -1,162 +0,0 @@
-from __future__ import annotations
-import os
-import socket
-import subprocess
-import time
-from pathlib import Path
-from .mysql_connection_dynamic_producer_via_ssh_cert_bastion import (
-    MySQLConnectionDynamicProducerViaSSHCertBastion as Base,
-)
-class MySQLConnectionDynamicProducerViaSSMBastion(Base):
-    _config = None
-    _boto3 = None
-    def __init__(
-        self,
-        producer_name=None,
-        bastion_region=None,
-        bastion_name=None,
-        bastion_username=None,
-        bastion_instance_id=None,
-        public_key_file_path=None,
-        local_proxy_port=None,
-        database_host=None,
-        database_name=None,
-    ):
-        # not using kwargs because I want the argument list to be explicit
-        self.config = {
-            "producer_name": producer_name,
-            "bastion_instance_id": bastion_instance_id,
-            "bastion_region": bastion_region,
-            "bastion_name": bastion_name,
-            "bastion_username": bastion_username,
-            "public_key_file_path": public_key_file_path,
-            "local_proxy_port": local_proxy_port,
-            "database_host": database_host,
-            "database_name": database_name,
-        }
-    def provide_connection_details(self, environment, secrets, boto3):
-        self._boto3 = boto3
-        if not secrets:
-            raise ValueError(
-                "I was asked to connect to a database via an AKeyless dynamic producer but AKeyless itself wasn't configured.  Try setting the AKeyless auth method via clearskies.secrets.akeyless_[jwt|saml|aws_iam]_auth()"
-            )
-        producer_name = self._fetch_config(environment, "producer_name", "akeyless_mysql_dynamic_producer")
-        bastion_username = self._fetch_config(environment, "bastion_username", "mysql_bastion_username", default="ssm")
-        bastion_instance_id = self._get_bastion_instance_id(environment)
-        public_key_file_path = self._fetch_config(
-            environment, "public_key_file_path", "mysql_bastion_public_key_file_path"
-        )
-        local_proxy_port = self._fetch_config(
-            environment, "local_proxy_port", "akeyless_mysql_bastion_local_proxy_port", default=8888
-        )
-        database_host = self._fetch_config(environment, "database_host", "db_host")
-        database_name = self._fetch_config(environment, "database_name", "db_database")
-        # Create the SSH tunnel (yeah, it's obnoxious)
-        self._create_tunnel(
-            secrets,
-            bastion_instance_id,
-            bastion_username,
-            bastion_region,
-            public_key_file_path,
-            local_proxy_port,
-            database_host,
-        )
-        # and now we can fetch credentials
-        credentials = secrets.get_dynamic_secret(producer_name)
-        return {
-            "username": credentials["user"],
-            "password": credentials["password"],
-            "host": "127.0.0.1",
-            "database": database_name,
-            "port": local_proxy_port,
-        }
-    def _get_bastion_instance_id(self, environment):
-        bastion_instance_id = self._fetch_config(
-            environment, "bastion_instance_id", "mysql_bastion_instance_id", default=""
-        )
-        bastion_name = self._fetch_config(environment, "bastion_name", "mysql_bastion_name", default="")
-        if bastion_instance_id:
-            return bastion_instance_id
-        if bastion_name:
-            bastion_region = self._fetch_config(environment, "bastion_region", "mysql_bastion_region")
-            return self._instance_id_from_name(bastion_name, bastion_region)
-        raise ValueError(
-            f"I was asked to connect to a database via an AKeyless dynamic producer through an SSH bastion with certificate auth, but I'm missing some configuration. I need either the bastion host or the name of the instance in AWS.  These can be set in the call to `clearskies.backends.akeyless_aws.mysql_connection_dynamic_producer_via_ssh_cert_bastion()` by providing the 'bastion_host' or 'bastion_name' argument, or by setting an environment variable named 'akeyless_mysql_bastion_host' or 'akeyless_mysql_bastion_name'."
-        )
-    def _instance_id_from_name(self, bastion_name, bastion_region):
-        ec2 = self._boto3.client("ec2", region_name=bastion_region)
-        response = ec2.describe_instances(
-            Filters=[
-                {"Name": "tag:Name", "Values": [bastion_name]},
-                {"Name": "instance-state-name", "Values": ["running"]},
-            ],
-        )
-        if not response.get("Reservations"):
-            raise ValueError(
-                f"Could not find a running instance with the designated bastion name, '{bastion_name}' in region '{bastion_region}'"
-            )
-        if not response.get("Reservations")[0].get("Instances"):
-            raise ValueError(
-                f"Could not find a running instance with the designated bastion name, '{bastion_name}' in region '{bastion_region}'"
-            )
-        return response.get("Reservations")[0].get("Instances")[0]["InstanceId"]
-    def _create_tunnel(
-        self,
-        secrets,
-        bastion_instance_id,
-        bastion_username,
-        bastion_region,
-        public_key_file_path,
-        local_proxy_port,
-        database_host,
-    ):
-        # first see if the socket is already open, since we don't close it.
-        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        result = sock.connect_ex(("127.0.0.1", local_proxy_port))
-        if result == 0:
-            sock.close()
-            return
-        # and now we can do this thing.
-        tunnel_command = [
-            "ssh",
-            "-i",
-            public_key_file_path,
-            "-o",
-            "ConnectTimeout=2",
-            "-N",
-            "-L",
-            f"{local_proxy_port}:{database_host}:3306",
-            "-p",
-            "22",
-            f"{bastion_username}@{bastion_instance_id}",
-        ]
-        my_env = os.environ.copy()
-        my_env["AWS_DEFAULT_REGION"] = bastion_region
-        subprocess.Popen(tunnel_command)
-        connected = False
-        attempts = 0
-        while not connected and attempts < 6:
-            attempts += 1
-            time.sleep(0.5)
-            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-            result = sock.connect_ex(("127.0.0.1", local_proxy_port))
-            if result == 0:
-                connected = True
-        if not connected:
-            raise ValueError(
-                "Failed to open SSH tunnel.  The following command was used: \n" + " ".join(tunnel_command)
-            )

clearskies_aws/secrets/akeyless_with_ssm_cache.py DELETED Viewed

@@ -1,60 +0,0 @@
-from __future__ import annotations
-import re
-from typing import Any
-from clearskies.secrets.akeyless import Akeyless
-from types_boto3_ssm import SSMClient
-from clearskies_aws.secrets import parameter_store
-class AkeylessWithSsmCache(parameter_store.ParameterStore, Akeyless):
-    def get(self, path: str, refresh: bool = False) -> str | None:  # type: ignore[override]
-        # AWS SSM parameter paths only allow a-z, A-Z, 0-9, -, _, ., /, @, and :
-        # Replace any disallowed characters with hyphens
-        ssm_name = re.sub(r"[^a-zA-Z0-9\-_\./@:]", "-", path)
-        # if we're not forcing a refresh, then see if it is in paramater store
-        if not refresh:
-            missing = False
-            try:
-                response = self.ssm.get_parameter(Name=ssm_name, WithDecryption=True)
-            except self.ssm.exceptions.ParameterNotFound:
-                missing = True
-            if not missing:
-                value = response["Parameter"].get("Value", "")
-                if value:
-                    return value
-        # otherwise get it out of Akeyless
-        value = str(super().get(path))
-        # and make sure and store the new value in parameter store
-        if value:
-            self.ssm.put_parameter(
-                Name=ssm_name,
-                Value=value,
-                Type="SecureString",
-                Overwrite=True,
-            )
-        return value
-    def update(self, path: str, value: Any) -> bool:  # type: ignore[override]
-        res = self._api.update_secret_val(
-            self.akeyless.UpdateSecretVal(name=path, value=str(value), token=self._get_token())
-        )
-        self.ssm.put_parameter(
-            Name=re.sub(r"[^a-zA-Z0-9\-_\./@:]", "-", path),
-            Value=value,
-            Type="SecureString",
-            Overwrite=True,
-        )
-        return True
-    def upsert(self, path: str, value: Any) -> bool:  # type: ignore[override]
-        try:
-            self.update(path, value)
-        except Exception as e:
-            self.create(path, value)
-        return True

{clear_skies_aws-2.0.11.dist-info → clear_skies_aws-2.0.13.dist-info}/WHEEL RENAMED Viewed

File without changes

{clear_skies_aws-2.0.11.dist-info → clear_skies_aws-2.0.13.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

clear-skies-aws 2.0.11__py3-none-any.whl → 2.0.13__py3-none-any.whl

clear-skies-aws 2.0.11py3-none-any.whl → 2.0.13py3-none-any.whl