PyPI - kaqing - Versions diffs - 1.77.0__py3-none-any.whl → 2.0.171__py3-none-any.whl - Mend

kaqing 1.77.0py3-none-any.whl → 2.0.171py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (308) hide show

adam/__init__.py +1 -0
adam/app_session.py +182 -0
{walker → adam}/apps.py +8 -24
{walker → adam}/batch.py +54 -97
{walker → adam}/checks/check.py +3 -3
{walker → adam}/checks/check_result.py +1 -1
adam/checks/check_utils.py +65 -0
{walker → adam}/checks/compactionstats.py +6 -6
{walker → adam}/checks/cpu.py +14 -8
adam/checks/cpu_metrics.py +52 -0
{walker → adam}/checks/disk.py +6 -6
{walker → adam}/checks/gossip.py +5 -5
{walker → adam}/checks/memory.py +7 -7
{walker → adam}/checks/status.py +5 -5
{walker → adam}/cli.py +3 -3
{walker → adam}/columns/column.py +1 -1
adam/columns/columns.py +45 -0
{walker → adam}/columns/compactions.py +5 -5
{walker → adam}/columns/cpu.py +6 -4
adam/columns/cpu_metrics.py +22 -0
{walker → adam}/columns/dir_data.py +3 -3
{walker → adam}/columns/dir_snapshots.py +3 -3
{walker → adam}/columns/gossip.py +5 -5
{walker → adam}/columns/host_id.py +3 -3
{walker → adam}/columns/memory.py +3 -3
{walker → adam}/columns/node_address.py +3 -3
{walker → adam}/columns/node_load.py +3 -3
{walker → adam}/columns/node_owns.py +3 -3
{walker → adam}/columns/node_status.py +3 -3
{walker → adam}/columns/node_tokens.py +3 -3
{walker → adam}/columns/node_utils.py +2 -2
{walker → adam}/columns/pod_name.py +2 -2
{walker → adam}/columns/volume_cassandra.py +4 -4
{walker → adam}/columns/volume_root.py +3 -3
adam/commands/__init__.py +15 -0
adam/commands/alter_tables.py +81 -0
adam/commands/app_cmd.py +38 -0
{walker → adam}/commands/app_ping.py +10 -16
adam/commands/audit/audit.py +84 -0
adam/commands/audit/audit_repair_tables.py +74 -0
adam/commands/audit/audit_run.py +50 -0
adam/commands/audit/show_last10.py +48 -0
adam/commands/audit/show_slow10.py +47 -0
adam/commands/audit/show_top10.py +45 -0
adam/commands/audit/utils_show_top10.py +59 -0
adam/commands/bash/__init__.py +5 -0
adam/commands/bash/bash.py +36 -0
adam/commands/bash/bash_completer.py +93 -0
adam/commands/bash/utils_bash.py +16 -0
adam/commands/cat.py +50 -0
adam/commands/cd.py +43 -0
adam/commands/check.py +73 -0
{walker → adam}/commands/cli_commands.py +7 -8
adam/commands/code.py +57 -0
adam/commands/command.py +190 -0
{walker → adam}/commands/command_helpers.py +1 -1
{walker → adam}/commands/commands_utils.py +15 -25
adam/commands/cp.py +89 -0
adam/commands/cql/cql_completions.py +33 -0
{walker/commands → adam/commands/cql}/cqlsh.py +20 -35
adam/commands/cql/utils_cql.py +343 -0
{walker/commands/frontend → adam/commands/deploy}/code_start.py +11 -14
adam/commands/deploy/code_stop.py +40 -0
{walker/commands/frontend → adam/commands/deploy}/code_utils.py +7 -9
adam/commands/deploy/deploy.py +25 -0
adam/commands/deploy/deploy_frontend.py +49 -0
adam/commands/deploy/deploy_pg_agent.py +35 -0
adam/commands/deploy/deploy_pod.py +108 -0
adam/commands/deploy/deploy_utils.py +29 -0
adam/commands/deploy/undeploy.py +25 -0
adam/commands/deploy/undeploy_frontend.py +38 -0
adam/commands/deploy/undeploy_pg_agent.py +39 -0
adam/commands/deploy/undeploy_pod.py +48 -0
adam/commands/devices/device.py +118 -0
adam/commands/devices/device_app.py +173 -0
adam/commands/devices/device_auit_log.py +49 -0
adam/commands/devices/device_cass.py +185 -0
adam/commands/devices/device_export.py +86 -0
adam/commands/devices/device_postgres.py +144 -0
adam/commands/devices/devices.py +25 -0
{walker → adam}/commands/exit.py +3 -6
adam/commands/export/clean_up_all_export_sessions.py +37 -0
adam/commands/export/clean_up_export_sessions.py +51 -0
adam/commands/export/drop_export_database.py +55 -0
adam/commands/export/drop_export_databases.py +43 -0
adam/commands/export/export.py +53 -0
adam/commands/export/export_databases.py +170 -0
adam/commands/export/export_handlers.py +71 -0
adam/commands/export/export_select.py +81 -0
adam/commands/export/export_select_x.py +54 -0
adam/commands/export/export_use.py +52 -0
adam/commands/export/exporter.py +352 -0
adam/commands/export/import_session.py +40 -0
adam/commands/export/importer.py +67 -0
adam/commands/export/importer_athena.py +80 -0
adam/commands/export/importer_sqlite.py +47 -0
adam/commands/export/show_column_counts.py +54 -0
adam/commands/export/show_export_databases.py +36 -0
adam/commands/export/show_export_session.py +48 -0
adam/commands/export/show_export_sessions.py +44 -0
adam/commands/export/utils_export.py +314 -0
{walker → adam}/commands/help.py +17 -12
adam/commands/intermediate_command.py +49 -0
adam/commands/issues.py +43 -0
adam/commands/kubectl.py +38 -0
adam/commands/login.py +70 -0
{walker → adam}/commands/logs.py +8 -10
adam/commands/ls.py +41 -0
adam/commands/medusa/medusa.py +27 -0
adam/commands/medusa/medusa_backup.py +57 -0
adam/commands/medusa/medusa_restore.py +83 -0
adam/commands/medusa/medusa_show_backupjobs.py +51 -0
adam/commands/medusa/medusa_show_restorejobs.py +47 -0
{walker → adam}/commands/nodetool.py +17 -21
{walker → adam}/commands/param_get.py +15 -16
adam/commands/param_set.py +43 -0
adam/commands/postgres/postgres.py +104 -0
adam/commands/postgres/postgres_context.py +274 -0
{walker → adam}/commands/postgres/postgres_ls.py +7 -11
{walker → adam}/commands/postgres/postgres_preview.py +8 -13
adam/commands/postgres/psql_completions.py +10 -0
adam/commands/postgres/utils_postgres.py +66 -0
adam/commands/preview_table.py +37 -0
adam/commands/pwd.py +47 -0
adam/commands/reaper/reaper.py +35 -0
adam/commands/reaper/reaper_forward.py +93 -0
adam/commands/reaper/reaper_forward_session.py +6 -0
{walker → adam}/commands/reaper/reaper_forward_stop.py +13 -19
{walker → adam}/commands/reaper/reaper_restart.py +10 -17
adam/commands/reaper/reaper_run_abort.py +46 -0
adam/commands/reaper/reaper_runs.py +82 -0
adam/commands/reaper/reaper_runs_abort.py +63 -0
adam/commands/reaper/reaper_schedule_activate.py +45 -0
adam/commands/reaper/reaper_schedule_start.py +45 -0
adam/commands/reaper/reaper_schedule_stop.py +45 -0
{walker → adam}/commands/reaper/reaper_schedules.py +6 -16
{walker → adam}/commands/reaper/reaper_status.py +11 -19
adam/commands/reaper/utils_reaper.py +196 -0
adam/commands/repair/repair.py +26 -0
{walker → adam}/commands/repair/repair_log.py +7 -10
adam/commands/repair/repair_run.py +70 -0
adam/commands/repair/repair_scan.py +71 -0
{walker → adam}/commands/repair/repair_stop.py +8 -11
adam/commands/report.py +61 -0
adam/commands/restart.py +60 -0
{walker → adam}/commands/rollout.py +25 -30
adam/commands/shell.py +34 -0
adam/commands/show/show.py +39 -0
walker/commands/show/show_version.py → adam/commands/show/show_adam.py +14 -10
adam/commands/show/show_app_actions.py +57 -0
{walker → adam}/commands/show/show_app_id.py +12 -15
{walker → adam}/commands/show/show_app_queues.py +9 -12
adam/commands/show/show_cassandra_repairs.py +38 -0
adam/commands/show/show_cassandra_status.py +124 -0
{walker → adam}/commands/show/show_cassandra_version.py +6 -16
adam/commands/show/show_commands.py +59 -0
walker/commands/show/show_storage.py → adam/commands/show/show_host.py +11 -13
adam/commands/show/show_login.py +62 -0
{walker → adam}/commands/show/show_params.py +4 -4
adam/commands/show/show_processes.py +51 -0
adam/commands/show/show_storage.py +42 -0
adam/commands/watch.py +82 -0
{walker → adam}/config.py +10 -22
{walker → adam}/embedded_apps.py +1 -1
adam/embedded_params.py +2 -0
adam/log.py +47 -0
{walker → adam}/pod_exec_result.py +10 -2
adam/repl.py +182 -0
adam/repl_commands.py +124 -0
adam/repl_state.py +458 -0
adam/sql/__init__.py +0 -0
adam/sql/sql_completer.py +120 -0
adam/sql/sql_state_machine.py +618 -0
adam/sql/term_completer.py +76 -0
adam/sso/__init__.py +0 -0
{walker → adam}/sso/authenticator.py +5 -1
adam/sso/authn_ad.py +170 -0
{walker → adam}/sso/authn_okta.py +39 -22
adam/sso/cred_cache.py +60 -0
adam/sso/id_token.py +23 -0
adam/sso/idp.py +143 -0
adam/sso/idp_login.py +50 -0
adam/sso/idp_session.py +55 -0
adam/sso/sso_config.py +63 -0
adam/utils.py +679 -0
adam/utils_app.py +98 -0
adam/utils_athena.py +145 -0
adam/utils_audits.py +106 -0
adam/utils_issues.py +32 -0
adam/utils_k8s/__init__.py +0 -0
adam/utils_k8s/app_clusters.py +28 -0
adam/utils_k8s/app_pods.py +33 -0
adam/utils_k8s/cassandra_clusters.py +36 -0
adam/utils_k8s/cassandra_nodes.py +33 -0
adam/utils_k8s/config_maps.py +34 -0
{walker/k8s_utils → adam/utils_k8s}/custom_resources.py +7 -2
adam/utils_k8s/deployment.py +56 -0
{walker/k8s_utils → adam/utils_k8s}/ingresses.py +3 -4
{walker/k8s_utils → adam/utils_k8s}/jobs.py +3 -3
adam/utils_k8s/k8s.py +87 -0
{walker/k8s_utils → adam/utils_k8s}/kube_context.py +4 -4
adam/utils_k8s/pods.py +290 -0
{walker/k8s_utils → adam/utils_k8s}/secrets.py +8 -4
adam/utils_k8s/service_accounts.py +170 -0
{walker/k8s_utils → adam/utils_k8s}/services.py +3 -4
{walker/k8s_utils → adam/utils_k8s}/statefulsets.py +6 -16
{walker/k8s_utils → adam/utils_k8s}/volumes.py +10 -1
adam/utils_net.py +24 -0
adam/utils_repl/__init__.py +0 -0
adam/utils_repl/automata_completer.py +48 -0
adam/utils_repl/repl_completer.py +46 -0
adam/utils_repl/state_machine.py +173 -0
adam/utils_sqlite.py +109 -0
adam/version.py +5 -0
{kaqing-1.77.0.dist-info → kaqing-2.0.171.dist-info}/METADATA +1 -1
kaqing-2.0.171.dist-info/RECORD +236 -0
kaqing-2.0.171.dist-info/entry_points.txt +3 -0
kaqing-2.0.171.dist-info/top_level.txt +1 -0
kaqing-1.77.0.dist-info/RECORD +0 -159
kaqing-1.77.0.dist-info/entry_points.txt +0 -3
kaqing-1.77.0.dist-info/top_level.txt +0 -1
walker/__init__.py +0 -3
walker/app_session.py +0 -168
walker/checks/check_utils.py +0 -97
walker/columns/columns.py +0 -43
walker/commands/add_user.py +0 -68
walker/commands/app.py +0 -67
walker/commands/bash.py +0 -87
walker/commands/cd.py +0 -115
walker/commands/check.py +0 -68
walker/commands/command.py +0 -104
walker/commands/cp.py +0 -95
walker/commands/cql_utils.py +0 -53
walker/commands/devices.py +0 -89
walker/commands/frontend/code_stop.py +0 -57
walker/commands/frontend/setup.py +0 -60
walker/commands/frontend/setup_frontend.py +0 -58
walker/commands/frontend/teardown.py +0 -61
walker/commands/frontend/teardown_frontend.py +0 -42
walker/commands/issues.py +0 -69
walker/commands/login.py +0 -72
walker/commands/ls.py +0 -145
walker/commands/medusa/medusa.py +0 -69
walker/commands/medusa/medusa_backup.py +0 -61
walker/commands/medusa/medusa_restore.py +0 -86
walker/commands/medusa/medusa_show_backupjobs.py +0 -52
walker/commands/medusa/medusa_show_restorejobs.py +0 -52
walker/commands/param_set.py +0 -44
walker/commands/postgres/postgres.py +0 -113
walker/commands/postgres/postgres_session.py +0 -225
walker/commands/preview_table.py +0 -98
walker/commands/processes.py +0 -53
walker/commands/pwd.py +0 -64
walker/commands/reaper/reaper.py +0 -78
walker/commands/reaper/reaper_forward.py +0 -100
walker/commands/reaper/reaper_run_abort.py +0 -65
walker/commands/reaper/reaper_runs.py +0 -97
walker/commands/reaper/reaper_runs_abort.py +0 -83
walker/commands/reaper/reaper_schedule_activate.py +0 -64
walker/commands/reaper/reaper_schedule_start.py +0 -64
walker/commands/reaper/reaper_schedule_stop.py +0 -64
walker/commands/reaper/reaper_session.py +0 -159
walker/commands/repair/repair.py +0 -68
walker/commands/repair/repair_run.py +0 -72
walker/commands/repair/repair_scan.py +0 -79
walker/commands/report.py +0 -57
walker/commands/restart.py +0 -61
walker/commands/show/show.py +0 -72
walker/commands/show/show_app_actions.py +0 -53
walker/commands/show/show_cassandra_status.py +0 -35
walker/commands/show/show_commands.py +0 -58
walker/commands/show/show_processes.py +0 -35
walker/commands/show/show_repairs.py +0 -47
walker/commands/status.py +0 -128
walker/commands/storage.py +0 -52
walker/commands/user_entry.py +0 -69
walker/commands/watch.py +0 -85
walker/embedded_params.py +0 -2
walker/k8s_utils/cassandra_clusters.py +0 -48
walker/k8s_utils/cassandra_nodes.py +0 -26
walker/k8s_utils/pods.py +0 -211
walker/repl.py +0 -165
walker/repl_commands.py +0 -58
walker/repl_state.py +0 -211
walker/sso/authn_ad.py +0 -94
walker/sso/idp.py +0 -150
walker/sso/idp_login.py +0 -29
walker/sso/sso_config.py +0 -45
walker/utils.py +0 -194
walker/version.py +0 -5
{walker → adam}/checks/__init__.py +0 -0
{walker → adam}/checks/check_context.py +0 -0
{walker → adam}/checks/issue.py +0 -0
{walker → adam}/cli_group.py +0 -0
{walker → adam}/columns/__init__.py +0 -0
{walker/commands → adam/commands/audit}/__init__.py +0 -0
{walker/commands/frontend → adam/commands/cql}/__init__.py +0 -0
{walker/commands/medusa → adam/commands/deploy}/__init__.py +0 -0
{walker/commands/postgres → adam/commands/devices}/__init__.py +0 -0
{walker/commands/reaper → adam/commands/export}/__init__.py +0 -0
{walker/commands/repair → adam/commands/medusa}/__init__.py +0 -0
{walker → adam}/commands/nodetool_commands.py +0 -0
{walker/commands/show → adam/commands/postgres}/__init__.py +0 -0
{walker/k8s_utils → adam/commands/reaper}/__init__.py +0 -0
{walker/sso → adam/commands/repair}/__init__.py +0 -0
/walker/medusa_show_restorejobs.py → /adam/commands/show/__init__.py +0 -0
{walker → adam}/repl_session.py +0 -0
{kaqing-1.77.0.dist-info → kaqing-2.0.171.dist-info}/WHEEL +0 -0

adam/sql/term_completer.py ADDED Viewed

@@ -0,0 +1,76 @@
+from typing import Callable, Iterable, List, Mapping, Optional, Pattern, Union
+from prompt_toolkit.completion import CompleteEvent, Completion, WordCompleter
+from prompt_toolkit.document import Document
+from prompt_toolkit.formatted_text import AnyFormattedText
+__all__ = [
+    "TermCompleter",
+]
+class TermCompleter(WordCompleter):
+    def __init__(
+        self,
+        words: Union[List[str], Callable[[], List[str]]],
+        ignore_case: bool = False,
+        display_dict: Optional[Mapping[str, AnyFormattedText]] = None,
+        meta_dict: Optional[Mapping[str, AnyFormattedText]] = None,
+        WORD: bool = False,
+        sentence: bool = False,
+        match_middle: bool = False,
+        pattern: Optional[Pattern[str]] = None,
+    ) -> None:
+        super().__init__(words, ignore_case, display_dict, meta_dict, WORD, sentence, match_middle, pattern)
+    def __str__(self):
+        return ','.join(self.words)
+    def get_completions(
+        self, document: Document, complete_event: CompleteEvent
+    ) -> Iterable[Completion]:
+        # Get list of words.
+        words = self.words
+        if callable(words):
+            words = words()
+        # Get word/text before cursor.
+        if self.sentence:
+            word_before_cursor = document.text_before_cursor
+        else:
+            word_before_cursor = document.get_word_before_cursor(
+                WORD=self.WORD, pattern=self.pattern
+            )
+        if self.ignore_case:
+            word_before_cursor = word_before_cursor.lower()
+        def word_matches(word: str) -> bool:
+            """True when the word before the cursor matches."""
+            if self.ignore_case:
+                word = word.lower()
+            if self.match_middle:
+                return word_before_cursor in word
+            else:
+                return word.startswith(word_before_cursor)
+        for a in words:
+            if word_before_cursor in ['(', ',', '=', 'in', "',"]:
+                display = self.display_dict.get(a, a)
+                display_meta = self.meta_dict.get(a, "")
+                yield Completion(
+                    a,
+                    0,
+                    display=display,
+                    display_meta=display_meta,
+                )
+            if word_matches(a):
+                display = self.display_dict.get(a, a)
+                display_meta = self.meta_dict.get(a, "")
+                yield Completion(
+                    a,
+                    -len(word_before_cursor),
+                    display=display,
+                    display_meta=display_meta,
+                )

adam/sso/__init__.py ADDED Viewed

File without changes

{walker → adam}/sso/authenticator.py RENAMED Viewed

@@ -5,7 +5,11 @@ from .idp_login import IdpLogin
 class Authenticator:
     @abstractmethod
-    def authenticate(self, idp_uri: str, app_host: str, username: str, password: str) -> IdpLogin:
+    def name(self) -> str:
+        return None
+    @abstractmethod
+    def authenticate(self, idp_uri: str, app_host: str, username: str, password: str, verify: bool = True) -> IdpLogin:
         pass
     def extract(self, form: str, pattern: re.Pattern):

adam/sso/authn_ad.py ADDED Viewed

@@ -0,0 +1,170 @@
+import json
+import re
+import traceback
+import jwt
+import requests
+from urllib.parse import urlparse, parse_qs
+from adam.log import Log
+from adam.sso.authenticator import Authenticator
+from adam.sso.id_token import IdToken
+from adam.utils import debug
+from .idp_login import IdpLogin
+from adam.config import Config
+class AdException(Exception):
+    pass
+class AdAuthenticator(Authenticator):
+    def name(self) -> str:
+        return 'ActiveDirectory'
+    # the singleton pattern
+    def __new__(cls, *args, **kwargs):
+        if not hasattr(cls, 'instance'): cls.instance = super(AdAuthenticator, cls).__new__(cls)
+        return cls.instance
+    def authenticate(self, idp_uri: str, app_host: str, username: str, password: str, verify: bool) -> IdpLogin:
+        parsed_url = urlparse(idp_uri)
+        query_string = parsed_url.query
+        params = parse_qs(query_string)
+        state_token = params.get('state', [''])[0]
+        redirect_url = params.get('redirect_uri', [''])[0]
+        session = requests.Session()
+        r = session.get(idp_uri)
+        debug(f'{r.status_code} {idp_uri}')
+        config = self.validate_and_return_config(r)
+        groups = re.match(r'(https://.*?/.*?)/.*', idp_uri)
+        if not groups:
+            raise AdException('Incorrect idp_uri configuration.')
+        login_uri = f'{groups[1]}/login'
+        body = {
+            'login': username,
+            'passwd': password,
+            'ctx': config['sCtx'],
+            'hpgrequestid': config['sessionId'],
+            'flowToken': config['sFT']
+        }
+        r = session.post(login_uri, data=body, headers={
+            'Content-Type': 'application/x-www-form-urlencoded'
+        })
+        debug(f'{r.status_code} {login_uri}')
+        config = self.validate_and_return_config(r)
+        groups = re.match(r'(https://.*?)/.*', idp_uri)
+        if not groups:
+            raise AdException('Incorrect idp_uri configuration.')
+        kmsi_uri = f'{groups[1]}/kmsi'
+        body = {
+            'ctx': config['sCtx'],
+            'hpgrequestid': config['sessionId'],
+            'flowToken': config['sFT'],
+        }
+        r = session.post(kmsi_uri, data=body, headers={
+            'Content-Type': 'application/x-www-form-urlencoded'
+        })
+        debug(f'{r.status_code} {kmsi_uri}')
+        if (config := self.extract_config_object(r.text)):
+            if 'sErrorCode' in config and config['sErrorCode'] == '50058':
+                raise AdException('Invalid username/password.')
+            elif 'strServiceExceptionMessage' in config:
+                raise AdException(config['strServiceExceptionMessage'])
+            else:
+                Log.log_to_file(config)
+                raise AdException('Unknown err.')
+        id_token = self.extract(r.text, r'.*name=\"id_token\" value=\"(.*?)\".*')
+        if not id_token:
+            raise AdException('Invalid username/password.')
+        if not verify:
+            return IdpLogin(redirect_url, id_token, state_token, username, idp_uri=idp_uri, id_token_obj=None, session=session)
+        parsed = self.parse_id_token(id_token)
+        roles = parsed.groups
+        roles.append(username)
+        whitelisted = self.whitelisted_members()
+        for role in roles:
+            if role in whitelisted:
+                return IdpLogin(redirect_url, id_token, state_token, username, idp_uri=idp_uri, id_token_obj=parsed, session=session)
+        contact = Config().get('idps.ad.contact', 'Please contact ted.tran@c3.ai.')
+        raise AdException(f'{username} is not whitelisted. {contact}')
+    def validate_and_return_config(self, r: requests.Response):
+        if r.status_code < 200 or r.status_code >= 300:
+            debug(r.text)
+            return None
+        return self.extract_config_object(r.text)
+    def extract_config_object(self, text: str):
+        for line in text.split('\n'):
+            groups = re.match(r'.*\$Config=\s*(\{.*)', line)
+            if groups:
+                js = groups[1].replace(';', '')
+                config = json.loads(js)
+                return config
+        return None
+    def whitelisted_members(self) -> list[str]:
+        members_f = Config().get('idps.ad.whitelist-file', '/kaqing/members')
+        try:
+            with open(members_f, 'r') as file:
+                lines = file.readlines()
+            lines = [line.strip() for line in lines]
+            def is_non_comment(line: str):
+                return not line.startswith('#')
+            lines = list(filter(is_non_comment, lines))
+            return [line.split('#')[0].strip(' ') for line in lines]
+        except FileNotFoundError:
+            pass
+        return []
+    def parse_id_token(self, id_token: str) -> IdToken:
+        jwks_url = Config().get('idps.ad.jwks-uri', '')
+        try:
+            jwks_client = jwt.PyJWKClient(jwks_url, cache_jwk_set=True, lifespan=360)
+            signing_key = jwks_client.get_signing_key_from_jwt(id_token)
+            data = jwt.decode(
+                id_token,
+                signing_key.key,
+                algorithms=["RS256"],
+                options={
+                    "verify_signature": True,
+                    "verify_exp": False,
+                    "verify_nbf": True,
+                    "verify_iat": True,
+                    "verify_aud": False,
+                    "verify_iss": False,
+                },
+            )
+            return IdToken(
+                data,
+                data['email'],
+                data['name'],
+                groups=data['groups'] if 'groups' in data else [],
+                iat=data['iat'] if 'iat' in data else 0,
+                nbf=data['nbf'] if 'nbf' in data else 0,
+                exp=data['exp'] if 'exp' in data else 0
+            )
+        except:
+            debug(traceback.format_exc())
+        return None

{walker → adam}/sso/authn_okta.py RENAMED Viewed

@@ -3,20 +3,27 @@ import jwt
 import requests
 from urllib.parse import urlparse, parse_qs, unquote
-from walker.sso.authenticator import Authenticator
+from adam.sso.authenticator import Authenticator
+from adam.sso.id_token import IdToken
 from .idp_login import IdpLogin
-from walker.config import Config
-from walker.utils import log2
+from adam.config import Config
+from adam.utils import debug, log2
+class OktaException(Exception):
+    pass
 class OktaAuthenticator(Authenticator):
+    def name(self) -> str:
+        return 'Okta'
     # the singleton pattern
     def __new__(cls, *args, **kwargs):
         if not hasattr(cls, 'instance'): cls.instance = super(OktaAuthenticator, cls).__new__(cls)
         return cls.instance
-    def authenticate(self, idp_uri: str, app_host: str, username: str, password: str) -> IdpLogin:
+    def authenticate(self, idp_uri: str, app_host: str, username: str, password: str, verify: bool) -> IdpLogin:
         parsed_url = urlparse(idp_uri)
         query_string = parsed_url.query
         params = parse_qs(query_string)
@@ -25,7 +32,7 @@ class OktaAuthenticator(Authenticator):
         okta_host = parsed_url.hostname
-        url = f"https://{okta_host}/api/v1/authn"
+        authn_uri = f"https://{okta_host}/api/v1/authn"
         payload = {
             "username": username,
             "password": password,
@@ -41,20 +48,18 @@ class OktaAuthenticator(Authenticator):
         }
         session = requests.Session()
-        response = session.post(url, headers=headers, data=json.dumps(payload))
-        if Config().is_debug():
-            log2(f'{response.status_code} {url}')
+        response = session.post(authn_uri, headers=headers, data=json.dumps(payload))
+        debug(f'{response.status_code} {authn_uri}')
         auth_response = response.json()
         if 'sessionToken' not in auth_response:
-            return None
+            raise OktaException('Invalid username/password.')
         session_token = auth_response['sessionToken']
         url = f'{idp_uri}&sessionToken={session_token}'
         r = session.get(url)
-        if Config().is_debug():
-            log2(f'{r.status_code} {url}')
+        debug(f'{r.status_code} {url}')
         id_token = OktaAuthenticator().extract(r.text, r'.*name=\"id_token\" value=\"(.*?)\".*')
         if not id_token:
@@ -64,28 +69,32 @@ class OktaAuthenticator(Authenticator):
             else:
                 log2('id_token not found\n' + r.text)
-            return None
+            raise OktaException('Invalid username/password.')
+        if not verify:
+            # just relay id_token, it will be verified by SP
+            return IdpLogin(redirect_url, id_token, state_token, username, idp_uri=idp_uri, id_token_obj=None, session=session)
         if group := Config().get('app.login.admin-group', '{host}/C3.ClusterAdmin').replace('{host}', app_host):
-            if group not in OktaAuthenticator.get_groups(okta_host, id_token):
+            parsed = OktaAuthenticator.parse_id_token(okta_host, id_token)
+            if group not in parsed.groups:
                 tks = group.split('/')
                 group = tks[len(tks) - 1]
                 log2(f'{username} is not a member of {group}.')
-                return None
+                raise OktaException("You are not part of admin group.")
-        return IdpLogin(redirect_url, id_token, state_token, username, session=session)
+        return IdpLogin(redirect_url, id_token, state_token, username, idp_uri=idp_uri, id_token_obj=parsed, session=session)
-    def get_groups(idp_host, id_token) -> list[str]:
-        groups: list[str] = []
+    def parse_id_token(idp_host, id_token) -> IdToken:
+        data: dict[str, any] = []
         if not jwt.algorithms.has_crypto:
             log2("No crypto support for JWT, please install the cryptography dependency")
-            return groups
+            return None
-        okta_auth_server = f"https://{idp_host}/oauth2"
-        jwks_url = f"{okta_auth_server}/v1/keys"
+        jwks_url = Config().get('idps.okta.jwks-uri', 'https://c3energy.okta.com/oauth2/v1/keys')
         try:
             jwks_client = jwt.PyJWKClient(jwks_url, cache_jwk_set=True, lifespan=360)
             signing_key = jwks_client.get_signing_key_from_jwt(id_token)
@@ -103,8 +112,16 @@ class OktaAuthenticator(Authenticator):
                 },
             )
-            return data['groups']
+            return IdToken(
+                data,
+                data['email'],
+                data['name'],
+                groups=data['groups'] if 'groups' in data else [],
+                iat=data['iat'] if 'iat' in data else 0,
+                nbf=data['nbf'] if 'nbf' in data else 0,
+                exp=data['exp'] if 'exp' in data else 0
+            )
         except:
             pass
-        return groups
+        return None

adam/sso/cred_cache.py ADDED Viewed

@@ -0,0 +1,60 @@
+import os
+from pathlib import Path
+import traceback
+from dotenv import load_dotenv
+from adam.config import Config
+from adam.utils import debug
+from adam.utils_k8s.kube_context import KubeContext
+class CredCache:
+    # the singleton pattern
+    def __new__(cls, *args, **kwargs):
+        if not hasattr(cls, 'instance'): cls.instance = super(CredCache, cls).__new__(cls)
+        return cls.instance
+    def __init__(self):
+        if not hasattr(self, 'env_f'):
+            self.dir = f'{Path.home()}/.kaqing'
+            self.env_f = f'{self.dir}/.credentials'
+            # immutable - cannot reload with different file content
+            load_dotenv(dotenv_path=self.env_f)
+            self.overrides: dict[str, str] = {}
+    def get_username(self):
+        return self.overrides['IDP_USERNAME'] if 'IDP_USERNAME' in self.overrides else self.get('IDP_USERNAME')
+    def get_password(self):
+        return self.overrides['IDP_PASSWORD'] if 'IDP_PASSWORD' in self.overrides else self.get('IDP_PASSWORD')
+    def get(self, key: str) -> str:
+        return os.getenv(key)
+    def cache(self, username: str, password: str = None):
+        if os.path.exists(self.env_f):
+            with open(self.env_f, 'w') as file:
+                try:
+                    file.truncate()
+                except:
+                    debug(traceback.format_exc())
+        updated = []
+        updated.append(f'IDP_USERNAME={username}')
+        if not KubeContext.in_cluster() and password:
+            # do not store password to the .credentials file when in Kubernetes pod
+            updated.append(f'IDP_PASSWORD={password}')
+        if updated:
+            if not os.path.exists(self.env_f):
+                os.makedirs(self.dir, exist_ok=True)
+            with open(self.env_f, 'w') as file:
+                file.write('\n'.join(updated))
+            if username:
+                self.overrides['IDP_USERNAME'] = username
+            if password:
+                self.overrides['IDP_PASSWORD'] = password
+            debug(f'Cached username: {username}, password: {password}, try load: {self.get_username()}')

adam/sso/id_token.py ADDED Viewed

@@ -0,0 +1,23 @@
+class IdToken:
+    def __init__(self, data: dict[str, any], email: str, username: str, groups: list[str] = [], iat: int = 0, nbf: int = 0, exp: int = 0):
+        self.data = data
+        self.email = email
+        self.username = username
+        self.groups = groups
+        self.iat = iat
+        self.nbf = nbf
+        self.exp = exp
+    def from_dict(j: dict[str, any]):
+        return IdToken(
+            j['data'],
+            j['email'],
+            j['username'],
+            groups=j['groups'] if 'groups' in j else None,
+            iat=j['iat'] if 'iat' in j else None,
+            nbf=j['nbf'] if 'nbf' in j else None,
+            exp=j['exp'] if 'exp' in j else None
+        )
+    def to_dict(self):
+        return self.__dict__

adam/sso/idp.py ADDED Viewed

@@ -0,0 +1,143 @@
+import base64
+import getpass
+import os
+import sys
+import termios
+import traceback
+from typing import Callable, TypeVar
+import requests
+from kubernetes import config
+import yaml
+from adam.utils_k8s.secrets import Secrets
+from .cred_cache import CredCache
+from .idp_session import IdpSession
+from .idp_login import IdpLogin
+from adam.config import Config
+from adam.utils import debug, log
+T = TypeVar('T')
+class Idp:
+    ctrl_c_entered = False
+    # the singleton pattern
+    def __new__(cls, *args, **kwargs):
+        if not hasattr(cls, 'instance'): cls.instance = super(Idp, cls).__new__(cls)
+        return cls.instance
+    def login(app_host: str, username: str = None, idp_uri: str = None, forced = False, use_token_from_env = True, use_cached_creds = True, verify = True) -> IdpLogin:
+        session: IdpSession = IdpSession.create(username, app_host, app_host, idp_uri=idp_uri)
+        if use_token_from_env:
+            if l0 := session.login_from_env_var():
+                return l0
+            if port := os.getenv("SERVER_PORT"):
+                token_server = Config().get('app.login.token-server-url', 'http://localhost:{port}').replace('{port}', port)
+                res: requests.Response = requests.get(token_server)
+                if res.status_code == 200 and res.text:
+                    try:
+                        # may fail if the idp token is not complete
+                        return session.login_from_token(res.text)
+                    except:
+                        pass
+        r: IdpLogin = None
+        try:
+            if username:
+                log(f'{session.idp_host()} login: {username}')
+            while not username or Idp.ctrl_c_entered:
+                if Idp.ctrl_c_entered:
+                    Idp.ctrl_c_entered = False
+                default_user: str = None
+                if use_cached_creds:
+                    default_user = CredCache().get_username()
+                    debug(f'User read from cache: {default_user}')
+                if from_env := os.getenv('USERNAME'):
+                    default_user = from_env
+                if default_user and default_user != username:
+                    session = IdpSession.create(default_user, app_host, app_host)
+                    if forced:
+                        username = default_user
+                    else:
+                        username = input(f'{session.idp_host()} login(default {default_user}): ') or default_user
+                else:
+                    username = input(f'{session.idp_host()} login: ')
+            session2: IdpSession = IdpSession.create(username, app_host, app_host)
+            if session.idp_host() != session2.idp_host():
+                session = session2
+                log(f'Switching to {session.idp_host()}...')
+                log()
+                log(f'{session.idp_host()} login: {username}')
+            password = None
+            while password == None or Idp.ctrl_c_entered: # exit the while loop even if password is empty string
+                if Idp.ctrl_c_entered:
+                    Idp.ctrl_c_entered = False
+                default_pass = CredCache().get_password() if use_cached_creds else None
+                if default_pass:
+                    if forced:
+                        password = default_pass
+                    else:
+                        password = Idp.with_no_ican(lambda: getpass.getpass(f'Password(default ********): ') or default_pass)
+                else:
+                    password = Idp.with_no_ican(lambda: getpass.getpass(f'Password: '))
+            if username and password:
+                # if uploading kubeconfig file fails many times, you will be locked out
+                # kubeconfig file content has first char as tab or length of bigger than 128
+                if password[0] == '\t' or len(password) > Config().get('app.login.password-max-length', 128):
+                    if r := Idp.try_kubeconfig(username, password):
+                        log(f"You're signed in as {username}")
+                        return r
+                else:
+                    if r := session.authenticator.authenticate(session.idp_uri, app_host, username, password, verify=verify):
+                        log(f"You're signed in as {username}")
+                    return r
+        finally:
+            if r and Config().get('app.login.cache-creds', True):
+                CredCache().cache(username, password)
+            elif username and Config().get('app.login.cache-username', True):
+                CredCache().cache(username)
+        return None
+    def with_no_ican(body: Callable[[], T]) -> T:
+        # override 4096 character limit with OS terminal - stty -noican
+        fd = sys.stdin.fileno()
+        old = termios.tcgetattr(fd)
+        new = termios.tcgetattr(fd)
+        new[3] = new[3] & ~termios.ICANON
+        try:
+            termios.tcsetattr(fd, termios.TCSADRAIN, new)
+            return body()
+        finally:
+            termios.tcsetattr(fd, termios.TCSADRAIN, old)
+    def try_kubeconfig(username: str, kubeconfig: str):
+        try:
+            if kubeconfig[0] == '\t':
+                kubeconfig = kubeconfig[1:]
+            kubeconfig_string = base64.b64decode(kubeconfig.encode('ascii') + b'==').decode('utf-8')
+            if kubeconfig_string.startswith('apiVersion: '):
+                kubeconfig_dict = yaml.safe_load(kubeconfig_string)
+                config.kube_config.load_kube_config_from_dict(kubeconfig_dict)
+                # test if you can list Kubernetes secretes with the given kubeconfig file
+                Secrets.list_secrets(os.getenv('NAMESPACE'))
+                return IdpLogin(None, None, None, username)
+        except:
+            debug(traceback.format_exc())
+            pass
+        return None

adam/sso/idp_login.py ADDED Viewed

@@ -0,0 +1,50 @@
+import base64
+import json
+from urllib.parse import parse_qs, urlparse
+import requests
+from adam.sso.id_token import IdToken
+class IdpLogin:
+    def __init__(self, app_login_url: str, id_token: str, state: str, user: str = None, idp_uri: str = None, id_token_obj: IdToken = None, session: requests.Session = None):
+        self.app_login_url = app_login_url
+        self.id_token = id_token
+        self.state = state
+        self.user = user
+        self.idp_uri = idp_uri
+        self.id_token_obj = id_token_obj
+        self.session = session
+    def deser(idp_token: str):
+        j = json.loads(base64.b64decode(idp_token.encode('utf-8')))
+        return IdpLogin(
+            j['r'],
+            j['id_token'],
+            j['state'],
+            idp_uri=j['idp_uri'] if 'idp_uri' in j else None,
+            id_token_obj=IdToken.from_dict(j['id_token_obj']) if 'id_token_obj' in j else None)
+    def ser(self):
+        return base64.b64encode(json.dumps({
+            'r': self.app_login_url,
+            'id_token': self.id_token,
+            'state': self.state,
+            'idp_uri': self.idp_uri,
+            'id_token_obj': self.id_token_obj.to_dict() if self.id_token_obj else None
+        }).encode('utf-8')).decode('utf-8')
+    def create_from_idp_uri(idp_uri: str):
+        parsed_url = urlparse(idp_uri)
+        query_string = parsed_url.query
+        params = parse_qs(query_string)
+        state_token = params.get('state', [''])[0]
+        redirect_url = params.get('redirect_uri', [''])[0]
+        return IdpLogin(app_login_url=redirect_url, id_token=None, state=state_token, idp_uri=idp_uri)
+    def shell_user(self):
+        if not self.user:
+            return None
+        return self.user.split('@')[0].replace('.', '')

kaqing 1.77.0__py3-none-any.whl → 2.0.171__py3-none-any.whl

kaqing 1.77.0py3-none-any.whl → 2.0.171py3-none-any.whl