kaqing 1.77.0__py3-none-any.whl → 2.0.171__py3-none-any.whl

walker/repl_state.py

@@ -1,211 +0,0 @@
-import copy
-from enum import Enum
-
-from walker.commands.postgres.postgres_session import PostgresSession
-from walker.k8s_utils.cassandra_clusters import CassandraClusters
-from walker.k8s_utils.cassandra_nodes import CassandraNodes
-from walker.k8s_utils.kube_context import KubeContext
-from walker.k8s_utils.secrets import Secrets
-from walker.utils import display_help, log2, random_alphanumeric
-
-class BashSession:
-    def __init__(self, device: str = None):
-        self.session_id = random_alphanumeric(6)
-        self.device = device
-
-    def pwd(self, state: 'ReplState'):
-        command = f'cat /tmp/.qing-{self.session_id}'
-
-        if state.pod:
-            rs = [CassandraNodes.exec(state.pod, state.namespace, command, show_out=False)]
-        elif state.sts:
-            rs = CassandraClusters.exec(state.sts, state.namespace, command, action='bash', show_out=False)
-
-        dir = None
-        for r in rs:
-            if r.exit_code(): # if fails to read the session file, ignore
-                continue
-
-            dir0 = r.stdout.strip(' \r\n')
-            if dir:
-                if dir != dir0:
-                    log2('Inconsitent working dir found across multiple pods.')
-                    return None
-            else:
-                dir = dir0
-
-        return dir
-
-class RequiredState(Enum):
-    CLUSTER = 'cluster'
-    POD = 'pod'
-    CLUSTER_OR_POD = 'cluster_or_pod'
-    NAMESPACE = 'namespace'
-    PG_DATABASE = 'pg_database'
-    APP_APP = 'app_app'
-
-class ReplState:
-    A = 'a'
-    C = 'c'
-    P = 'p'
-
-    def __init__(self, device: str = None,
-                 sts: str = None, pod: str = None, namespace: str = None, ns_sts: str = None,
-                 pg_path: str = None,
-                 app_env: str = None, app_app: str = None,
-                 in_repl = False, bash_session: BashSession = None, remote_dir = None):
-        self.namespace = KubeContext.in_cluster_namespace()
-
-        self.device = device
-        self.sts = sts
-        self.pod = pod
-        self.pg_path = pg_path
-        self.app_env = app_env
-        self.app_app = app_app
-        if namespace:
-            self.namespace = namespace
-        self.in_repl = in_repl
-        self.bash_session = bash_session
-        self.remote_dir = remote_dir
-        self.wait_log_flag = False
-
-        if ns_sts:
-            nn = ns_sts.split('@')
-            self.sts = nn[0]
-            if len(nn) > 1:
-                self.namespace = nn[1]
-
-    # work for CliCommand.Values()
-    def __eq__(self, other: 'ReplState'):
-        return self.sts == other.sts and self.pod == other.pod
-
-    def __hash__(self):
-        return hash((self.sts, self.pod))
-
-    def apply_args(self, args: list[str], cmd: list[str] = None, resolve_pg = True) -> tuple['ReplState', list[str]]:
-        state = self
-
-        new_args = []
-        for index, arg in enumerate(args):
-            if index < 6:
-                state = copy.copy(state)
-
-                s, n = KubeContext.is_sts_name(arg)
-                if s:
-                    if not state.sts:
-                        state.sts = s
-                    if n and not state.namespace:
-                        state.namespace = n
-
-                p, n = KubeContext.is_pod_name(arg)
-                if p:
-                    if not state.pod:
-                        state.pod = p
-                    if n and not state.namespace:
-                        state.namespace = n
-
-                pg = None
-                if resolve_pg:
-                    pg = KubeContext.is_pg_name(arg)
-                    if pg and not state.pg_path:
-                        state.pg_path = pg
-
-                if not s and not p and not pg:
-                    new_args.append(arg)
-            else:
-                new_args.append(arg)
-
-        if cmd:
-            new_args = new_args[len(cmd):]
-
-        return (state, new_args)
-
-    def validate(self, required: RequiredState = None, pg_required: RequiredState = None, app_required: RequiredState = None):
-        if not pg_required and not app_required:
-            if required == RequiredState.CLUSTER:
-                if not self.namespace or not self.sts:
-                    if self.in_repl:
-                        log2('cd to a cluster first.')
-                    else:
-                        log2('* cluster is missing.')
-                        log2()
-                        display_help()
-
-                    return False
-            elif required == RequiredState.POD:
-                if not self.namespace or not self.pod:
-                    if self.in_repl:
-                        log2('cd to a pod first.')
-                    else:
-                        log2('* Pod is missing.')
-                        log2()
-                        display_help()
-
-                    return False
-            elif required == RequiredState.CLUSTER_OR_POD:
-                if not self.namespace or not self.sts and not self.pod:
-                    if self.in_repl:
-                        log2('cd to a cluster first.')
-                    else:
-                        log2('* cluster or pod is missing.')
-                        log2()
-                        display_help()
-
-                    return False
-            elif required == RequiredState.NAMESPACE:
-                if not self.namespace:
-                    if self.in_repl:
-                        log2('Namespace is required.')
-                    else:
-                        log2('* namespace is missing.')
-                        log2()
-                        display_help()
-
-                    return False
-
-        if pg_required == RequiredState.PG_DATABASE:
-            pg = PostgresSession(self.namespace, self.pg_path)
-            if not pg.db:
-                if self.in_repl:
-                    log2('cd to a database first.')
-                else:
-                    log2('* database is missing.')
-                    log2()
-                    display_help()
-
-                return False
-
-        if app_required == RequiredState.APP_APP and not self.app_app:
-            if self.in_repl:
-                log2('cd to an app first.')
-            else:
-                log2('* app is missing.')
-                log2()
-                display_help()
-
-            return False
-
-        return True
-
-    def user_pass(self, secret_path = 'cql.secret'):
-        return Secrets.get_user_pass(self.pod if self.pod else self.sts, self.namespace, secret_path=secret_path)
-
-    def enter_bash(self, bash_session: BashSession):
-        self.bash_session = bash_session
-        if self.device != ReplState.C:
-            self.device = ReplState.C
-            log2(f'Moved to {ReplState.C}: automatically. Will move back to {ReplState.P}: when you exit the bash session.')
-
-    def exit_bash(self):
-        if self.bash_session and self.bash_session.device:
-            self.device = self.bash_session.device
-
-        self.bash_session = None
-
-    def wait_log(self, msg: str):
-        if not self.wait_log_flag:
-            log2(msg)
-            self.wait_log_flag = True
-
-    def clear_wait_log_flag(self):
-        self.wait_log_flag = False

walker/sso/authn_ad.py

@@ -1,94 +0,0 @@
-import json
-import re
-import requests
-from urllib.parse import urlparse, parse_qs, unquote
-
-from walker.sso.authenticator import Authenticator
-
-from .idp_login import IdpLogin
-from walker.config import Config
-from walker.utils import log2
-
-class AdAuthenticator(Authenticator):
-    # the singleton pattern
-    def __new__(cls, *args, **kwargs):
-        if not hasattr(cls, 'instance'): cls.instance = super(AdAuthenticator, cls).__new__(cls)
-
-        return cls.instance
-
-    def authenticate(self, idp_uri: str, app_host: str, username: str, password: str) -> IdpLogin:
-        # https%3A%2F%2Fplat.c3ci.cloud%2Fc3%2Fc3%2Foidc%2Flogin
-        parsed_url = urlparse(idp_uri)
-        query_string = parsed_url.query
-        params = parse_qs(query_string)
-        state_token = params.get('state', [''])[0]
-        redirect_url = params.get('redirect_uri', [''])[0]
-
-        session = requests.Session()
-        r = session.get(idp_uri)
-        if Config().is_debug():
-            log2(f'{r.status_code} {idp_uri}')
-        # print(r.text)
-
-        # extract_config_object('$Config={"fShowPersistentCookiesWarning":false}\n//]]></script>')
-        config = self.extract_config_object(r.text)
-
-        login = f'https://login.microsoftonline.com/53ad779a-93e7-485c-ba20-ac8290d7252b/login';
-        body = {
-            'login': username,
-            'LoginOptions': '3',
-            'passwd': password,
-            'ctx': config['sCtx'],
-            'hpgrequestid': config['sessionId'],
-            'flowToken': config['sFT']
-        }
-        # print(body)
-        r = session.post(login, data=body, headers={
-            'Content-Type': 'application/x-www-form-urlencoded'
-        })
-        if Config().is_debug():
-            log2(f'{r.status_code} {login}')
-        # print(r.text)
-
-        config = self.extract_config_object(r.text)
-
-        kmsi = 'https://login.microsoftonline.com/kmsi'
-        body = {
-            'LoginOptions': '1',
-            'ctx': config['sCtx'],
-            'hpgrequestid': config['sessionId'],
-            'flowToken': config['sFT'],
-        }
-        r = session.post(kmsi, data=body, headers={
-            'Content-Type': 'application/x-www-form-urlencoded'
-        })
-        if Config().is_debug():
-            log2(f'{r.status_code} {kmsi}')
-
-        id_token = None
-        if (config := self.extract_config_object(r.text)):
-            if 'strServiceExceptionMessage' in config:
-                log2(config['strServiceExceptionMessage'])
-            else:
-                log2('Unknown err.')
-
-            return None
-
-        id_token = self.extract(r.text, r'.*name=\"id_token\" value=\"(.*?)\".*')
-
-        return IdpLogin(redirect_url, id_token, state_token, username, session=session)
-
-    def extract_config_object(self, text: str):
-        for line in text.split('\n'):
-            groups = re.match(r'.*\$Config=\s*(\{.*)', line)
-            if groups:
-                js = groups[1].replace(';', '')
-                config = json.loads(js)
-
-                # print("* sessionId =", config['sessionId'])
-                # print("* ctx =", config['sCtx'])
-                # print("* flowToken =", config['sFT'])
-
-                return config
-
-        return None

walker/sso/idp.py

@@ -1,150 +0,0 @@
-import getpass
-import os
-from pathlib import Path
-from dotenv import load_dotenv
-from urllib.parse import urlparse, parse_qs
-
-from walker.sso import authn_okta
-from walker.sso.authenticator import Authenticator
-from walker.sso.authn_ad import AdAuthenticator
-from walker.sso.sso_config import SsoConfig
-
-from .idp_login import IdpLogin
-from walker.config import Config
-from walker.k8s_utils.kube_context import KubeContext
-from walker.utils import log, log2
-
-class Idp:
-    ctrl_c_entered = False
-
-    def __init__(self):
-        pass
-
-    def parse_idp_uri(idp_uri: str):
-        parsed_url = urlparse(idp_uri)
-        query_string = parsed_url.query
-        params = parse_qs(query_string)
-        state_token = params.get('state', [''])[0]
-        redirect_url = params.get('redirect_uri', [''])[0]
-
-        return IdpLogin(app_login_url=redirect_url, id=None, state=state_token)
-
-    def login(app_host: str, username: str = None, forced = False, use_cached = True) -> IdpLogin:
-        idp_uri = SsoConfig().find_idp_uri(username, app_host, app_host)
-
-        if use_cached:
-            if idp_token := os.getenv('IDP_TOKEN'):
-                l0: IdpLogin = IdpLogin.deser(idp_token)
-                l1: IdpLogin = Idp.parse_idp_uri(idp_uri)
-                if l0.app_login_url == l1.app_login_url:
-                    if l0.state != 'EMPTY':
-                        return l0
-
-                    l0.state = l1.state
-
-                return l0
-
-        return Idp.with_creds(app_host, idp_uri, forced, username=username)
-
-    def with_creds(app_host: str, idp_uri: str, forced: bool, username: str = None) -> IdpLogin:
-        idp = urlparse(idp_uri).hostname
-
-        def resolve_authn():
-            if 'okta' in idp.lower():
-                return authn_okta.OktaAuthenticator()
-            elif 'microsoftonline' in idp.lower():
-                return AdAuthenticator()
-            else:
-                log2(f'{idp} is not supported; only okta and ad are supported.')
-
-                return None
-
-        authn: Authenticator = resolve_authn()
-        if not authn:
-            return None
-
-        okta = idp.upper().split('.')[0]
-        dir = f'{Path.home()}/.kaqing'
-        env_f = f'{dir}/.credentials'
-        load_dotenv(dotenv_path=env_f)
-
-        # c3energy.okta.com login:
-        # Password:
-        # username = None
-        if username:
-            log(f'{idp} login: {username}')
-
-        while not username or Idp.ctrl_c_entered:
-            if Idp.ctrl_c_entered:
-                Idp.ctrl_c_entered = False
-
-            default_user = os.getenv(f'{okta}_USERNAME')
-            if default_user:
-                if forced:
-                    username = default_user
-                else:
-                    username = input(f'{idp} login(default {default_user}): ') or default_user
-            else:
-                username = input(f'{idp} login: ')
-
-        idp2_uri = SsoConfig().find_idp_uri(username, app_host, app_host)
-        if idp != (idp2 := urlparse(idp2_uri).hostname):
-            log(f'Switched to {idp2}.')
-            idp = idp2
-            log(f'{idp} login: {username}')
-            authn = resolve_authn()
-            idp_uri = idp2_uri
-
-        password = None
-        while not password or Idp.ctrl_c_entered:
-            if Idp.ctrl_c_entered:
-                Idp.ctrl_c_entered = False
-
-            default_pass = os.getenv(f'{okta}_PASSWORD')
-            if default_pass:
-                if forced:
-                    password = default_pass
-                else:
-                    password = getpass.getpass(f'Password(default ********): ') or default_pass
-            else:
-                password = getpass.getpass(f'Password: ')
-
-        if username and password:
-            r: IdpLogin = None
-            try:
-                r = authn.authenticate(idp_uri, app_host, username, password)
-
-                return r
-            finally:
-                if r and Config().get('app.login.cache-creds', True):
-                    updated = []
-                    if os.path.exists(env_f):
-                        with open(env_f, 'r') as file:
-                            try:
-                                file_content = file.read()
-                                for l in file_content.split('\n'):
-                                    tks = l.split('=')
-                                    key = tks[0]
-                                    value = tks[1] if len(tks) > 1 else ''
-                                    if key == f'{okta}_USERNAME':
-                                        value = username
-                                    elif key == f'{okta}_PASSWORD' and not KubeContext.in_cluster():
-                                        # do not store password to the .credentials file when in Kubernetes pod
-                                        value = password
-                                    updated.append(f'{key}={value}')
-                            except:
-                                updated = None
-                                log2('Update failed')
-                    else:
-                        updated.append(f'{okta}_USERNAME={username}')
-                        if not KubeContext.in_cluster():
-                            # do not store password to the .credentials file when in Kubernetes pod
-                            updated.append(f'{okta}_PASSWORD={password}')
-
-                    if updated:
-                        if not os.path.exists(env_f):
-                            os.makedirs(dir, exist_ok=True)
-                        with open(env_f, "w") as file:
-                            file.write('\n'.join(updated))
-
-        return None

walker/sso/idp_login.py

@@ -1,29 +0,0 @@
-import base64
-import json
-import requests
-
-class IdpLogin:
-    def __init__(self, app_login_url: str, id: str, state: str, user: str = None, session: requests.Session = None):
-        self.app_login_url = app_login_url
-        self.id = id
-        self.state = state
-        self.user = user
-        self.session = session
-
-    def deser(idp_token: str):
-        j = json.loads(base64.b64decode(idp_token.encode('utf-8')))
-
-        return IdpLogin(j['r'], j['id'], j['state'])
-
-    def ser(self):
-        return base64.b64encode(json.dumps({
-            'r': self.app_login_url,
-            'id': self.id,
-            'state': self.state
-        }).encode('utf-8')).decode('utf-8')
-
-    def shell_user(self):
-        if not self.user:
-            return None
-
-        return self.user.split('@')[0].replace('.', '')

walker/sso/sso_config.py

@@ -1,45 +0,0 @@
-import base64
-import json
-import os
-import re
-import requests
-
-from walker.config import Config
-
-class SsoConfig:
-    # the singleton pattern
-    def __new__(cls, *args, **kwargs):
-        if not hasattr(cls, 'instance'): cls.instance = super(SsoConfig, cls).__new__(cls)
-
-        return cls.instance
-
-    def __init__(self):
-        if not hasattr(self, 'config'):
-            self.config = Config().get('idps', {
-
-            })
-            # print(self.config)
-
-    def find_idp_uri(self, user_email: str, client_id: str, app_host: str):
-        default = 'https://c3energy.okta.com/oauth2/v1/authorize?response_type=id_token&response_mode=form_post&client_id={client_id}&scope=openid+email+profile+groups&redirect_uri=https%3A%2F%2F{host}%2Fc3%2Fc3%2Foidc%2Flogin&nonce={nonce}&state=EMPTY'
-
-        def rpl(uri: str):
-            return uri.replace('{client_id}', client_id).replace('{host}', app_host).replace('{nonce}', SsoConfig.generate_oauth_nonce())
-
-        if not user_email:
-            return rpl(default)
-
-        for idp_name, conf in self.config.items():
-            if 'email-pattern' in conf:
-                groups = re.match(conf['email-pattern'], user_email)
-                if groups:
-                    return rpl(conf['uri'])
-
-        return rpl(default)
-
-    def generate_oauth_nonce():
-        random_bytes = os.urandom(32)
-        nonce = base64.urlsafe_b64encode(random_bytes).decode('utf-8')
-        nonce = nonce.rstrip('=')
-
-        return nonce