kaqing 1.98.79__py3-none-any.whl → 1.98.80__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- adam/embedded_params.py +1 -1
- adam/sso/authn_ad.py +40 -10
- adam/version.py +1 -1
- {kaqing-1.98.79.dist-info → kaqing-1.98.80.dist-info}/METADATA +1 -1
- {kaqing-1.98.79.dist-info → kaqing-1.98.80.dist-info}/RECORD +8 -8
- {kaqing-1.98.79.dist-info → kaqing-1.98.80.dist-info}/WHEEL +0 -0
- {kaqing-1.98.79.dist-info → kaqing-1.98.80.dist-info}/entry_points.txt +0 -0
- {kaqing-1.98.79.dist-info → kaqing-1.98.80.dist-info}/top_level.txt +0 -0
adam/embedded_params.py
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
1
|
def config():
|
|
2
|
-
return {'app': {'console-endpoint': 'https://{host}/{env}/{app}/static/console/index.html', 'cr': {'cluster-regex': '(.*?-.*?)-.*', 'group': 'ops.c3.ai', 'v': 'v2', 'plural': 'c3cassandras'}, 'label': 'c3__app_id-0', 'login': {'admin-group': '{host}/C3.ClusterAdmin', 'ingress': '{app_id}-k8singr-appleader-001', 'timeout': 5, 'session-check-url': 'https://{host}/{env}/{app}/api/8/C3/userSessionToken', 'cache-creds': True, 'cache-username': True, 'url': 'https://{host}/{env}/{app}', 'another': "You're logged in to {has}. However, for this app, you need to log in to {need}.", 'token-server-url': 'http://localhost:{port}', 'password-max-length': 128}, 'strip': '0'}, 'bash': {'workers': 32}, 'cassandra': {'service-name': 'all-pods-service'}, 'cql': {'workers': 32, 'samples': 3, 'secret': {'cluster-regex': '(.*?-.*?)-.*', 'name': '{cluster}-superuser', 'password-item': 'password'}}, 'checks': {'compactions-threshold': 250, 'cpu-busy-threshold': 98.0, 'cpu-threshold': 0.0, 'cassandra-data-path': '/c3/cassandra', 'root-disk-threshold': 50, 'cassandra-disk-threshold': 50, 'snapshot-size-cmd': "ls /c3/cassandra/data/data/*/*/snapshots | grep snapshots | sed 's/:$//g' | xargs -I {} du -sk {} | awk '{print $1}' | awk '{s+=$1} END {print s}'", 'snapshot-size-threshold': '40G', 'table-sizes-cmd': "ls -Al /c3/cassandra/data/data/ | awk '{print $9}' | sed 's/\\^r//g' | xargs -I {} du -sk /c3/cassandra/data/data/{}"}, 'get-host-id': {'workers': 32}, 'idps': {'ad': {'email-pattern': '.*@c3.ai', 'uri': 'https://login.microsoftonline.com/53ad779a-93e7-485c-ba20-ac8290d7252b/oauth2/v2.0/authorize?response_type=id_token&response_mode=form_post&client_id=00ff94a8-6b0a-4715-98e0-95490012d818&scope=openid+email+profile&redirect_uri=https%3A%2F%2Fplat.c3ci.cloud%2Fc3%2Fc3%2Foidc%2Flogin&nonce={nonce}&state=EMPTY', 'contact': 'Please contact ted.tran@c3.ai.', 'whitelist-file': '/kaqing/members'}, 'okta': {'default': True, 'email-pattern': '.*@c3iot.com', 'uri': 'https://c3energy.okta.com/oauth2/v1/authorize?response_type=id_token&response_mode=form_post&client_id={client_id}&scope=openid+email+profile+groups&redirect_uri=https%3A%2F%2F{host}%2Fc3%2Fc3%2Foidc%2Flogin&nonce={nonce}&state=EMPTY'}}, 'issues': {'workers': 32}, 'logs': {'path': '/c3/cassandra/logs/system.log'}, 'medusa': {'restore-auto-complete': False}, 'nodetool': {'workers': 32, 'samples': 3, 'commands_in_line': 40}, 'pg': {'name-pattern': '^{namespace}.*-k8spg-.*', 'excludes': '.helm., -admin-secret', 'agent': {'image': 'seanahnsf/kaqing', 'name': 'kaqing-agent', 'timeout': 86400}, 'default-db': 'postgres', 'default-schema': 'postgres', 'secret': {'endpoint-key': 'postgres-db-endpoint', 'port-key': 'postgres-db-port', 'username-key': 'postgres-admin-username', 'password-key': 'postgres-admin-password'}}, 'preview': {'rows': 10}, 'processes': {'columns': 'pod,cpu,mem', 'header': 'POD_NAME,CPU,MEM/LIMIT'}, 'reaper': {'service-name': 'reaper-service', 'port-forward': {'timeout': 86400, 'local-port': 9001}, 'abort-runs-batch': 10, 'show-runs-batch': 100, 'pod': {'cluster-regex': '(.*?-.*?-.*?-.*?)-.*', 'label-selector': 'k8ssandra.io/reaper={cluster}-reaper'}, 'secret': {'cluster-regex': '(.*?-.*?)-.*', 'name': '{cluster}-reaper-ui', 'password-item': 'password'}}, 'repair': {'log-path': '/home/cassrepair/logs/', 'image': 'ci-registry.c3iot.io/cloudops/cassrepair:2.0.13', 'secret': 'ciregistryc3iotio', 'env': {'interval': 24, 'timeout': 60, 'pr': False, 'runs': 1}}, 'repl': {'start-drive': 'a', 'auto-enter-app': 'c3/c3', 'auto-enter-only-cluster': True}, 'status': {'columns': 'status,address,load,tokens,owns,host_id,gossip,compactions', 'header': '--,Address,Load,Tokens,Owns,Host ID,GOSSIP,COMPACTIONS'}, 'storage': {'columns': 'pod,volume_root,volume_cassandra,snapshots,data,compactions', 'header': 'POD_NAME,VOLUME /,VOLUME CASS,SNAPSHOTS,DATA,COMPACTIONS'}, 'watch': {'auto': 'rollout', 'timeout': 3600, 'interval': 10}, 'debug': {'timings': False, 'exit-on-error': False, 'show-parallelism': False, 'show-out': False}}
|
|
2
|
+
return {'app': {'console-endpoint': 'https://{host}/{env}/{app}/static/console/index.html', 'cr': {'cluster-regex': '(.*?-.*?)-.*', 'group': 'ops.c3.ai', 'v': 'v2', 'plural': 'c3cassandras'}, 'label': 'c3__app_id-0', 'login': {'admin-group': '{host}/C3.ClusterAdmin', 'ingress': '{app_id}-k8singr-appleader-001', 'timeout': 5, 'session-check-url': 'https://{host}/{env}/{app}/api/8/C3/userSessionToken', 'cache-creds': True, 'cache-username': True, 'url': 'https://{host}/{env}/{app}', 'another': "You're logged in to {has}. However, for this app, you need to log in to {need}.", 'token-server-url': 'http://localhost:{port}', 'password-max-length': 128}, 'strip': '0'}, 'bash': {'workers': 32}, 'cassandra': {'service-name': 'all-pods-service'}, 'cql': {'workers': 32, 'samples': 3, 'secret': {'cluster-regex': '(.*?-.*?)-.*', 'name': '{cluster}-superuser', 'password-item': 'password'}}, 'checks': {'compactions-threshold': 250, 'cpu-busy-threshold': 98.0, 'cpu-threshold': 0.0, 'cassandra-data-path': '/c3/cassandra', 'root-disk-threshold': 50, 'cassandra-disk-threshold': 50, 'snapshot-size-cmd': "ls /c3/cassandra/data/data/*/*/snapshots | grep snapshots | sed 's/:$//g' | xargs -I {} du -sk {} | awk '{print $1}' | awk '{s+=$1} END {print s}'", 'snapshot-size-threshold': '40G', 'table-sizes-cmd': "ls -Al /c3/cassandra/data/data/ | awk '{print $9}' | sed 's/\\^r//g' | xargs -I {} du -sk /c3/cassandra/data/data/{}"}, 'get-host-id': {'workers': 32}, 'idps': {'ad': {'email-pattern': '.*@c3.ai', 'uri': 'https://login.microsoftonline.com/53ad779a-93e7-485c-ba20-ac8290d7252b/oauth2/v2.0/authorize?response_type=id_token&response_mode=form_post&client_id=00ff94a8-6b0a-4715-98e0-95490012d818&scope=openid+email+profile&redirect_uri=https%3A%2F%2Fplat.c3ci.cloud%2Fc3%2Fc3%2Foidc%2Flogin&nonce={nonce}&state=EMPTY', 'jwks-uri': 'https://login.microsoftonline.com/common/discovery/key', 'contact': 'Please contact ted.tran@c3.ai.', 'whitelist-file': '/kaqing/members'}, 'okta': {'default': True, 'email-pattern': '.*@c3iot.com', 'uri': 'https://c3energy.okta.com/oauth2/v1/authorize?response_type=id_token&response_mode=form_post&client_id={client_id}&scope=openid+email+profile+groups&redirect_uri=https%3A%2F%2F{host}%2Fc3%2Fc3%2Foidc%2Flogin&nonce={nonce}&state=EMPTY'}}, 'issues': {'workers': 32}, 'logs': {'path': '/c3/cassandra/logs/system.log'}, 'medusa': {'restore-auto-complete': False}, 'nodetool': {'workers': 32, 'samples': 3, 'commands_in_line': 40}, 'pg': {'name-pattern': '^{namespace}.*-k8spg-.*', 'excludes': '.helm., -admin-secret', 'agent': {'image': 'seanahnsf/kaqing', 'name': 'kaqing-agent', 'timeout': 86400}, 'default-db': 'postgres', 'default-schema': 'postgres', 'secret': {'endpoint-key': 'postgres-db-endpoint', 'port-key': 'postgres-db-port', 'username-key': 'postgres-admin-username', 'password-key': 'postgres-admin-password'}}, 'preview': {'rows': 10}, 'processes': {'columns': 'pod,cpu,mem', 'header': 'POD_NAME,CPU,MEM/LIMIT'}, 'reaper': {'service-name': 'reaper-service', 'port-forward': {'timeout': 86400, 'local-port': 9001}, 'abort-runs-batch': 10, 'show-runs-batch': 100, 'pod': {'cluster-regex': '(.*?-.*?-.*?-.*?)-.*', 'label-selector': 'k8ssandra.io/reaper={cluster}-reaper'}, 'secret': {'cluster-regex': '(.*?-.*?)-.*', 'name': '{cluster}-reaper-ui', 'password-item': 'password'}}, 'repair': {'log-path': '/home/cassrepair/logs/', 'image': 'ci-registry.c3iot.io/cloudops/cassrepair:2.0.13', 'secret': 'ciregistryc3iotio', 'env': {'interval': 24, 'timeout': 60, 'pr': False, 'runs': 1}}, 'repl': {'start-drive': 'a', 'auto-enter-app': 'c3/c3', 'auto-enter-only-cluster': True}, 'status': {'columns': 'status,address,load,tokens,owns,host_id,gossip,compactions', 'header': '--,Address,Load,Tokens,Owns,Host ID,GOSSIP,COMPACTIONS'}, 'storage': {'columns': 'pod,volume_root,volume_cassandra,snapshots,data,compactions', 'header': 'POD_NAME,VOLUME /,VOLUME CASS,SNAPSHOTS,DATA,COMPACTIONS'}, 'watch': {'auto': 'rollout', 'timeout': 3600, 'interval': 10}, 'debug': {'timings': False, 'exit-on-error': False, 'show-parallelism': False, 'show-out': False}}
|
adam/sso/authn_ad.py
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import base64
|
|
2
2
|
import json
|
|
3
3
|
import re
|
|
4
|
+
import jwt
|
|
4
5
|
import requests
|
|
5
6
|
from urllib.parse import urlparse, parse_qs
|
|
6
7
|
|
|
@@ -134,16 +135,45 @@ class AdAuthenticator(Authenticator):
|
|
|
134
135
|
return []
|
|
135
136
|
|
|
136
137
|
def parse_id_token(self, id_token: str) -> IdToken:
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
138
|
+
jwks_url = Config().get('idps.ad.jwks-uri', 'https://login.microsoftonline.com/common/discovery/keys')
|
|
139
|
+
try:
|
|
140
|
+
jwks_client = jwt.PyJWKClient(jwks_url, cache_jwk_set=True, lifespan=360)
|
|
141
|
+
signing_key = jwks_client.get_signing_key_from_jwt(id_token)
|
|
142
|
+
data = jwt.decode(
|
|
143
|
+
id_token,
|
|
144
|
+
signing_key.key,
|
|
145
|
+
algorithms=["RS256"],
|
|
146
|
+
options={
|
|
147
|
+
"verify_signature": True,
|
|
148
|
+
"verify_exp": False,
|
|
149
|
+
"verify_nbf": True,
|
|
150
|
+
"verify_iat": True,
|
|
151
|
+
"verify_aud": False,
|
|
152
|
+
"verify_iss": False,
|
|
153
|
+
},
|
|
154
|
+
)
|
|
155
|
+
return IdToken(
|
|
156
|
+
data,
|
|
157
|
+
data['email'],
|
|
158
|
+
data['name'],
|
|
159
|
+
groups=data['groups'] if 'groups' in data else [],
|
|
160
|
+
iat=data['iat'] if 'iat' in data else 0,
|
|
161
|
+
nbf=data['nbf'] if 'nbf' in data else 0,
|
|
162
|
+
exp=data['exp'] if 'exp' in data else 0
|
|
163
|
+
)
|
|
164
|
+
except:
|
|
165
|
+
pass
|
|
166
|
+
|
|
167
|
+
# def decode_jwt_part(encoded_part):
|
|
168
|
+
# missing_padding = len(encoded_part) % 4
|
|
169
|
+
# if missing_padding:
|
|
170
|
+
# encoded_part += '=' * (4 - missing_padding)
|
|
171
|
+
# decoded_bytes = base64.urlsafe_b64decode(encoded_part)
|
|
172
|
+
# return json.loads(decoded_bytes.decode('utf-8'))
|
|
173
|
+
|
|
174
|
+
# parts = id_token.split('.')
|
|
175
|
+
# # header = decode_jwt_part(parts[0])
|
|
176
|
+
# data = decode_jwt_part(parts[1])
|
|
147
177
|
# print('SEAN', payload)
|
|
148
178
|
# {
|
|
149
179
|
# 'aud': '00ff94a8-6b0a-4715-98e0-95490012d818',
|
adam/version.py
CHANGED
|
@@ -6,7 +6,7 @@ adam/cli.py,sha256=03pIZdomAu7IL-GSP6Eun_PKwwISShRAmfx6eVRPGC0,458
|
|
|
6
6
|
adam/cli_group.py,sha256=W3zy1BghCtVcEXizq8fBH-93ZRVVwgAyGPzy0sHno1Y,593
|
|
7
7
|
adam/config.py,sha256=38UcmYRxf-Kq4iPbKS7tNPQqN64fam1bWNy6jhWREd0,2552
|
|
8
8
|
adam/embedded_apps.py,sha256=lKPx63mKzJbNmwz0rgL4gF76M9fDGxraYTtNAIGnZ_s,419
|
|
9
|
-
adam/embedded_params.py,sha256=
|
|
9
|
+
adam/embedded_params.py,sha256=nMKYNs3KLMoqtXvSokH_P_SJRjysHLmAz5u67NKtZA8,4113
|
|
10
10
|
adam/log.py,sha256=gg5DK52wLPc9cjykeh0WFHyAk1qI3HEpGaAK8W2dzXY,1146
|
|
11
11
|
adam/pod_exec_result.py,sha256=nq0xnCNOpUGBSijGF0H-YNrwBc9vUQs4DkvLMIFS5LQ,951
|
|
12
12
|
adam/repl.py,sha256=wEzkXaFaT1PWWYI3AZ32j01efN7HpL2xvMfGLEmYIL4,7036
|
|
@@ -14,7 +14,7 @@ adam/repl_commands.py,sha256=WCiM3AEDZjxlJNUj0LNkxuvH0I4GuptZfi3oj3ih4SY,3620
|
|
|
14
14
|
adam/repl_session.py,sha256=uIogcvWBh7wd8QQ-p_JgLsyJ8YJgINw5vOd6JIsd7Vo,472
|
|
15
15
|
adam/repl_state.py,sha256=QarrUAwYWOz3YTemtaf2opbHLa5a3LEsyuonNwhvOhk,7131
|
|
16
16
|
adam/utils.py,sha256=j7p7iruLuV11swa0z9ZLBgoJHu_nkTSVKtQe0q71gmk,7025
|
|
17
|
-
adam/version.py,sha256
|
|
17
|
+
adam/version.py,sha256=Clp2pvZcR2EEuvFDZqbyvJ_YRDWK9oNq39oyxQ3gRuc,140
|
|
18
18
|
adam/checks/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
19
19
|
adam/checks/check.py,sha256=Qopr3huYcMu2bzQgb99dEUYjFzkjKHRI76S6KA9b9Rk,702
|
|
20
20
|
adam/checks/check_context.py,sha256=FEHkQ32jY1EDopQ2uYWqy9v7aEEX1orLpJWhopwAlh4,402
|
|
@@ -144,7 +144,7 @@ adam/k8s_utils/statefulsets.py,sha256=PZDEhy34aXxLkbW1-RsOC0E4D0w0pHyoIQGHvcAzSA
|
|
|
144
144
|
adam/k8s_utils/volumes.py,sha256=MzYeH80NqKlhdadx6d0tW-j8vTOCUYWx7wRURIZWKZ8,843
|
|
145
145
|
adam/sso/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
146
146
|
adam/sso/authenticator.py,sha256=WD89YfWWt0qCqqm2q1LQ5UxbJnTJIm15WT1xXx4ArX8,594
|
|
147
|
-
adam/sso/authn_ad.py,sha256=
|
|
147
|
+
adam/sso/authn_ad.py,sha256=zNwHMVxUsjhbVBadR61Hqm3KvZ8V0Oy9SwG13YH0dVw,8339
|
|
148
148
|
adam/sso/authn_okta.py,sha256=gvW-EcQxn_5UsbVqyUpJZ_7lBBuzY6gceXukU4uLIJs,5387
|
|
149
149
|
adam/sso/cred_cache.py,sha256=7WA5rIy1wlr_GCF-Z6xRb6LzRu-Cvou-IkY7hWC3Zpc,2099
|
|
150
150
|
adam/sso/id_token.py,sha256=wmVZ8S0sjScnOxmSvOKlIEKgnvdWqhsgq9XjFe355O4,744
|
|
@@ -152,8 +152,8 @@ adam/sso/idp.py,sha256=Fk5KpERYqhBjwVZe1YBKBjcGaaxj1nHYli7fi680a1o,5728
|
|
|
152
152
|
adam/sso/idp_login.py,sha256=t49CRlMyHA76BAj_kKq0Wa9URIYlzBsUCSmn7Jf5o6I,1721
|
|
153
153
|
adam/sso/idp_session.py,sha256=9BUHNRf70u4rVKrVY1HKPOEmOviXvkjam8WJxmXSKIM,1735
|
|
154
154
|
adam/sso/sso_config.py,sha256=5N8WZgIJQBtHUy585XLRWKjpU87_v6QluyNK9E27D5s,2459
|
|
155
|
-
kaqing-1.98.
|
|
156
|
-
kaqing-1.98.
|
|
157
|
-
kaqing-1.98.
|
|
158
|
-
kaqing-1.98.
|
|
159
|
-
kaqing-1.98.
|
|
155
|
+
kaqing-1.98.80.dist-info/METADATA,sha256=rDL9AHO5HU5AXvN4QOQrFlJzuZQcr30LysbiOTdxQLU,133
|
|
156
|
+
kaqing-1.98.80.dist-info/WHEEL,sha256=tZoeGjtWxWRfdplE7E3d45VPlLNQnvbKiYnx7gwAy8A,92
|
|
157
|
+
kaqing-1.98.80.dist-info/entry_points.txt,sha256=SkzhuQJUWsXOzHeZ5TgQ2c3_g53UGK23zzJU_JTZOZI,39
|
|
158
|
+
kaqing-1.98.80.dist-info/top_level.txt,sha256=8_2PZkwBb-xDcnc8a2rAbQeJhXKXskc7zTP7pSPa1fw,5
|
|
159
|
+
kaqing-1.98.80.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|