kaqing 1.98.79__py3-none-any.whl → 1.98.81__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. adam/embedded_params.py +1 -1
  2. adam/sso/authn_ad.py +52 -21
  3. adam/version.py +1 -1
  4. {kaqing-1.98.79.dist-info → kaqing-1.98.81.dist-info}/METADATA +1 -1
  5. {kaqing-1.98.79.dist-info → kaqing-1.98.81.dist-info}/RECORD +8 -8
  6. {kaqing-1.98.79.dist-info → kaqing-1.98.81.dist-info}/WHEEL +0 -0
  7. {kaqing-1.98.79.dist-info → kaqing-1.98.81.dist-info}/entry_points.txt +0 -0
  8. {kaqing-1.98.79.dist-info → kaqing-1.98.81.dist-info}/top_level.txt +0 -0
adam/embedded_params.py CHANGED
@@ -1,2 +1,2 @@
1
1
  def config():
2
- return {'app': {'console-endpoint': 'https://{host}/{env}/{app}/static/console/index.html', 'cr': {'cluster-regex': '(.*?-.*?)-.*', 'group': 'ops.c3.ai', 'v': 'v2', 'plural': 'c3cassandras'}, 'label': 'c3__app_id-0', 'login': {'admin-group': '{host}/C3.ClusterAdmin', 'ingress': '{app_id}-k8singr-appleader-001', 'timeout': 5, 'session-check-url': 'https://{host}/{env}/{app}/api/8/C3/userSessionToken', 'cache-creds': True, 'cache-username': True, 'url': 'https://{host}/{env}/{app}', 'another': "You're logged in to {has}. However, for this app, you need to log in to {need}.", 'token-server-url': 'http://localhost:{port}', 'password-max-length': 128}, 'strip': '0'}, 'bash': {'workers': 32}, 'cassandra': {'service-name': 'all-pods-service'}, 'cql': {'workers': 32, 'samples': 3, 'secret': {'cluster-regex': '(.*?-.*?)-.*', 'name': '{cluster}-superuser', 'password-item': 'password'}}, 'checks': {'compactions-threshold': 250, 'cpu-busy-threshold': 98.0, 'cpu-threshold': 0.0, 'cassandra-data-path': '/c3/cassandra', 'root-disk-threshold': 50, 'cassandra-disk-threshold': 50, 'snapshot-size-cmd': "ls /c3/cassandra/data/data/*/*/snapshots | grep snapshots | sed 's/:$//g' | xargs -I {} du -sk {} | awk '{print $1}' | awk '{s+=$1} END {print s}'", 'snapshot-size-threshold': '40G', 'table-sizes-cmd': "ls -Al /c3/cassandra/data/data/ | awk '{print $9}' | sed 's/\\^r//g' | xargs -I {} du -sk /c3/cassandra/data/data/{}"}, 'get-host-id': {'workers': 32}, 'idps': {'ad': {'email-pattern': '.*@c3.ai', 'uri': 'https://login.microsoftonline.com/53ad779a-93e7-485c-ba20-ac8290d7252b/oauth2/v2.0/authorize?response_type=id_token&response_mode=form_post&client_id=00ff94a8-6b0a-4715-98e0-95490012d818&scope=openid+email+profile&redirect_uri=https%3A%2F%2Fplat.c3ci.cloud%2Fc3%2Fc3%2Foidc%2Flogin&nonce={nonce}&state=EMPTY', 'contact': 'Please contact ted.tran@c3.ai.', 'whitelist-file': '/kaqing/members'}, 'okta': {'default': True, 'email-pattern': '.*@c3iot.com', 'uri': 'https://c3energy.okta.com/oauth2/v1/authorize?response_type=id_token&response_mode=form_post&client_id={client_id}&scope=openid+email+profile+groups&redirect_uri=https%3A%2F%2F{host}%2Fc3%2Fc3%2Foidc%2Flogin&nonce={nonce}&state=EMPTY'}}, 'issues': {'workers': 32}, 'logs': {'path': '/c3/cassandra/logs/system.log'}, 'medusa': {'restore-auto-complete': False}, 'nodetool': {'workers': 32, 'samples': 3, 'commands_in_line': 40}, 'pg': {'name-pattern': '^{namespace}.*-k8spg-.*', 'excludes': '.helm., -admin-secret', 'agent': {'image': 'seanahnsf/kaqing', 'name': 'kaqing-agent', 'timeout': 86400}, 'default-db': 'postgres', 'default-schema': 'postgres', 'secret': {'endpoint-key': 'postgres-db-endpoint', 'port-key': 'postgres-db-port', 'username-key': 'postgres-admin-username', 'password-key': 'postgres-admin-password'}}, 'preview': {'rows': 10}, 'processes': {'columns': 'pod,cpu,mem', 'header': 'POD_NAME,CPU,MEM/LIMIT'}, 'reaper': {'service-name': 'reaper-service', 'port-forward': {'timeout': 86400, 'local-port': 9001}, 'abort-runs-batch': 10, 'show-runs-batch': 100, 'pod': {'cluster-regex': '(.*?-.*?-.*?-.*?)-.*', 'label-selector': 'k8ssandra.io/reaper={cluster}-reaper'}, 'secret': {'cluster-regex': '(.*?-.*?)-.*', 'name': '{cluster}-reaper-ui', 'password-item': 'password'}}, 'repair': {'log-path': '/home/cassrepair/logs/', 'image': 'ci-registry.c3iot.io/cloudops/cassrepair:2.0.13', 'secret': 'ciregistryc3iotio', 'env': {'interval': 24, 'timeout': 60, 'pr': False, 'runs': 1}}, 'repl': {'start-drive': 'a', 'auto-enter-app': 'c3/c3', 'auto-enter-only-cluster': True}, 'status': {'columns': 'status,address,load,tokens,owns,host_id,gossip,compactions', 'header': '--,Address,Load,Tokens,Owns,Host ID,GOSSIP,COMPACTIONS'}, 'storage': {'columns': 'pod,volume_root,volume_cassandra,snapshots,data,compactions', 'header': 'POD_NAME,VOLUME /,VOLUME CASS,SNAPSHOTS,DATA,COMPACTIONS'}, 'watch': {'auto': 'rollout', 'timeout': 3600, 'interval': 10}, 'debug': {'timings': False, 'exit-on-error': False, 'show-parallelism': False, 'show-out': False}}
2
+ return {'app': {'console-endpoint': 'https://{host}/{env}/{app}/static/console/index.html', 'cr': {'cluster-regex': '(.*?-.*?)-.*', 'group': 'ops.c3.ai', 'v': 'v2', 'plural': 'c3cassandras'}, 'label': 'c3__app_id-0', 'login': {'admin-group': '{host}/C3.ClusterAdmin', 'ingress': '{app_id}-k8singr-appleader-001', 'timeout': 5, 'session-check-url': 'https://{host}/{env}/{app}/api/8/C3/userSessionToken', 'cache-creds': True, 'cache-username': True, 'url': 'https://{host}/{env}/{app}', 'another': "You're logged in to {has}. However, for this app, you need to log in to {need}.", 'token-server-url': 'http://localhost:{port}', 'password-max-length': 128}, 'strip': '0'}, 'bash': {'workers': 32}, 'cassandra': {'service-name': 'all-pods-service'}, 'cql': {'workers': 32, 'samples': 3, 'secret': {'cluster-regex': '(.*?-.*?)-.*', 'name': '{cluster}-superuser', 'password-item': 'password'}}, 'checks': {'compactions-threshold': 250, 'cpu-busy-threshold': 98.0, 'cpu-threshold': 0.0, 'cassandra-data-path': '/c3/cassandra', 'root-disk-threshold': 50, 'cassandra-disk-threshold': 50, 'snapshot-size-cmd': "ls /c3/cassandra/data/data/*/*/snapshots | grep snapshots | sed 's/:$//g' | xargs -I {} du -sk {} | awk '{print $1}' | awk '{s+=$1} END {print s}'", 'snapshot-size-threshold': '40G', 'table-sizes-cmd': "ls -Al /c3/cassandra/data/data/ | awk '{print $9}' | sed 's/\\^r//g' | xargs -I {} du -sk /c3/cassandra/data/data/{}"}, 'get-host-id': {'workers': 32}, 'idps': {'ad': {'email-pattern': '.*@c3.ai', 'uri': 'https://login.microsoftonline.com/53ad779a-93e7-485c-ba20-ac8290d7252b/oauth2/v2.0/authorize?response_type=id_token&response_mode=form_post&client_id=00ff94a8-6b0a-4715-98e0-95490012d818&scope=openid+email+profile&redirect_uri=https%3A%2F%2Fplat.c3ci.cloud%2Fc3%2Fc3%2Foidc%2Flogin&nonce={nonce}&state=EMPTY', 'jwks-uri': 'https://login.microsoftonline.com/common/discovery/keys', 'contact': 'Please contact ted.tran@c3.ai.', 'whitelist-file': '/kaqing/members'}, 'okta': {'default': True, 'email-pattern': '.*@c3iot.com', 'uri': 'https://c3energy.okta.com/oauth2/v1/authorize?response_type=id_token&response_mode=form_post&client_id={client_id}&scope=openid+email+profile+groups&redirect_uri=https%3A%2F%2F{host}%2Fc3%2Fc3%2Foidc%2Flogin&nonce={nonce}&state=EMPTY'}}, 'issues': {'workers': 32}, 'logs': {'path': '/c3/cassandra/logs/system.log'}, 'medusa': {'restore-auto-complete': False}, 'nodetool': {'workers': 32, 'samples': 3, 'commands_in_line': 40}, 'pg': {'name-pattern': '^{namespace}.*-k8spg-.*', 'excludes': '.helm., -admin-secret', 'agent': {'image': 'seanahnsf/kaqing', 'name': 'kaqing-agent', 'timeout': 86400}, 'default-db': 'postgres', 'default-schema': 'postgres', 'secret': {'endpoint-key': 'postgres-db-endpoint', 'port-key': 'postgres-db-port', 'username-key': 'postgres-admin-username', 'password-key': 'postgres-admin-password'}}, 'preview': {'rows': 10}, 'processes': {'columns': 'pod,cpu,mem', 'header': 'POD_NAME,CPU,MEM/LIMIT'}, 'reaper': {'service-name': 'reaper-service', 'port-forward': {'timeout': 86400, 'local-port': 9001}, 'abort-runs-batch': 10, 'show-runs-batch': 100, 'pod': {'cluster-regex': '(.*?-.*?-.*?-.*?)-.*', 'label-selector': 'k8ssandra.io/reaper={cluster}-reaper'}, 'secret': {'cluster-regex': '(.*?-.*?)-.*', 'name': '{cluster}-reaper-ui', 'password-item': 'password'}}, 'repair': {'log-path': '/home/cassrepair/logs/', 'image': 'ci-registry.c3iot.io/cloudops/cassrepair:2.0.13', 'secret': 'ciregistryc3iotio', 'env': {'interval': 24, 'timeout': 60, 'pr': False, 'runs': 1}}, 'repl': {'start-drive': 'a', 'auto-enter-app': 'c3/c3', 'auto-enter-only-cluster': True}, 'status': {'columns': 'status,address,load,tokens,owns,host_id,gossip,compactions', 'header': '--,Address,Load,Tokens,Owns,Host ID,GOSSIP,COMPACTIONS'}, 'storage': {'columns': 'pod,volume_root,volume_cassandra,snapshots,data,compactions', 'header': 'POD_NAME,VOLUME /,VOLUME CASS,SNAPSHOTS,DATA,COMPACTIONS'}, 'watch': {'auto': 'rollout', 'timeout': 3600, 'interval': 10}, 'debug': {'timings': False, 'exit-on-error': False, 'show-parallelism': False, 'show-out': False}}
adam/sso/authn_ad.py CHANGED
@@ -1,13 +1,13 @@
1
- import base64
2
1
  import json
3
2
  import re
3
+ import traceback
4
+ import jwt
4
5
  import requests
5
6
  from urllib.parse import urlparse, parse_qs
6
7
 
7
8
  from adam.log import Log
8
9
  from adam.sso.authenticator import Authenticator
9
10
  from adam.sso.id_token import IdToken
10
-
11
11
  from .idp_login import IdpLogin
12
12
  from adam.config import Config
13
13
 
@@ -134,16 +134,47 @@ class AdAuthenticator(Authenticator):
134
134
  return []
135
135
 
136
136
  def parse_id_token(self, id_token: str) -> IdToken:
137
- def decode_jwt_part(encoded_part):
138
- missing_padding = len(encoded_part) % 4
139
- if missing_padding:
140
- encoded_part += '=' * (4 - missing_padding)
141
- decoded_bytes = base64.urlsafe_b64decode(encoded_part)
142
- return json.loads(decoded_bytes.decode('utf-8'))
143
-
144
- parts = id_token.split('.')
145
- # header = decode_jwt_part(parts[0])
146
- data = decode_jwt_part(parts[1])
137
+ jwks_url = Config().get('idps.ad.jwks-uri', 'https://login.microsoftonline.com/common/discovery/keys')
138
+ try:
139
+ jwks_client = jwt.PyJWKClient(jwks_url, cache_jwk_set=True, lifespan=360)
140
+ signing_key = jwks_client.get_signing_key_from_jwt(id_token)
141
+ data = jwt.decode(
142
+ id_token,
143
+ signing_key.key,
144
+ algorithms=["RS256"],
145
+ options={
146
+ "verify_signature": True,
147
+ "verify_exp": False,
148
+ "verify_nbf": True,
149
+ "verify_iat": True,
150
+ "verify_aud": False,
151
+ "verify_iss": False,
152
+ },
153
+ )
154
+ return IdToken(
155
+ data,
156
+ data['email'],
157
+ data['name'],
158
+ groups=data['groups'] if 'groups' in data else [],
159
+ iat=data['iat'] if 'iat' in data else 0,
160
+ nbf=data['nbf'] if 'nbf' in data else 0,
161
+ exp=data['exp'] if 'exp' in data else 0
162
+ )
163
+ except:
164
+ Config().debug(traceback.format_exc())
165
+
166
+ return None
167
+
168
+ # def decode_jwt_part(encoded_part):
169
+ # missing_padding = len(encoded_part) % 4
170
+ # if missing_padding:
171
+ # encoded_part += '=' * (4 - missing_padding)
172
+ # decoded_bytes = base64.urlsafe_b64decode(encoded_part)
173
+ # return json.loads(decoded_bytes.decode('utf-8'))
174
+
175
+ # parts = id_token.split('.')
176
+ # # header = decode_jwt_part(parts[0])
177
+ # data = decode_jwt_part(parts[1])
147
178
  # print('SEAN', payload)
148
179
  # {
149
180
  # 'aud': '00ff94a8-6b0a-4715-98e0-95490012d818',
@@ -178,12 +209,12 @@ class AdAuthenticator(Authenticator):
178
209
  # 'ver': '2.0'
179
210
  # }
180
211
 
181
- return IdToken(
182
- data,
183
- data['email'],
184
- data['name'],
185
- groups=data['groups'] if 'groups' in data else [],
186
- iat=data['iat'] if 'iat' in data else 0,
187
- nbf=data['nbf'] if 'nbf' in data else 0,
188
- exp=data['exp'] if 'exp' in data else 0
189
- )
212
+ # return IdToken(
213
+ # data,
214
+ # data['email'],
215
+ # data['name'],
216
+ # groups=data['groups'] if 'groups' in data else [],
217
+ # iat=data['iat'] if 'iat' in data else 0,
218
+ # nbf=data['nbf'] if 'nbf' in data else 0,
219
+ # exp=data['exp'] if 'exp' in data else 0
220
+ # )
adam/version.py CHANGED
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env python
2
2
  # -*- coding: utf-8 -*-
3
3
 
4
- __version__ = "1.98.79" #: the working version
4
+ __version__ = "1.98.81" #: the working version
5
5
  __release__ = "1.0.0" #: the release version
{kaqing-1.98.79.dist-info → kaqing-1.98.81.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: kaqing
3
- Version: 1.98.79
3
+ Version: 1.98.81
4
4
  Summary: UNKNOWN
5
5
  Home-page: UNKNOWN
6
6
  License: UNKNOWN
{kaqing-1.98.79.dist-info → kaqing-1.98.81.dist-info}/RECORD RENAMED
@@ -6,7 +6,7 @@ adam/cli.py,sha256=03pIZdomAu7IL-GSP6Eun_PKwwISShRAmfx6eVRPGC0,458
6
6
  adam/cli_group.py,sha256=W3zy1BghCtVcEXizq8fBH-93ZRVVwgAyGPzy0sHno1Y,593
7
7
  adam/config.py,sha256=38UcmYRxf-Kq4iPbKS7tNPQqN64fam1bWNy6jhWREd0,2552
8
8
  adam/embedded_apps.py,sha256=lKPx63mKzJbNmwz0rgL4gF76M9fDGxraYTtNAIGnZ_s,419
9
- adam/embedded_params.py,sha256=H-aDSKoym3wUtAEpXApMd2G4qCSmhmK2077dmENFQ5w,4043
9
+ adam/embedded_params.py,sha256=mcx-WHsc_JEotPXBiHYbG_z2eNuSxZjgsqGxdIZi2To,4114
10
10
  adam/log.py,sha256=gg5DK52wLPc9cjykeh0WFHyAk1qI3HEpGaAK8W2dzXY,1146
11
11
  adam/pod_exec_result.py,sha256=nq0xnCNOpUGBSijGF0H-YNrwBc9vUQs4DkvLMIFS5LQ,951
12
12
  adam/repl.py,sha256=wEzkXaFaT1PWWYI3AZ32j01efN7HpL2xvMfGLEmYIL4,7036
@@ -14,7 +14,7 @@ adam/repl_commands.py,sha256=WCiM3AEDZjxlJNUj0LNkxuvH0I4GuptZfi3oj3ih4SY,3620
14
14
  adam/repl_session.py,sha256=uIogcvWBh7wd8QQ-p_JgLsyJ8YJgINw5vOd6JIsd7Vo,472
15
15
  adam/repl_state.py,sha256=QarrUAwYWOz3YTemtaf2opbHLa5a3LEsyuonNwhvOhk,7131
16
16
  adam/utils.py,sha256=j7p7iruLuV11swa0z9ZLBgoJHu_nkTSVKtQe0q71gmk,7025
17
- adam/version.py,sha256=-l_NKPzaiSerZ4oPELpCySBphFCwtdKtgBRLTblLhPM,140
17
+ adam/version.py,sha256=1-nH6248xQuuEC-NHVDIU_dXeMhRm3LJOGGsllvBZ4g,140
18
18
  adam/checks/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
19
19
  adam/checks/check.py,sha256=Qopr3huYcMu2bzQgb99dEUYjFzkjKHRI76S6KA9b9Rk,702
20
20
  adam/checks/check_context.py,sha256=FEHkQ32jY1EDopQ2uYWqy9v7aEEX1orLpJWhopwAlh4,402
@@ -144,7 +144,7 @@ adam/k8s_utils/statefulsets.py,sha256=PZDEhy34aXxLkbW1-RsOC0E4D0w0pHyoIQGHvcAzSA
144
144
  adam/k8s_utils/volumes.py,sha256=MzYeH80NqKlhdadx6d0tW-j8vTOCUYWx7wRURIZWKZ8,843
145
145
  adam/sso/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
146
146
  adam/sso/authenticator.py,sha256=WD89YfWWt0qCqqm2q1LQ5UxbJnTJIm15WT1xXx4ArX8,594
147
- adam/sso/authn_ad.py,sha256=X6oZGKJ-SHTgxiiJtPPbMGdqyP1HWnUinR4w6k-ECAE,7171
147
+ adam/sso/authn_ad.py,sha256=p7rX9q6qq8cN6qpbTbT8hoHHifnw7hEaYufIZtH-QlQ,8414
148
148
  adam/sso/authn_okta.py,sha256=gvW-EcQxn_5UsbVqyUpJZ_7lBBuzY6gceXukU4uLIJs,5387
149
149
  adam/sso/cred_cache.py,sha256=7WA5rIy1wlr_GCF-Z6xRb6LzRu-Cvou-IkY7hWC3Zpc,2099
150
150
  adam/sso/id_token.py,sha256=wmVZ8S0sjScnOxmSvOKlIEKgnvdWqhsgq9XjFe355O4,744
@@ -152,8 +152,8 @@ adam/sso/idp.py,sha256=Fk5KpERYqhBjwVZe1YBKBjcGaaxj1nHYli7fi680a1o,5728
152
152
  adam/sso/idp_login.py,sha256=t49CRlMyHA76BAj_kKq0Wa9URIYlzBsUCSmn7Jf5o6I,1721
153
153
  adam/sso/idp_session.py,sha256=9BUHNRf70u4rVKrVY1HKPOEmOviXvkjam8WJxmXSKIM,1735
154
154
  adam/sso/sso_config.py,sha256=5N8WZgIJQBtHUy585XLRWKjpU87_v6QluyNK9E27D5s,2459
155
- kaqing-1.98.79.dist-info/METADATA,sha256=aPLJFkSBdAOq6c0Yd-p95Dsxqate7GO5AZLqKv8BFK0,133
156
- kaqing-1.98.79.dist-info/WHEEL,sha256=tZoeGjtWxWRfdplE7E3d45VPlLNQnvbKiYnx7gwAy8A,92
157
- kaqing-1.98.79.dist-info/entry_points.txt,sha256=SkzhuQJUWsXOzHeZ5TgQ2c3_g53UGK23zzJU_JTZOZI,39
158
- kaqing-1.98.79.dist-info/top_level.txt,sha256=8_2PZkwBb-xDcnc8a2rAbQeJhXKXskc7zTP7pSPa1fw,5
159
- kaqing-1.98.79.dist-info/RECORD,,
155
+ kaqing-1.98.81.dist-info/METADATA,sha256=oGNgSYN9vm-9vlEIDtpWAokqmJyhnlfy7PYSOeQ7CNY,133
156
+ kaqing-1.98.81.dist-info/WHEEL,sha256=tZoeGjtWxWRfdplE7E3d45VPlLNQnvbKiYnx7gwAy8A,92
157
+ kaqing-1.98.81.dist-info/entry_points.txt,sha256=SkzhuQJUWsXOzHeZ5TgQ2c3_g53UGK23zzJU_JTZOZI,39
158
+ kaqing-1.98.81.dist-info/top_level.txt,sha256=8_2PZkwBb-xDcnc8a2rAbQeJhXKXskc7zTP7pSPa1fw,5
159
+ kaqing-1.98.81.dist-info/RECORD,,