-
Notifications
You must be signed in to change notification settings - Fork 0
/
credentials.py
102 lines (87 loc) · 4.31 KB
/
credentials.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
"""Intersight Credential Helper
This script provides a helper function for configuring an intersight API client instance.
It uses argparse to take in the following CLI arguments:
url: The intersight root URL for the api endpoint. (The default is https://intersight.com)
ignore-tls: Ignores TLS server-side certificate verification
api-key-legacy: Use legacy API client (v2) key
api-key: API client key id for the HTTP signature scheme
api-key-file: Name of file containing secret key for the HTTP signature scheme
"""
import argparse
import os
import datetime
import intersight
import re
# Determine if user is using API Key V2 or V3
api_key_version = 3 # Defaults to V3
if os.getenv('INTERSIGHT_API_PRIVATE_KEY'):
with open(os.getenv('INTERSIGHT_API_PRIVATE_KEY')) as keyfile:
firstline = keyfile.readline().rstrip()
if 'RSA' in firstline:
api_key_version = 2
# This argument parser instance should be used within scripts where additional CLI arguments are required
Parser = argparse.ArgumentParser(description='Intersight Python SDK credential lookup')
def config_credentials(description=None):
"""config_credentials configures and returns an Intersight api client
Arguments:
description {string}: Optional description used within argparse help
Returns:
api_client [intersight.api_client.ApiClient]: base intersight api client class
"""
if description is not None:
Parser.description = description
Parser.add_argument('--url', default='https://intersight.com',
help='The Intersight root URL for the API endpoint. The default is https://intersight.com')
Parser.add_argument('--ignore-tls', action='store_true',
help='Ignore TLS server-side certificate verification')
Parser.add_argument('--api-key-legacy', action='store_true',
help='Use legacy API client (v2) key')
Parser.add_argument(
'--api-key-id',
default=os.getenv('INTERSIGHT_API_KEY_ID'),
help='API client key id for the HTTP signature scheme')
Parser.add_argument(
'--api-key-file',
default=os.getenv('INTERSIGHT_API_PRIVATE_KEY', '~/Downloads/SecretKey.txt'),
help='Name of file containing secret key for the HTTP signature scheme')
args = Parser.parse_args()
if args.api_key_id:
# HTTP signature scheme.
if args.api_key_legacy or api_key_version == 2:
signing_scheme = intersight.signing.SCHEME_RSA_SHA256
signing_algorithm = intersight.signing.ALGORITHM_RSASSA_PKCS1v15
else:
signing_scheme = intersight.signing.SCHEME_HS2019
signing_algorithm = intersight.signing.ALGORITHM_ECDSA_MODE_FIPS_186_3
configuration = intersight.Configuration(
host=args.url,
signing_info=intersight.HttpSigningConfiguration(
key_id=args.api_key_id,
private_key_path=args.api_key_file,
signing_scheme=signing_scheme,
signing_algorithm=signing_algorithm,
hash_algorithm=intersight.signing.HASH_SHA256,
signed_headers=[intersight.signing.HEADER_REQUEST_TARGET,
intersight.signing.HEADER_CREATED,
intersight.signing.HEADER_EXPIRES,
intersight.signing.HEADER_HOST,
intersight.signing.HEADER_DATE,
intersight.signing.HEADER_DIGEST,
'Content-Type',
'User-Agent'
],
signature_max_validity=datetime.timedelta(minutes=5)
)
)
else:
raise Exception('Must provide API key information to configure at least one authentication scheme')
if args.ignore_tls:
configuration.verify_ssl = False
configuration.proxy = os.getenv('https_proxy')
api_client = intersight.ApiClient(configuration)
api_client.set_default_header('referer', args.url)
api_client.set_default_header('x-requested-with', 'XMLHttpRequest')
api_client.set_default_header('Content-Type', 'application/json')
return api_client
if __name__ == "__main__":
config_credentials()