本文整理汇总了Python中azurelinuxagent.common.utils.cryptutil.CryptUtil.decrypt_secret方法的典型用法代码示例。如果您正苦于以下问题:Python CryptUtil.decrypt_secret方法的具体用法?Python CryptUtil.decrypt_secret怎么用?Python CryptUtil.decrypt_secret使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类azurelinuxagent.common.utils.cryptutil.CryptUtil的用法示例。
在下文中一共展示了CryptUtil.decrypt_secret方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: RemoteAccessHandler
# 需要导入模块: from azurelinuxagent.common.utils.cryptutil import CryptUtil [as 别名]
# 或者: from azurelinuxagent.common.utils.cryptutil.CryptUtil import decrypt_secret [as 别名]
class RemoteAccessHandler(object):
def __init__(self):
self.os_util = get_osutil()
self.protocol_util = get_protocol_util()
self.protocol = None
self.cryptUtil = CryptUtil(conf.get_openssl_cmd())
self.remote_access = None
self.incarnation = 0
def run(self):
try:
if self.os_util.jit_enabled:
self.protocol = self.protocol_util.get_protocol()
current_incarnation = self.protocol.get_incarnation()
if self.incarnation != current_incarnation:
# something changed. Handle remote access if any.
self.incarnation = current_incarnation
self.remote_access = self.protocol.client.get_remote_access()
if self.remote_access is not None:
self.handle_remote_access()
except Exception as e:
msg = u"Exception processing remote access handler: {0} {1}".format(ustr(e), traceback.format_exc())
logger.error(msg)
add_event(AGENT_NAME,
version=CURRENT_VERSION,
op=WALAEventOperation.RemoteAccessHandling,
is_success=False,
message=msg)
def handle_remote_access(self):
if self.remote_access is not None:
# Get JIT user accounts.
all_users = self.os_util.get_users()
jit_users = set()
for usr in all_users:
if self.validate_jit_user(usr[4]):
jit_users.add(usr[0])
for acc in self.remote_access.user_list.users:
raw_expiration = acc.expiration
account_expiration = datetime.strptime(raw_expiration, REMOTE_USR_EXPIRATION_FORMAT)
now = datetime.utcnow()
if acc.name not in jit_users and now < account_expiration:
self.add_user(acc.name, acc.encrypted_password, account_expiration)
def validate_jit_user(self, comment):
return comment == REMOTE_ACCESS_ACCOUNT_COMMENT
def add_user(self, username, encrypted_password, account_expiration):
try:
expiration_date = (account_expiration + timedelta(days=1)).strftime(DATE_FORMAT)
logger.verbose("Adding user {0} with expiration date {1}"
.format(username, expiration_date))
self.os_util.useradd(username, expiration_date, REMOTE_ACCESS_ACCOUNT_COMMENT)
except OSError as oe:
logger.error("Error adding user {0}. {1}"
.format(username, oe.strerror))
return
except Exception as e:
logger.error("Error adding user {0}. {1}".format(username, ustr(e)))
return
try:
prv_key = os.path.join(conf.get_lib_dir(), TRANSPORT_PRIVATE_CERT)
pwd = self.cryptUtil.decrypt_secret(encrypted_password, prv_key)
self.os_util.chpasswd(username, pwd, conf.get_password_cryptid(), conf.get_password_crypt_salt_len())
self.os_util.conf_sudoer(username)
logger.info("User '{0}' added successfully with expiration in {1}"
.format(username, expiration_date))
return
except OSError as oe:
self.handle_failed_create(username, oe.strerror)
except Exception as e:
self.handle_failed_create(username, ustr(e))
def handle_failed_create(self, username, error_message):
logger.error("Error creating user {0}. {1}"
.format(username, error_message))
try:
self.delete_user(username)
except OSError as oe:
logger.error("Failed to clean up after account creation for {0}. {1}"
.format(username, oe.strerror()))
except Exception as e:
logger.error("Failed to clean up after account creation for {0}. {1}"
.format(username, str(e)))
def delete_user(self, username):
self.os_util.del_account(username)
logger.info("User deleted {0}".format(username))示例2: RemoteAccessHandler
# 需要导入模块: from azurelinuxagent.common.utils.cryptutil import CryptUtil [as 别名]
# 或者: from azurelinuxagent.common.utils.cryptutil.CryptUtil import decrypt_secret [as 别名]
class RemoteAccessHandler(object):
def __init__(self):
self.os_util = get_osutil()
self.protocol_util = get_protocol_util()
self.protocol = None
self.cryptUtil = CryptUtil(conf.get_openssl_cmd())
self.remote_access = None
self.incarnation = 0
self.error_message = ""
def run(self):
try:
if self.os_util.jit_enabled:
self.protocol = self.protocol_util.get_protocol()
current_incarnation = self.protocol.get_incarnation()
if self.incarnation != current_incarnation:
# something changed. Handle remote access if any.
self.incarnation = current_incarnation
self.remote_access = self.protocol.client.get_remote_access()
self.handle_remote_access()
except Exception as e:
msg = u"Exception processing remote access handler: {0} {1}".format(ustr(e), traceback.format_exc())
logger.error(msg)
add_event(AGENT_NAME,
version=CURRENT_VERSION,
op=WALAEventOperation.RemoteAccessHandling,
is_success=False,
message=msg)
def handle_remote_access(self):
# Get JIT user accounts.
all_users = self.os_util.get_users()
existing_jit_users = set(u[0] for u in all_users if self.validate_jit_user(u[4]))
self.err_message = ""
if self.remote_access is not None:
goal_state_users = set(u.name for u in self.remote_access.user_list.users)
for acc in self.remote_access.user_list.users:
try:
raw_expiration = acc.expiration
account_expiration = datetime.strptime(raw_expiration, REMOTE_USR_EXPIRATION_FORMAT)
now = datetime.utcnow()
if acc.name not in existing_jit_users and now < account_expiration:
self.add_user(acc.name, acc.encrypted_password, account_expiration)
elif acc.name in existing_jit_users and now > account_expiration:
# user account expired, delete it.
logger.info("user {0} expired from remote_access".format(acc.name))
self.remove_user(acc.name)
except RemoteAccessError as rae:
self.err_message = self.err_message + "Error processing user {0}. Exception: {1}"\
.format(acc.name, ustr(rae))
for user in existing_jit_users:
try:
if user not in goal_state_users:
# user explicitly removed
logger.info("User {0} removed from remote_access".format(user))
self.remove_user(user)
except RemoteAccessError as rae:
self.err_message = self.err_message + "Error removing user {0}. Exception: {1}"\
.format(user, ustr(rae))
else:
# All users removed, remove any remaining JIT accounts.
for user in existing_jit_users:
try:
logger.info("User {0} removed from remote_access. remote_access empty".format(user))
self.remove_user(user)
except RemoteAccessError as rae:
self.err_message = self.err_message + "Error removing user {0}. Exception: {1}"\
.format(user, ustr(rae))
def validate_jit_user(self, comment):
return comment == REMOTE_ACCESS_ACCOUNT_COMMENT
def add_user(self, username, encrypted_password, account_expiration):
try:
expiration_date = (account_expiration + timedelta(days=1)).strftime(DATE_FORMAT)
logger.verbose("Adding user {0} with expiration date {1}".format(username, expiration_date))
self.os_util.useradd(username, expiration_date, REMOTE_ACCESS_ACCOUNT_COMMENT)
except Exception as e:
raise RemoteAccessError("Error adding user {0}. {1}".format(username, ustr(e)))
try:
prv_key = os.path.join(conf.get_lib_dir(), TRANSPORT_PRIVATE_CERT)
pwd = self.cryptUtil.decrypt_secret(encrypted_password, prv_key)
self.os_util.chpasswd(username, pwd, conf.get_password_cryptid(), conf.get_password_crypt_salt_len())
self.os_util.conf_sudoer(username)
logger.info("User '{0}' added successfully with expiration in {1}".format(username, expiration_date))
except Exception as e:
error = "Error adding user {0}. {1} ".format(username, str(e))
try:
self.handle_failed_create(username)
error += "cleanup successful"
except RemoteAccessError as rae:
error += "and error cleaning up {0}".format(str(rae))
raise RemoteAccessError("Error adding user {0} cleanup successful".format(username), ustr(e))
def handle_failed_create(self, username):
try:
self.delete_user(username)
except Exception as e:
raise RemoteAccessError("Failed to clean up after account creation for {0}.".format(username), e)
#.........这里部分代码省略.........