infrahouse_toolkit.cli package

Subpackages

Submodules

infrahouse_toolkit.cli.exceptions module

cli module exceptions.

exception infrahouse_toolkit.cli.exceptions.IHCLIError[source]

Bases: IHException

Command line errors.

infrahouse_toolkit.cli.gpg module

infrahouse_toolkit.cli.gpg.gpg(secret_key=None, role_arn=None, secret_passphrase=None, region: str = None) str[source]

Prepare GPG keyring and yield path to it. If no function arguments are specified, it will return the default path ~/.gnupg.

If secret_key is specified, the function will pull the GPG key from this secret. Optionally, it will assume a role, if given.

If secret_passphrase isn’t specified, gpg and reprepro will ask a passphrase from a terminal. If specified, the function will pull the passprase from AWS secretsmanager secret secret_passphrase, save it in a temporary file, and create a GPG config so gpg can read the passphrase from the temporary file.

The GPG private key will be imported. Again, if secret_key is specified. So the GPG home will include the private key.

Parameters:

  • secret_key (str) – AWS secret id (name or ARN) with a GPG private key.

  • role_arn (str) – If specified, assume this role in AWS client.

  • secret_passphrase (str) – AWS secret id (name or ARN) with a passphrase for the GPG private key.

  • region (str) – AWS region name.

Returns:

Path to GPG homedir.

Return type:

str

infrahouse_toolkit.cli.gpg.gpg_home() str[source]
Returns:

GPG home directory

infrahouse_toolkit.cli.gpg.write_gpg_cong(path: str, options: dict)[source]

Prepare GPG config file.

Parameters:

  • path (str) – Path name to the GPG config file.

  • options (dict) – A dictionary with options. For one word options the key value is None.

infrahouse_toolkit.cli.lib module

Auxiliary functions for command line tools.

infrahouse_toolkit.cli.lib.get_backend_key(tf_file='terraform.tf') str[source]

Find terraform state filename in a Terraform backend configuration.

Parameters:

tf_file (str) – Path to the Terraform backend configuration.

Returns:

Path to Terraform state in S3.

infrahouse_toolkit.cli.lib.get_bucket(tf_file='terraform.tf') str[source]

Find bucket name in a Terraform backend configuration.

Parameters:

tf_file (str) – Path to the Terraform backend configuration.

Returns:

Bucket name.

infrahouse_toolkit.cli.lib.get_elastic_password(secret_key='elastic_secret')[source]

Try to extract the password for user elastic from AWS secretsmanager.

If the code runs on an elasticsearch node, there is a secret-id with the password in the custom facts. Try to extract that secret and return the password.

Parameters:

secret_key (str) – A key in the puppet facts map facts[“elasticsearch”][<secret_key>]. elastic_secret or kibana_system_secret are the only supported values.

infrahouse_toolkit.cli.lib.get_s3_client(role: str = None)[source]

Get a boto3 S3 client to work with AWS S3. If a role is given, assume it.

Parameters:

role – ARN of a role to be assumed

Returns:

A boto3 S3 client object

infrahouse_toolkit.cli.lib.read_from_file_or_prompt(file_path: str, prompt_text='Enter a secret value and press ENTER') str[source]

Read a string from a file if it exists. If not, prompt a user to enter the string. Return the string value.

Parameters:

  • file_path (str) – Path to the file.

  • prompt_text (str) – What text to show a user.

Returns:

The string value whether it was read from the file or entered by teh user.

infrahouse_toolkit.cli.utils module

infrahouse_toolkit.cli.utils.check_dependencies(binaries: list)[source]

Ensure that dependencies are installed. The function calls each of the binary with a --help option.

Parameters:

binaries (list) – Dependency commands. List of strings.

infrahouse_toolkit.cli.utils.execute(cmd: list, cwd: str = None, env: dict = None, exit_on_error: bool = True)[source]

Execute a command and exit with 1 if the command raises CalledProcessError.

Parameters:

  • cmd (list) – A command to execute. It’s passed to check_call() and therefore must be a list.

  • cwd (str) – Working directory for the command.

  • env (dict) – Pass a dictionary with environment

  • exit_on_error (bool) – If False, let the caller decide what to do on CalledProcessError exception.

infrahouse_toolkit.cli.utils.local_s3(bucket, role_arn=None, retry_timeout=60, region=None, check_file='conf/distributions') str[source]

Mount an S3 bucket locally and return a mount point.

Parameters:

  • bucket (str) – AWS S3 bucket name.

  • role_arn (str) – Assume role if specified.

  • retry_timeout (int) – How many second to keep trying to mount the bucket.

  • check_file (str) – When this file exists, the bucket is considered mounted.

  • region (str) – AWS region name.

Returns:

Local filesystem path where the S3 bucket is mounted at.

infrahouse_toolkit.cli.utils.mkdir_p(new_directory)[source]

Equivalent of a shell command mkdir -p

Parameters:

new_directory (str) – Create a directory and its parents if needed.

infrahouse_toolkit.cli.utils.mount_s3(bucket: str, path: str, role_arn: str = None, region: str = None)[source]

Mount an S3 bucket at a path.

Parameters:

  • bucket (str) – AWS S3 bucket name.

  • path (str) – Local filesystem path name.

  • role_arn – Assume role if specified.

  • region (str) – AWS region name.

infrahouse_toolkit.cli.utils.repo_env(bucket, role_arn, gpg_key_secret_id, gpg_passphrase_secret_id, region=None)[source]

Prepare locally a repo and GPG so “reprepro” can manage it.

Parameters:

  • bucket (str) – AWS S3 bucket with the repo. The repo must be in the root.

  • role_arn (str) – Optional role ARN. If specified, AWS client will assume it.

  • gpg_key_secret_id (str) – AWS secretsmanager secret (name or ARN) that stores the private GPG key, needed by reprepro to sign the repo.

  • gpg_passphrase_secret_id (str) – AWS secretsmanager secret (name or ARN) that stores a passphrase for the private GPG key. Note, it’s not the passphrase itself, it’s a secret that stores it.

  • region (str) – AWS region name.

Returns:

A tuple with two strings: Local filesystem directory with a mounted S3 bucket and GPG home directory.

infrahouse_toolkit.cli.utils.retry(func, args, kwargs, attempts: int = 5, retriable_exit_codes: list = None)[source]

Execute a function and retry up to attempts times if it raised IHRetriableError

Parameters:

  • func (callable) – Callable instance.

  • args (tuple) – Positional arguments to the function.

  • kwargs (dict) – Keyword arguments to the function.

  • attempts – Call the function up to this many times.

  • retriable_exit_codes – IHRetriableError has a returncode. Retry only it the return code is in this list.

infrahouse_toolkit.cli.utils.sanitize_env(env: dict = None) dict[source]

Mask secrets in environment variables.

Parameters:

env – original environment

Returns:

Environment without secret values

infrahouse_toolkit.cli.utils.sanitize_secret(input_value: str) str[source]

Sanitize the secret value by replacing all but the first two and the last characters with asterisks.

Parameters:

input_value – The input secret string to be sanitized.

Returns:

The sanitized secret string.

infrahouse_toolkit.cli.utils.sha256(input_value: str) str[source]

Compute the SHA-256 hash of the given input string.

Parameters:

input_value – The input string to be hashed.

Returns:

The SHA-256 hash of the input string as a hexadecimal string.

infrahouse_toolkit.cli.utils.tmpfs_s3(bucket, role_arn=None, volume_size='512M') str[source]

Mount a temporary file system, sync an S3 bucket onto it. Then sync the local volume back to S3 an umount it.

Parameters:

  • bucket (str) – AWS S3 bucket name.

  • role_arn (str) – Assume role if specified.

  • volume_size (str) – Temporary memory partition size. By default, 512M.

Returns:

Local filesystem path where the S3 bucket is mounted at.

infrahouse_toolkit.cli.utils.umount_s3(path: str)[source]

Unmount an S3 bucket at a path.

Parameters:

path (str) – Local filesystem path name where the S3 bucket is mounted at.

Module contents

Command line interface to the InfraHouse toolkit.

There are several commands in the toolkit. All of them start with an ih- prefix.