Skip to content

Instantly share code, notes, and snippets.

@zeushammer

zeushammer/autobahn

Created October 13, 2021 18:47
Show Gist options
  • Save zeushammer/d7b108ae5c4ab6adce0b7baf6bb74e3d to your computer and use it in GitHub Desktop.
Save zeushammer/d7b108ae5c4ab6adce0b7baf6bb74e3d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
autobahn
#!/usr/local/bin/python3
import requests,json,getpass
import sys,os
import certifi,urllib3
def post_request(target_url,dataobj=None,headerobj=None):
if headerobj==None:
response = requests.post(target_url,data=json.dumps(dataobj),timeout=5, verify=True)
elif dataobj==None:
response = requests.post(target_url,headers=headerobj,timeout=5, verify=True)
else:
response = requests.post(target_url,headers=headerobj,data=json.dumps(dataobj),timeout=5, verify=True)
if response.status_code==200:
print("Request successful for the given url {}".format(target_url))
else:
print("Error in fetching executing the post request!!")
print(json.loads(response.text))
#sys.exit(response.status_code)
return response.status_code,json.loads(response.text)
def get_request(target_url,headerobj=None):
response=requests.get(target_url,headers=headerobj,timeout=5,verify=True)
if response.status_code==200:
print("Request successful for the given url {}".format(target_url))
else:
print("Error in fetching executing the get request!!")
print(json.loads(response.text))
return response.status_code,json.loads(response.text)
def usage():
print("Invalid/Missing arguments!! \n")
print ('<program.py> vault_approle git_token ssh_role_name ssh_key_path ssh-cert-fullpath-with-filename ')
if __name__=='__main__':
#validating the parameters required
if(len(sys.argv)<2):
usage()
sys.exit(2)
# Configuring the variables
VAULT_APPROLE=sys.argv[1]
VAULT_ADDR='https://vault-ho.autobahn.comcast.com:8200'
VAULT_ORG='databig'
GIT_TOKEN=sys.argv[2]
SSH_ROLE_NAME=sys.argv[3]
SSH_KEY_PATH=open(sys.argv[4],"r+")
SSH_CERT_PATH=sys.argv[5]
#Extracting the public key
SSH_KEY=SSH_KEY_PATH.read().strip()
#Configuring the client token
git_token_obj = {'token': GIT_TOKEN}
client_token_url="{}/v1/auth/github_{}/login".format(VAULT_ADDR,VAULT_ORG)
#Fetching the client token
git_token_obj = {'token': GIT_TOKEN}
client_token_url="{}/v1/auth/github_{}/login".format(VAULT_ADDR,VAULT_ORG)
client_response_status,client_response_value=post_request(client_token_url,git_token_obj)
client_token=client_response_value['auth']['client_token']
#Fetching the role-id
header_obj={'X-Vault-Token':client_token}
role_id_url="{}/v1/auth/approle/role/{}/role-id".format(VAULT_ADDR,VAULT_APPROLE)
role_status_code,role_value=get_request(role_id_url,header_obj)
role_id=role_value['data']['role_id']
#Fetching the secret_id
header_obj={'X-Vault-Token':client_token}
secret_id_url="{}/v1/auth/approle/role/{}/secret-id".format(VAULT_ADDR,VAULT_APPROLE)
secret_status_code,secret_value=post_request(secret_id_url,dataobj=None,headerobj=header_obj)
secret_id=secret_value['data']['secret_id']
#Fetching the APP ROLE Token
approle_obj={'role_id':role_id,'secret_id':secret_id}
approle_url="{}/v1/auth/approle/login".format(VAULT_ADDR)
approle_status,approle_value=post_request(approle_url,dataobj=approle_obj,headerobj=None)
approle_token=approle_value['auth']['client_token']
#Fetching the SignedKey
signed_dataobj={'public_key':SSH_KEY,'ttl':'300'}
signed_headobj={'X-VAULT-TOKEN':approle_token}
approle_signed_url="{}/v1/ssh/sign/{}".format(VAULT_ADDR,SSH_ROLE_NAME)
signed_status,signed_value=post_request(approle_signed_url,dataobj=signed_dataobj,headerobj=signed_headobj)
signed_key=signed_value['data']['signed_key']
if os.path.exists(SSH_CERT_PATH):
os.remove(SSH_CERT_PATH)
cert_file = open(SSH_CERT_PATH,"w+")
cert_file.write("{}".format(signed_key))
cert_file.close()
sys.exit(0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment