Some improvements in csui application

a2e7b9b7 · Andre Marcelo FERREIRA FREIRE TEIXEIRA · d1cb123b · a2e7b9b7 · a2e7b9b7
Commit a2e7b9b7 authored 1 year ago by Andre Marcelo FERREIRA FREIRE TEIXEIRA
--- a/library/servicenow/env_user.py
+++ b/library/servicenow/env_user.py
@@ -36,22 +36,35 @@ namespace_used = "EC/DIGIT_C4_SNET_ADMIN-ACC"
 base_url = "https://digituat.service-now.com/api/emdig/v1/itsm"
 vault_url = "https://sam-hcavault.cec.eu.int"

+#In namespace dev/acc :
 #approle:    csui-change-mgmt-dev
 #role_id     a3b2fdf3-8e8a-55d9-2688-13409145c7b2
 #secret_id   fc9674f1-5187-51e8-f8c8-29273b5f6951
 #read access to: apps-kv/dev/SNOW/*
-
 #approle:    csui-change-mgmt-acc
 #role_id     0743cc2f-ee65-3bf8-fe3d-27550db27d00
 #secret_id   225cc7f7-1e02-aca8-d84b-45da9a605012
 #read access to: apps-kv/acc/SNOW/*
-
 #approle:    csui-change-mgmt-prod
 #role_id     041f50d0-ece2-f9d7-8155-cbe2377081a8
 #secret_id   d83c9e67-98d0-9d51-afa0-0a4c680aa0ad
 #read access to: apps-kv/prod/SNOW/*

+#In namespace production :
+#approle:   csui-change-mgmt-dev
+#role_id    cdbb378a-54fe-b0f1-4fcf-d0fa2d60417e
+#secret_id  a43be6c0-ddbe-fe4a-3fb5-8091cb893121
+#approle:   csui-change-mgmt-acc
+#role_id    3ae94e71-b1c8-49e5-49dd-6786b6221868
+#secret_id  19c45327-c8c2-ff49-3fef-addb533c90ea
+#approle:   csui-change-mgmt-prod
+#role_id    331d3f1d-2361-e30b-9ac0-3a48a0f1e473
+#secret_id  b741c6c9-5536-6a8e-32a2-159be4a4297c
+
+#IS_DEV = False
+#IS_ACC = False

+#enviorment
 if IS_DEV:
    print('IS DEV')
    engine = "dev"
@@ -68,11 +81,12 @@ else :
    base_url = "https://digit.service-now.com/api/emdig/v1/itsm"
    vault_url = "https://sam-hcpvault.cec.eu.int"
    engine = 'prod'
-    role_id_read = '041f50d0-ece2-f9d7-8155-cbe2377081a8'
-    secret_approle_read = 'd83c9e67-98d0-9d51-afa0-0a4c680aa0ad'
+    role_id_read = '331d3f1d-2361-e30b-9ac0-3a48a0f1e473'
+    secret_approle_read = 'b741c6c9-5536-6a8e-32a2-159be4a4297c'

 #necessary check with Javier
-password = clientV.getPasswordByAppRole("apps-kv/"+engine+"/SNOW/csui", vault_url, namespace_used, role_id_read, secret_approle_read)
+password = clientV.getPasswordByAppRole(engine+"/SNOW/csui", vault_url, namespace_used, role_id_read, secret_approle_read, "apps-kv")
+print(password, "password")
 credentials = f"{username}:{password}"
 encoded_credentials = base64.b64encode(credentials.encode("utf-8")).decode("utf-8")
 authorization = f"Basic {encoded_credentials}"

--- a/library/vault/client.py
+++ b/library/vault/client.py
@@ -16,17 +16,22 @@ class Vault(object):

    def __init__(self):
        self.session = requests.Session()
-
+    #https://hvac.readthedocs.io/en/stable/usage/secrets_engines/kv_v2.html#read-secret-metadata
    #curl -H "X-Vault-Namespace: EC/DIGIT_C4_SNET_ADMIN-ACC" -X POST --tlsv1.2 --data '{"password": "password"}' https://sam-hcavault.cec.eu.int/v1/auth/userpass/login/fandrem
-    def getPasswordByAppRole(self, key, vault_url, namespace_used, role_id, secret_id):
+    def getPasswordByAppRole(self, key, vault_url, namespace_used, role_id, secret_id, mount_point):
        # Create a client instance
        client = hvac.Client(url=vault_url, namespace=namespace_used,  verify=False)
        response = client.auth.approle.login(role_id=role_id, secret_id=secret_id)
        # Extract the client token from the response
        client.token = response['auth']['client_token']
-        secret = self.getPasswordViaToken(key, vault_url, namespace_used, client.token )
+        print(client.token, "client.token")
+        secret = client.secrets.kv.v1.read_secret(path=key,mount_point=mount_point)
+        #secret = client.secrets.kv.v2.read_secret_version(path=key, version=2)
+        print(secret, "secret")
+        #secret = self.getPasswordViaToken(key, vault_url, namespace_used, client.token )
        secret_data = False
-        if secret is not None  and 'data' in secret:
+        #print(secret,"secret")
+        if secret is not None  and 'data' in secret and secret['data'] is not None:
            secret_data = secret['data']['data']['password']
            #print(secret_data)
        else:
@@ -38,6 +43,7 @@ class Vault(object):

    def getPasswordViaToken(self, key, vault_used, namespace_used, token_used):
        url = vault_used + "/v1/" +key
+        print(url, "url")
        headers = {
            "X-Vault-Token": token_used,
            "X-Vault-Namespace": namespace_used