PR#1: Python 3 - taskotron/vault

taskotron / vault

#1 Python 3

Merged 5 years ago by frantisekz. Opened 5 years ago by frantisekz.

feature/python3 into master

Add missing dep: python3-munch

František Zatloukal • 5 years ago

e0802fb

Fix Python 3 issues in the code

František Zatloukal • 5 years ago

6abd755

Merge branch 'master' into feature/python3

František Zatloukal • 5 years ago

0043ce9

init_db.sh

file modified

+2 -2

		`@@ -2,7 +2,7 @@`
		`# this is a simple script to aid in the setup of a new db for F18`

		`# init db`
		`- python run_cli.py -d init_db`
		`+ python3 run_cli.py -d init_db`

		`# insert mock data`
		`- python run_cli.py -d mock_data`
		`+ python3 run_cli.py -d mock_data`

run_cli.py

file modified

+1 -1

		`@@ -1,4 +1,4 @@`
		`- #!/usr/bin/python`
		`+ #!/usr/bin/python3`
		`#`
		`# Copyright 2014, Red Hat, Inc`
		`#`

runapp.py

file modified

+1 -1

		`@@ -1,4 +1,4 @@`
		`- #!/usr/bin/python`
		`+ #!/usr/bin/python3`
		`#`
		`# runapp.py - script to facilitate running the vault app from the CLI`
		`#`

setup.py

file modified

+1 -1

		`@@ -1,4 +1,4 @@`
		`- #!/usr/bin/python`
		`+ #!/usr/bin/python3`

		`from setuptools import setup`
		`import codecs`

vault.spec

file modified

+18 -22

		`@@ -9,27 +9,23 @@`

		`BuildArch: noarch`

		`- Requires: python2-alembic`
		`- Requires: python2-flask`
		`- Requires: python2-flask-httpauth`
		`- %if 0%{?fedora} <= 27`
		`- Requires: python-flask-login`
		`- Requires: python-flask-wtf`
		`- %else`
		`- Requires: python2-flask-login`
		`- Requires: python2-flask-wtf`
		`- %endif`
		`- Requires: python2-flask-oidc`
		`- Requires: python2-flask-restful`
		`- Requires: python2-flask-sqlalchemy`
		`- Requires: python2-crypto`
		`-`
		`- BuildRequires: python2-devel`
		`- BuildRequires: python2-setuptools`
		`+ Requires: python3-alembic`
		`+ Requires: python3-flask`
		`+ Requires: python3-flask-httpauth`
		`+ Requires: python3-flask-login`
		`+ Requires: python3-flask-wtf`
		`+ Requires: python3-flask-oidc`
		`+ Requires: python3-flask-restful`
		`+ Requires: python3-flask-sqlalchemy`
		`+ Requires: python3-crypto`
		`+ Requires: python3-munch`
		`+`
		`+ BuildRequires: python3-devel`
		`+ BuildRequires: python3-setuptools`


		`%description`
		`- Vault stores and controls encrypted data like passwords,`
		`+ Vault stores and controls encrypted data like passwords,`
		`API keys or other secrets.`
		`Implements bucket-based access control, and secret versioning.`
		`%prep`
		`@@ -41,10 +37,10 @@`
		`rm -f %{buildroot}%{_sysconfdir}/vault/*.py{c,o}`

		`%build`
		`- %py2_build`
		`+ %py3_build`

		`%install`
		`- %py2_install`
		`+ %py3_install`

		`# apache and wsgi settings`
		`install -d %{buildroot}%{_datadir}/vault/conf`
		`@@ -62,8 +58,8 @@`
		`%files`
		`%doc README.md`
		`%license LICENSE`
		`- %{python2_sitelib}/vault`
		`- %{python2_sitelib}/*.egg-info`
		`+ %{python3_sitelib}/vault`
		`+ %{python3_sitelib}/*.egg-info`

		`%{_bindir}/vault`
		`%dir %{_sysconfdir}/vault`

vault/controllers/admin.py

file modified

+1 -1

		`@@ -18,7 +18,7 @@`
		`# Josef Skladanka <jskladan@redhat.com>`

		`from flask import Blueprint, render_template, abort`
		`- from flask.ext.login import login_required, current_user`
		`+ from flask_login import login_required, current_user`


		`admin = Blueprint('admin', __name__)`

vault/controllers/login_page.py

file modified

+3 -3

		`@@ -19,12 +19,12 @@`

		`import flask`
		`from flask import Blueprint, render_template, redirect, flash, url_for, request`
		`- from flask.ext.wtf import Form`
		`+ from flask_wtf import Form`
		`from wtforms import TextField, PasswordField, HiddenField`
		`from wtforms.validators import Required`
		`import flask_login`
		`- from flask.ext.login import login_user, logout_user`
		`- from flask.ext.login import current_user, AnonymousUserMixin`
		`+ from flask_login import login_user, logout_user`
		`+ from flask_login import current_user, AnonymousUserMixin`

		`import munch`

vault/controllers/main.py

file modified

+3 -3

		`@@ -23,8 +23,8 @@`
		`import werkzeug.exceptions`
		`from sqlalchemy.orm import exc as orm_exc`

		`- from flask.ext.restful import reqparse`
		`- from flask.ext.login import login_user, logout_user, login_required, current_user`
		`+ from flask_restful import reqparse`
		`+ from flask_login import login_user, logout_user, login_required, current_user`
		`from werkzeug.exceptions import HTTPException`
		`from werkzeug.exceptions import BadRequest as JSONBadRequest`

		`@@ -146,7 +146,7 @@`



		`- from flask.ext.wtf import Form`
		`+ from flask_wtf import Form`
		`from wtforms import Label, TextField, SelectField, TextAreaField, HiddenField, FieldList, FormField`
		`from wtforms.validators import Required`

vault/models/secrets.py

file modified

+9 -4

		`@@ -30,23 +30,28 @@`
		`from vault.serializers import DBSerialize`
		`from .user import User`

		`- pad = lambda s: s + (AES.block_size - len(s) % AES.block_size) * chr(AES.block_size - len(s) % AES.block_size)`
		`+ pad = lambda s: s + (AES.block_size - len(s) % AES.block_size) * chr(AES.block_size - len(s) % AES.block_size).encode("utf-8")`
		`unpad = lambda s: s[:-ord(s[len(s)-1:])]`

		`MASTERKEY = base64.b64decode(app.config['MASTERKEY'])`

		`def encrypt(value, key):`
		`+ if isinstance(value, str):`
		`+ value = value.encode("utf-8")`
		`iv = Random.new().read(AES.block_size)`
		`cipher = AES.new(key, AES.MODE_CBC, iv)`
		`ciphertext = (iv + cipher.encrypt(pad(value)))`
		`return base64.b64encode(ciphertext)`


		`- def decrypt(ciphertext, key):`
		`+ def decrypt(ciphertext, key, output_bytes=False):`
		`ciphertext = base64.b64decode(ciphertext)`
		`dec_iv = ciphertext[:AES.block_size]`
		`dec_cipher = AES.new(key, AES.MODE_CBC, dec_iv)`
		`- return unpad(dec_cipher.decrypt(ciphertext[16:]))`
		`+ if output_bytes:`
		`+ return unpad(dec_cipher.decrypt(ciphertext[16:]))`
		`+ else:`
		`+ return unpad(dec_cipher.decrypt(ciphertext[16:])).decode("utf-8")`


		`class Secret(db.Model, DBSerialize):`
		`@@ -102,7 +107,7 @@`
		`@property`
		`def access_key(self):`
		`if not hasattr(self, '_access_key'):`
		`- self._access_key = decrypt(self.ciphertext, MASTERKEY)`
		`+ self._access_key = decrypt(self.ciphertext, MASTERKEY, output_bytes=True)`
		`return self._access_key`

		`@property`

vault/models/user.py

file modified

+1 -1

		`@@ -18,7 +18,7 @@`
		`# Josef Skladanka <jskladan@redhat.com>`

		`from vault import db`
		`- from flask.ext.login import UserMixin`
		`+ from flask_login import UserMixin`
		`from werkzeug.security import generate_password_hash, check_password_hash`

		`USERNAME_OIDC_GROUP_PREFIX = u"FAS GROUP: "`

vault/serializers/__init__.py

file modified

+9 -1

		`@@ -19,6 +19,10 @@`

		`from datetime import date, datetime`

		`+ try:`
		`+ basestring`
		`+ except NameError:`
		`+ basestring = (str, bytes)`

		`class DBSerialize(object):`
		`pass`
		`@@ -38,10 +42,14 @@`

		`if isinstance(value, dict):`
		`ret = {}`
		`- for k, v in value.iteritems():`
		`+ for k, v in value.items():`
		`ret[k] = self.serialize(v, **kwargs)`
		`return ret`

		`+ #in py3 string-like types have __iter__ causing endless loops`
		`+ if isinstance(value, basestring):`
		`+ return value`
		`+`
		`# convert iterables to list of serialized stuff`
		`if hasattr(value, '__iter__'):`
		`ret = []`

vault/serializers/api_v1.py

file modified

+4 -6

		`@@ -31,10 +31,8 @@`
		`active=o.active,`
		`value=o.value,`
		`)`
		`- rv = {}`
		`- rv[o.name] = o.value`

		`- return {key: self.serialize(value) for key, value in rv.iteritems()}`
		`+ return {key: self.serialize(value) for key, value in rv.items()}`

		`def _serialize_Bucket(self, o, **kwargs):`
		`rv = dict(`
		`@@ -43,10 +41,10 @@`
		`active=o.active,`
		`description=o.description,`
		`# roles=o.roles,`
		`- secrets=[s for s in o.secrets if s.active],`
		`+ secrets=dict([(s.name, s.value) for s in o.secrets if s.active]),`
		`)`

		`- return {key: self.serialize(value) for key, value in rv.iteritems()}`
		`+ return {key: self.serialize(value) for key, value in rv.items()}`


		`def _serialize_BucketRoles(self, o, **kwargs):`
		`@@ -55,4 +53,4 @@`
		`role=o.role,`
		`)`

		`- return {key: self.serialize(value) for key, value in rv.iteritems()}`
		`+ return {key: self.serialize(value) for key, value in rv.items()}`