From 68428dfed8cb2a86e457e09f01d1aa39d3760867 Mon Sep 17 00:00:00 2001 From: gormaniac <83027042+gormaniac@users.noreply.github.com> Date: Tue, 3 Oct 2023 21:19:28 -0600 Subject: [PATCH] feat: support env vars for user/pass in import --- src/stormlibpp/_args.py | 16 ++++++++++++++++ src/stormlibpp/hstorm.py | 36 ++++++++---------------------------- src/stormlibpp/import.py | 25 +++++-------------------- 3 files changed, 29 insertions(+), 48 deletions(-) create mode 100644 src/stormlibpp/_args.py diff --git a/src/stormlibpp/_args.py b/src/stormlibpp/_args.py new file mode 100644 index 0000000..b52fb20 --- /dev/null +++ b/src/stormlibpp/_args.py @@ -0,0 +1,16 @@ +"""CLI arguments shared by more than one script.""" + + +import argparse + +USER_PARSER = argparse.ArgumentParser(add_help=False) +USER_PARSER.add_argument( + "--user", + help=( + "The Cortex user to authenticate with. The CORTEX_USER env var may be used" + " instead of this argument, however; this argument overrides the env var." + " If neither --user or CORTEX_USER are used, a prompt will appear to either" + " input a value or accept the default (return of getpass.getpass()). Only" + " works when connecting to a Cortex over HTTP." + ), +) \ No newline at end of file diff --git a/src/stormlibpp/hstorm.py b/src/stormlibpp/hstorm.py index 695316c..18ef3e0 100644 --- a/src/stormlibpp/hstorm.py +++ b/src/stormlibpp/hstorm.py @@ -8,9 +8,10 @@ CLI commands are used, so the commands fail cleanly from the user's perspective. The script, like ``HttpCortex``, requires a user and password to communicate -with the Synapse Cortex. A user can be passed via the command-line, otherwise -``getpass`` is used to select the current user. A password is always prompted for. -Future versions will allow for further user/pass customization options. +with the Synapse Cortex. A user can be passed via the command-line, the ``CORTEX_USER`` +environment variable, or will be prompted for (``getpass`` is used as a default). +The ``CORTEX_PASS`` environment variable may be used to give ``hstorm`` a password +at runtime, otherwise one will be prompted for. The ``--no-verify`` option tells the script to not check the Cortex's HTTPS cert. This is needed to connect to any test Cortex or a Cortex that otherwise doesn't @@ -20,33 +21,24 @@ import asyncio import argparse -import getpass -import os import sys +from ._args import USER_PARSER from .httpcore import HttpCortex from .output import OUTP from .stormcli import start_storm_cli +from .utils import get_cortex_creds def get_args(argv: list[str]): """Build an argument parser for this script and parse the passed in args.""" - args = argparse.ArgumentParser(prog="stormlibpp.hstorm") + args = argparse.ArgumentParser(prog="stormlibpp.hstorm", parents=[USER_PARSER,]) args.add_argument("cortex", help="An HTTP URL for the Cortex.") args.add_argument("onecmd", nargs="?", help="A Storm command to run and exit.") args.add_argument( "-v", "--view", default=None, help="The iden of the Synapse View to use." ) - args.add_argument( - "-u", - "--user", - default=None, - help=( - "The username to login to the Cortex with. " - "The value from getpass.getuser() is used if not given." - ), - ) args.add_argument( "-n", "--no-verify", @@ -68,19 +60,7 @@ async def main(argv: list[str]): args = get_args(argv) - if args.user: - username = args.user - elif (envusr := os.environ.get("CORTEX_USER")): - username = envusr - else: - gp_user = getpass.getuser() - user_in = input(f"Username [{gp_user}]: ") - username = user_in if user_in else gp_user - - if (envpw := os.environ.get("CORTEX_PASS")): - password = envpw - else: - password = getpass.getpass() + username, password = get_cortex_creds(args.user) async with HttpCortex(args.cortex, username, password, ssl_verify=not args.no_verify) as hcore: diff --git a/src/stormlibpp/import.py b/src/stormlibpp/import.py index f1c3f79..ec33c71 100644 --- a/src/stormlibpp/import.py +++ b/src/stormlibpp/import.py @@ -1,8 +1,4 @@ -"""Recursively execute all Storm scripts in a given folder on a given Synapse Cortex over HTTP. - -If using the --http argument, a password will be prompted for. The CORTEX_PASS environment -variable may be used to avoid the prompt. -""" +"""Recursively execute all Storm scripts in a given folder on a given Synapse Cortex over HTTP.""" import argparse @@ -23,6 +19,7 @@ import synapse.telepath as s_telepath import yaml +from ._args import USER_PARSER from .httpcore import HttpCortex from .output import handle_msg, log_storm_msg, OUTP from .stormcli import start_storm_cli @@ -176,7 +173,7 @@ def cortex_proxy_contextmanager(cortex_url): def get_args(argv: list[str]): - parser = argparse.ArgumentParser(description=__doc__) + parser = argparse.ArgumentParser(description=__doc__, parents=[USER_PARSER]) parser.add_argument( "folders", help="The folder(s) containing Storm scripts to execute", nargs="+" ) @@ -221,18 +218,6 @@ def get_args(argv: list[str]): help="Skips verification of the Cortex's certificate when using --http", action="store_true", ) - parser.add_argument( - "--user", - # FIXME - This explanation is backwards - --user overrides CORTEX_USER - help=( - "The Cortex user to authenticate with - by default the return of" - " getpass.getuser(). May override this with the CORTEX_USER env var." - " If neither --user or CORTEX_USER are passed, a prompt will appear" - " to either input a value or accept the default. Only works with --http." - ), - # FIXME - I don't think we actually want this default - default=getpass.getuser(), - ) parser.add_argument( "--view", help="An optional view to work in - otherwise the Cortex's default is chosen", @@ -283,9 +268,9 @@ async def main(argv: list[str]): return "Can't use both --cortex and --local!" elif args.cortex: if args.http: - user, passwd = get_cortex_creds(args.user) + username, password = get_cortex_creds(args.user) core_obj = functools.partial( - HttpCortex, args.cortex, user, passwd, ssl_verify=not args.no_verify + HttpCortex, args.cortex, username, password, ssl_verify=not args.no_verify ) else: core_obj = functools.partial(cortex_proxy_contextmanager, args.cortex)