This repository has been archived by the owner on Oct 24, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 12
/
create_kerberos_conn.py
87 lines (80 loc) · 3.12 KB
/
create_kerberos_conn.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
import base64
import getopt
import os
import sys
def main(argv):
reqargs = 4
outfile = None
conn_replace = None
try:
opts, args = getopt.getopt(argv, "ho:r", ["help", "outfile=", "replace"])
for opt, val in opts:
if opt in ("-h", "--help"):
usage()
sys.exit()
elif opt in ("-o", "--outfile"):
outfile = val
elif opt in ("-r", "--replace"):
conn_replace = True
except getopt.GetoptError:
usage()
sys.exit(2)
if len(args) != reqargs:
print("Incorrect number of arguments: {} given, {} required.".format(len(args), reqargs))
usage()
sys.exit(2)
conn_name = args[0]
krb5_user = args[1]
krb5_config = args[2]
krb5_keytab = args[3]
stmt = getcreateconn(conn_name, conn_replace, krb5_user, krb5_config, krb5_keytab)
if outfile:
appendtofile(outfile, stmt + "\n")
else:
print(stmt)
def getcreateconn(name, replace, user, conf, keytab):
krb5_conf_b64 = getbase64(conf)
krb5_keytab_b64 = getbase64(keytab)
conn = "CREATE "
if replace:
conn += "OR REPLACE "
conn += "CONNECTION {} TO '' ".format(name)
conn += "USER '{}' ".format(user)
conn += "IDENTIFIED BY 'ExaAuthType=Kerberos;{};{}'".format(krb5_conf_b64, krb5_keytab_b64)
return conn
def getbase64(path):
if path and os.path.isfile(path):
with open(path, "rb") as f:
return base64.b64encode(f.read()).decode()
else:
print("File does not exist: ", path)
sys.exit(0)
def appendtofile(path, data):
with open(path, "a") as f:
f.write(data)
def usage():
txt = "Generate a CREATE CONNECTION SQL statement to be used for Kerberos\n"
txt += "authentication. The statement can be executed directly in EXASOL\n"
txt += "to create the CONNECTION.\n"
txt += "\nUsage:\n"
txt += " python {} [option] [connection] [principal] [config] [keytab]\n".format(sys.argv[0])
txt += "\nOptions:\n"
txt += " -h, --help : print usage and exit\n"
txt += " -o, --outfile: append output to the given file\n"
txt += " -r, --replace: add 'OR REPLACE' option to 'CREATE CONNECTION' statement\n"
txt += "\nArguments:\n"
txt += " connection: CONNECTION name\n"
txt += " principal : Kerberos principal\n"
txt += " config : Kerberos configuration file path\n"
txt += " keytab : Kerberos keytab path\n"
txt += "\nExamples:\n"
txt += " python {} krb_conn user@EXAMPLE.COM /etc/krb5.conf user.keytab\n".format(sys.argv[0])
txt += " => CREATE CONNECTION krb_conn TO '' USER 'user@EXAMPLE.COM'\n"
txt += " IDENTIFIED BY 'ExaAuthType=Kerberos;enp6Cg==;YWFhCg=='\n"
txt += "\n python {} -r -o out.txt krb_conn user@EXAMPLE.COM /etc/krb5.conf\n".format(sys.argv[0])
txt += " user.keytab\n"
txt += " => CREATE OR REPLACE CONNECTION krb_conn TO ''\n"
txt += " USER 'user@EXAMPLE.COM' IDENTIFIED BY 'ExaAuthType=Kerberos;enp6Cg==;YWFhCg==' (written to out.txt)\n"
print(txt)
if __name__ == "__main__":
main(sys.argv[1:])