timhughes/minio_sts_ldap.py

## minio_sts_ldap.py
#! /usr/bin/env python
# -*- coding: utf-8 -*-
# vim:fenc=utf-8
#
# Copyright © 2020 Tim Hughes <thughes@thegoldfish.org>
#
# Distributed under terms of the MIT license.

"""

"""


import getpass
import argparse
import boto3
import requests
from xml.etree import ElementTree as etree


class PasswordPromptAction(argparse.Action):
    def __init__(
        self,
        option_strings,
        dest=None,
        nargs=0,
        default=None,
        required=False,
        type=None,
        metavar=None,
        help=None,
    ):
        super(PasswordPromptAction, self).__init__(
            option_strings=option_strings,
            dest=dest,
            nargs=nargs,
            default=default,
            required=required,
            metavar=metavar,
            type=type,
            help=help,
        )

    def __call__(self, parser, args, values, option_string=None):
        password = getpass.getpass()
        setattr(args, self.dest, password)


parser = argparse.ArgumentParser(description="Process some integers.")
parser.add_argument("-u", "--username", required=True, type=str, help="LDAP username")
parser.add_argument(
    "-p",
    "--password",
    required=True,
    type=str,
    action=PasswordPromptAction,
    help="LDAP password",
)
parser.add_argument(
    "-e", "--endpoint", default="http://minio.localhost:9000", help="MINIO STS endpoint"
)
args = parser.parse_args()

username = args.username
password = args.password
endpoint = args.endpoint


def get_credentials(endpoint, username, password):
    params = {
        "Action": "AssumeRoleWithLDAPIdentity",
        "LDAPUsername": username,
        "LDAPPassword": password,
        "Version": "2011-06-15",
    }
    r = requests.post(endpoint, params=params)
    credentials = {}
    content = r.content
    root = etree.fromstring(content)
    ns = {"ns": "https://sts.amazonaws.com/doc/2011-06-15/"}
    et = root.find("ns:AssumeRoleWithLDAPIdentityResult/ns:Credentials", ns)
    for el in et:
        _, _, tag = el.tag.rpartition("}")
        credentials[tag] = el.text
    return credentials


credentials = get_credentials(endpoint, username, password)


print("-------------------------------------")
print(f"export AWS_ACCESS_KEY_ID={credentials['AccessKeyId']}")
print(f"export AWS_SECRET_ACCESS_KEY={credentials['SecretAccessKey']}")
print(f"export AWS_SESSION_TOKEN={credentials['SessionToken']}")
print("-------------------------------------")

s3_resource = boto3.resource(
    "s3",
    aws_access_key_id=credentials["AccessKeyId"],
    aws_secret_access_key=credentials["SecretAccessKey"],
    aws_session_token=credentials["SessionToken"],
    region_name="us-west-1",
    endpoint_url=endpoint,
)

for bucket in s3_resource.buckets.all():
    print(bucket.name)
	#! /usr/bin/env python
	# -- coding: utf-8 --
	# vim:fenc=utf-8
	#
	# Copyright © 2020 Tim Hughes <thughes@thegoldfish.org>
	#
	# Distributed under terms of the MIT license.

	"""

	"""


	import getpass
	import argparse
	import boto3
	import requests
	from xml.etree import ElementTree as etree


	class PasswordPromptAction(argparse.Action):
	def __init__(
	self,
	option_strings,
	dest=None,
	nargs=0,
	default=None,
	required=False,
	type=None,
	metavar=None,
	help=None,
	):
	super(PasswordPromptAction, self).__init__(
	option_strings=option_strings,
	dest=dest,
	nargs=nargs,
	default=default,
	required=required,
	metavar=metavar,
	type=type,
	help=help,
	)

	def __call__(self, parser, args, values, option_string=None):
	password = getpass.getpass()
	setattr(args, self.dest, password)


	parser = argparse.ArgumentParser(description="Process some integers.")
	parser.add_argument("-u", "--username", required=True, type=str, help="LDAP username")
	parser.add_argument(
	"-p",
	"--password",
	required=True,
	type=str,
	action=PasswordPromptAction,
	help="LDAP password",
	)
	parser.add_argument(
	"-e", "--endpoint", default="http://minio.localhost:9000", help="MINIO STS endpoint"
	)
	args = parser.parse_args()

	username = args.username
	password = args.password
	endpoint = args.endpoint


	def get_credentials(endpoint, username, password):
	params = {
	"Action": "AssumeRoleWithLDAPIdentity",
	"LDAPUsername": username,
	"LDAPPassword": password,
	"Version": "2011-06-15",
	}
	r = requests.post(endpoint, params=params)
	credentials = {}
	content = r.content
	root = etree.fromstring(content)
	ns = {"ns": "https://sts.amazonaws.com/doc/2011-06-15/"}
	et = root.find("ns:AssumeRoleWithLDAPIdentityResult/ns:Credentials", ns)
	for el in et:
	_, _, tag = el.tag.rpartition("}")
	credentials[tag] = el.text
	return credentials


	credentials = get_credentials(endpoint, username, password)


	print("-------------------------------------")
	print(f"export AWS_ACCESS_KEY_ID={credentials['AccessKeyId']}")
	print(f"export AWS_SECRET_ACCESS_KEY={credentials['SecretAccessKey']}")
	print(f"export AWS_SESSION_TOKEN={credentials['SessionToken']}")
	print("-------------------------------------")

	s3_resource = boto3.resource(
	"s3",
	aws_access_key_id=credentials["AccessKeyId"],
	aws_secret_access_key=credentials["SecretAccessKey"],
	aws_session_token=credentials["SessionToken"],
	region_name="us-west-1",
	endpoint_url=endpoint,
	)

	for bucket in s3_resource.buckets.all():
	print(bucket.name)