Skip to main content

CLI utilities for p3d

Project description

p3do - let 'em minions do it

PyPI - License PyPI PyPI - Python Version Publish

p3do (pronounced pee-three-duh) is a collection of command-line utilities for p3d. It allows you to conjure some tedious operations right from your magic little fingertips.

p3do in action

InstallationGetting startedCommandsContribute

Installation

p3do is built with Python 3.8 or later. You can get Python from your package manager du jour or download and install it from https://www.python.org/downloads/ (looking at you Windows. Mac. Whyihavetobother. Veryannoyingyouare.)

p3do is published to the CheeseShop and hence can be installed with pip:

pip install p3do

p3do installs itself as a command. If your $PATH is set up correctly you will be able to just invoke p3do like so

p3do --help

Getting Started

Light a bonfire and whisper p3do in the most conspirative voice available to you. Then start a terminal.

p3do is hierarchical, self-documenting and discoverable. The best way to start is to just type p3do. This will show you the available commands and some description. From there you can drill down the hierarchy for useful sub-command.

Each sub-command/command group has special flags and configuration. How to use them is explained in Commands for each of them separately. You can also use p3d <group> <command> --help in your terminal for concise on-line help.

Commands

p3do is hierarchical. Commands are batched into groups which can be further nested into parent groups. We follow the same principle in the documentation here.

  • jk: Jenkins commands

    • build: Run the P3D-BUILD jenkins job with smart branch detection
  • pp: PoolParty commands

    • encrypt: Encrypt a clear text with poolparty encryption
    • decrypt: Decrypt a secret text with poolparty encryption
  • kc: Keycloak commands

jk

Commands in this group allow to perform common operations on Jenkins.

build

Start the P3D-BUILD job from the command line with smart branch detection. For this command git has to be installed.

Per default (and outside a git repository) builds the develop branch of PoolParty.

When inside a git repository p3do will automatically detect the current branch and build it. This behavior can be disabled with --no-autodetect.

The branch to build can be specified via --branch (note that this implies --no-autodetect inside a git repository).

With --api-user and --api-key you can specify the credentials accessing the Jenkins API. These credentials are cached and only need to be specified once. If not specified and no cached credentials are found, p3do will ask for them interactively. You can generate a token for --api-key in your account settings. --api-user is the username you use to log in to Jenkins.

pp

Commands in this group allow to perform operations useful for or related to our dear PoolParty.

encrypt

Encrypt a clear text with PoolParty encryption. The parameters for encryption used by PoolParty can usually be found in the poolparty.properties file.

This command can be used by specifying the encryption parameters directly as options to p3do (--password, --salt, --strength) or with an interactive prompt (just specify the clear text and leave out the options).

To make sure that your command line processor does not mingle the input, always wrap the clear text, password, and salt it in quotes if you are passing them as options to p3do.

For interactive prompt do not wrap them in quotes.

Interactive prompt:

# encrypt mysecret with 
# password H7dwBFDh3gEVDH1YecgikmOBpx9kKZ9nj1wJ5ZuhEeg=
# salt Y+Fw/4dHBajqEGxOsEyfNSGsYYXE7JUyLmc3nRFrB84=
# and 256 rounds
p3do pp encrypt "mysecret"
Password: H7dwBFDh3gEVDH1YecgikmOBpx9kKZ9nj1wJ5ZuhEeg= # interactive prompt
Salt: Y+Fw/4dHBajqEGxOsEyfNSGsYYXE7JUyLmc3nRFrB84= # interactive prompt
Strength: 256 # interactive prompt
eYRLg0SUzGNSlfmS6MYrt8pnu5MTYU3EWVmNp1q/JFQ=

With options:

# encrypt mysecret with 
# password H7dwBFDh3gEVDH1YecgikmOBpx9kKZ9nj1wJ5ZuhEeg=
# salt Y+Fw/4dHBajqEGxOsEyfNSGsYYXE7JUyLmc3nRFrB84=
# and 256 rounds
p3do pp encrypt --password "H7dwBFDh3gEVDH1YecgikmOBpx9kKZ9nj1wJ5ZuhEeg=" --salt "Y+Fw/4dHBajqEGxOsEyfNSGsYYXE7JUyLmc3nRFrB84=" --strength 256 "mysecret"

decrypt

Decrypt a secret text encrypted by PoolParty. The parameters for encryption/decryption used by PoolParty can usually be found in the poolparty.properties file.

This command can be used by specifying the encryption parameters directly as options to p3do (--password, --salt, --strength) or with an interactive prompt (just specify the clear text and leave out the options).

To make sure that your command line processor does not mingle the input, always wrap the clear text, password, and salt it in quotes if you are passing them as options to p3do.

For interactive prompt do not wrap them in quotes.

Interactive prompt:

# decrypt 6NjzLmQp7kGM7bbezhQX1G2hrqCoqLrC32ayBTjQVjU= with 
# password H7dwBFDh3gEVDH1YecgikmOBpx9kKZ9nj1wJ5ZuhEeg=
# salt Y+Fw/4dHBajqEGxOsEyfNSGsYYXE7JUyLmc3nRFrB84=
# and 256 rounds
p3do pp decrypt "6NjzLmQp7kGM7bbezhQX1G2hrqCoqLrC32ayBTjQVjU="
Password: H7dwBFDh3gEVDH1YecgikmOBpx9kKZ9nj1wJ5ZuhEeg= # interactive prompt
Salt: Y+Fw/4dHBajqEGxOsEyfNSGsYYXE7JUyLmc3nRFrB84= # interactive prompt
Strength: 256 # interactive prompt
eYRLg0SUzGNSlfmS6MYrt8pnu5MTYU3EWVmNp1q/JFQ=

With options:

# decrypt 6NjzLmQp7kGM7bbezhQX1G2hrqCoqLrC32ayBTjQVjU= with 
# password H7dwBFDh3gEVDH1YecgikmOBpx9kKZ9nj1wJ5ZuhEeg=
# salt Y+Fw/4dHBajqEGxOsEyfNSGsYYXE7JUyLmc3nRFrB84=
# and 256 rounds
p3do pp decrypt --password "H7dwBFDh3gEVDH1YecgikmOBpx9kKZ9nj1wJ5ZuhEeg=" --salt "Y+Fw/4dHBajqEGxOsEyfNSGsYYXE7JUyLmc3nRFrB84=" --strength 256 "6NjzLmQp7kGM7bbezhQX1G2hrqCoqLrC32ayBTjQVjU=" 

kc

Commands in this group allow to perform operations for Keycloak. Most of them need authentication and server information. Please read KC Configuration first on how to add your configuration.

Commands:

KC Configuration

kc commands usually need some information about the server, realm and authentication. This information can be read from a configuration file, given via CLI parameters or interactively if information is missing. CLI parameters take precendence and override any configuration read from a configuration file.

Note: you don't need a configuration file at all. All (partial) parameters can be specified via CLI arguments. Just leave out the --auth_config and --auth flags.

A full configuration file which specifies all available options looks like this:

[test]
server=https://keycloak.example.com/auth/
username=admin
user_realm_name=master
password=password
realm_name=my-app

[test] is the name of the configuration. You can have multiple configurations for different servers in your config file. server, username, password are rather self-explanatory. user_realm_name is the realm the user is in. This is not necessarily the same realm as the one you want to modify. realm_name is the realm name you want to modify (it usually does not make sense to put this into the config file).

To specify the config file and config name you want to use, invoke a p3do command like this:

# `config.ini` is the config file, `test` is the config section you want to use
p3do kc add-mappers --auth_config config.ini --auth test <...other arguments...>

Note that you can override any configuration via CLI arguments:

# Override `admin` from `config.ini` with `admin2`
p3do kc add-mappers --auth_config config.ini --auth test --username admin2 <...other arguments...>

The configuration can also be partial:

[partial-test]
server=https://keycloak.example.com/auth/
username=admin
user_realm_name=master

Note that we don't specify a password or realm_name here. You can now invoke p3do with

# Complete `partial-test` via arguments
p3do kc add-mappers --auth_config config.ini --auth partial-test --password password --realm_name my-other-app <...other arguments...>

You can also just invoke p3do as before and will be asked interactively to fill out the missing pieces:

# No `password` or `realm_name` from `config.ini` or cli arguments
p3do kc add-mappers --auth_config config.ini --auth partial-test <...other arguments...>
# `p3do` will ask you to complete them interactively
Password: password
Realm_name: my-other-app

add-mappers

Add IdP mappers from a realm export .json to a realm. The IdP must already exist and correspond to the IdP name specified in the mapper config. Keycloak does not import mapper configuration by itself (yet?).

# `realm-export.json` is the path the the export file
p3do kc add-mappers --auth_config config.ini --auth test realm-export.json

Contribute

p3do is licensed under MIT and published to PyPI (including source). Do not add sensitive company data. Any sensitive data has to be read from external configuration files.

Contributors

All contributions are welcome. This can be new commands, improvements to the on-line help, documentation or spelling mistakes. Just open a PR with your changes. If your changes are larger, you find a bug but don't know how to fix it, or you are just unsure if your idea fits, open an issue on GitHub first.

Maintainers

The p3do main branch is protected and PRs have to be approved by by maintainers (code owners in GitHub lingo). Tooling like this can easily grow out of control. Maintainers ensure that this is not happening to p3do. Here are some guidelines.

  • Every command in p3do must have a well known and feasible (manual) alternative
  • p3do must not smear over too complicated process. If a process is too complicated fix the process.
  • p3do must not obfuscate processes. If knowledge about how things work isn't spread enough, spread it.
  • p3do must not gatekeep processes. It is not a mechanism for access management.
  • p3do believes in the competency of its users

Release Maintainers

Releases are pushed to PyPI. This requires a token with Maintainer or Owner status on PyPI.

Releases are automatically created and pushed by a GitHub Action when a tagged release is created in GitHub.

Repository and release maintainers is probably but not necessarily the same set of people.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

p3do-0.3.2.tar.gz (14.2 kB view details)

Uploaded Source

Built Distribution

p3do-0.3.2-py3-none-any.whl (10.9 kB view details)

Uploaded Python 3

File details

Details for the file p3do-0.3.2.tar.gz.

File metadata

  • Download URL: p3do-0.3.2.tar.gz
  • Upload date:
  • Size: 14.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.1.13 CPython/3.10.5 Linux/5.13.0-1031-azure

File hashes

Hashes for p3do-0.3.2.tar.gz
Algorithm Hash digest
SHA256 3e09df19a9e53e1759fdbfe73dbbb73d615b1b76f5fa78d39ff866b48d4d025c
MD5 90103e62c703f7c6100eefa34810b350
BLAKE2b-256 c79961e162156d08e94bb336a9cb2357b1cffcb35faeca7401da90cc10e2b50e

See more details on using hashes here.

File details

Details for the file p3do-0.3.2-py3-none-any.whl.

File metadata

  • Download URL: p3do-0.3.2-py3-none-any.whl
  • Upload date:
  • Size: 10.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.1.13 CPython/3.10.5 Linux/5.13.0-1031-azure

File hashes

Hashes for p3do-0.3.2-py3-none-any.whl
Algorithm Hash digest
SHA256 8e13b4b6506db4e7693261c3b631b04e8f80429d83a106e243d1e50de18c55cd
MD5 b1910595bb70fd2624bc90618b819fe7
BLAKE2b-256 08ad479e54ca47302b27d52e76ac6831ca269a7ef893cae7ae5d59ff5b7fe460

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page