weaver.vault.utils

Module Contents

weaver.vault.utils.VaultInputData[source]
weaver.vault.utils.LOGGER[source]
weaver.vault.utils.REGEX_VAULT_TOKEN[source]
weaver.vault.utils.REGEX_VAULT_UUID[source]
weaver.vault.utils.REGEX_VAULT_FILENAME[source]
weaver.vault.utils.get_vault_dir(container: Optional[weaver.typedefs.AnySettingsContainer] = None) str[source]

Get the base directory of the secure file vault.

weaver.vault.utils.get_vault_path(file: weaver.datatype.VaultFile, container: Optional[weaver.typedefs.AnySettingsContainer] = None) str[source]

Get the full path of the vault file.

weaver.vault.utils.get_vault_url(file: Union[weaver.datatype.VaultFile, uuid.UUID, str], container: Optional[weaver.typedefs.AnySettingsContainer] = None) str[source]

Obtain the vault link corresponding to the file.

weaver.vault.utils.map_vault_location(reference: str, container: weaver.typedefs.AnySettingsContainer = None, url: bool = False, exists: bool = True) Optional[str][source]

Convert back and forth between the URL and local path references of the Vault file.

See also

Similar operation to weaver.wps.utils.map_wps_output_location().

Warning

Does not validate access token to retrieve the file. It is assumed that pre-valuation was accomplished.

Parameters
  • reference – Local file path or file URL to be mapped.

  • container – Retrieve application settings.

  • url – Perform URL mapping (local path -> URL endpoint), or map to local path (URL -> local path).

  • exists – Ensure that the mapped file exists, otherwise don’t map it (otherwise None).

Returns

Mapped reference if applicable, otherwise None.

weaver.vault.utils.parse_vault_token(header: Optional[str], unique: bool = False) Dict[Optional[str], str][source]

Parse the authorization header value to retrieve all Vault access tokens and optional file UUID.

See also

Parameters
  • header – Authorization header to parse.

  • unique – Whether only one or multiple tokens must be retrieved.

Returns

Found mapping of UUID to access token. If unique, UUID can be None.

weaver.vault.utils.get_vault_auth(request: pyramid.request.Request) Tuple[weaver.typedefs.AnyUUID, Optional[str]][source]

Obtain the requested file reference and parsed access token from the Vault authorization header.

Parameters

request – Request containing reference file UUID and authorization headers.

Returns

Extracted file reference and authentication token.

Raises

Appropriate HTTP exception according to use case.

weaver.vault.utils.get_authorized_file(file_id: weaver.typedefs.AnyUUID, auth_token: str, container: Optional[weaver.typedefs.AnySettingsContainer] = None) weaver.datatype.VaultFile[source]

Obtain the requested file if access is granted.

Parameters
  • file_id – Vault storage reference file UUID.

  • auth_token – Token to obtain access to the file.

  • container – Application settings.

Returns

Authorized file.

Raises

Appropriate HTTP exception according to use case.

weaver.vault.utils.decrypt_from_vault(vault_file: weaver.datatype.VaultFile, path: str, out_dir: Optional[str] = None, delete_encrypted: bool = False) str[source]

Decrypts a Vault file and removes its encrypted version.

Parameters
  • vault_file – Reference file in Vault.

  • path – Expected location of the encrypted file.

  • out_dir – Desired output location, or temporary directory.

  • delete_encrypted – Delete original encrypted file after decryption for output.

Returns

Output location of the decrypted file.