weaver.vault.utils

Module Contents

weaver.vault.utils.VaultInputData[source]
weaver.vault.utils.LOGGER[source]
weaver.vault.utils.REGEX_VAULT_TOKEN[source]
weaver.vault.utils.REGEX_VAULT_UUID[source]
weaver.vault.utils.REGEX_VAULT_FILENAME[source]
weaver.vault.utils.get_vault_dir(container: weaver.typedefs.AnySettingsContainer | None = None) str[source]

Get the base directory of the secure file vault.

weaver.vault.utils.get_vault_path(file: weaver.datatype.VaultFile, container: weaver.typedefs.AnySettingsContainer | None = None) str[source]

Get the full path of the vault file.

weaver.vault.utils.get_vault_url(file: weaver.datatype.VaultFile | uuid.UUID | str, container: weaver.typedefs.AnySettingsContainer | None = None) str[source]

Obtain the vault link corresponding to the file.

weaver.vault.utils.map_vault_location(reference: str, container: weaver.typedefs.AnySettingsContainer = None, url: bool = False, exists: bool = True) str | None[source]

Convert back and forth between the URL and local path references of the Vault file.

See also

Similar operation to weaver.wps.utils.map_wps_output_location().

Warning

Does not validate access token to retrieve the file. It is assumed that pre-valuation was accomplished.

Parameters:
  • reference – Local file path or file URL to be mapped.

  • container – Retrieve application settings.

  • url – Perform URL mapping (local path -> URL endpoint), or map to local path (URL -> local path).

  • exists – Ensure that the mapped file exists, otherwise don’t map it (otherwise None).

Returns:

Mapped reference if applicable, otherwise None.

weaver.vault.utils.parse_vault_token(header: str | None, unique: bool = False) Dict[str | None, str][source]

Parse the authorization header value to retrieve all Vault access tokens and optional file UUID.

See also

Parameters:
  • header – Authorization header to parse.

  • unique – Whether only one or multiple tokens must be retrieved.

Returns:

Found mapping of UUID to access token. If unique, UUID can be None.

weaver.vault.utils.get_vault_auth(request: pyramid.request.Request) Tuple[weaver.typedefs.AnyUUID, str | None][source]

Obtain the requested file reference and parsed access token from the Vault authorization header.

Parameters:

request – Request containing reference file UUID and authorization headers.

Returns:

Extracted file reference and authentication token.

Raises:

Appropriate HTTP exception according to use case.

weaver.vault.utils.get_authorized_file(file_id: weaver.typedefs.AnyUUID, auth_token: str, container: weaver.typedefs.AnySettingsContainer | None = None) weaver.datatype.VaultFile[source]

Obtain the requested file if access is granted.

Parameters:
  • file_id – Vault storage reference file UUID.

  • auth_token – Token to obtain access to the file.

  • container – Application settings.

Returns:

Authorized file.

Raises:

Appropriate HTTP exception according to use case.

weaver.vault.utils.decrypt_from_vault(vault_file: weaver.datatype.VaultFile, path: str, out_dir: str | None = None, delete_encrypted: bool = False) str[source]

Decrypts a Vault file and optionally removes its encrypted version.

Parameters:
  • vault_file – Reference file in Vault.

  • path – Expected location of the encrypted file.

  • out_dir – Desired output location, or temporary directory.

  • delete_encrypted – Delete original encrypted file after decryption for output.

Returns:

Output location of the decrypted file.