Merge pull request #13 from ScottWales/git-keyring

Store credentials in 'git credential-cache'

arccssive2/db.py

@@ -15,14 +15,11 @@
 # limitations under the License.
 from __future__ import print_function
 
-#try:
-#    import keyring
-#except ImportError:
-class Keyring():
-    def get_password(*args):
-        raise NotImplementedError
-keyring = Keyring()
+import keyring
+from .git_keyring import GitCredentialCacheKeyring
+keyring.set_keyring(GitCredentialCacheKeyring())
 
+import sqlalchemy
 from sqlalchemy import create_engine
 from sqlalchemy.engine.url import make_url
 from sqlalchemy.orm import sessionmaker
@@ -46,12 +43,20 @@ def connect(url='postgresql://130.56.244.107:5432/postgres', user=None, debug=Fa
         """
         _url.username = user
         _url.password = ''
-        try:
-            _url.password = keyring.get_password('arccssive2', user)
-        except:
+        _url.password = keyring.get_password('arccssive2', user)
+        if _url.password is None:
             _url.password = getpass("Password for user %s: "%user)
+            keyring.set_password('arccssive2', user, _url.password)
 
     engine = create_engine(_url, echo=debug)
     Session.configure(bind=engine)
 
+    try:
+        c = engine.connect()
+        c.close()
+    except sqlalchemy.exc.OperationalError:
+        # Faled to connect, drop credentials
+        keyring.delete_password('arccssive2', user)
+        raise Exception('Failed to authenticate with NCI MAS database')
+
     return engine

arccssive2/git_keyring.py

@@ -0,0 +1,48 @@
+#!/usr/bin/env python
+# Copyright 2017 ARC Centre of Excellence for Climate Systems Science
+# author: Scott Wales <[email protected]>
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+from __future__ import print_function
+import keyring.backend
+import subprocess
+
+class GitCredentialCacheKeyring(keyring.backend.KeyringBackend):
+    """
+    Store credentials in git memory cache
+
+    https://git-scm.com/book/gr/v2/Git-Tools-Credential-Storage
+    """
+    priority = 1
+
+    def set_password(self, servicename, username, password):
+        self._call_keyring('store', servicename, username, password)
+
+    def get_password(self, servicename, username):
+        message = self._call_keyring('get', servicename, username)
+        for line in message.splitlines():
+            key, value = line.split('=')
+            if key == 'password':
+                return value
+
+    def delete_password(self, servicename, username):
+        self._call_keyring('erase', servicename, username)
+
+    def _call_keyring(self, action, host, username, password=None, protocol='python_keyring'):
+        message = ("protocol=%s\nhost=%s\nusername=%s\npassword=%s\n"%(
+            protocol,host,username,password)
+            ).encode('utf-8')
+        return subprocess.check_output(
+                ['git','credential-cache',action],
+                input=message
+                ).decode('utf-8')

conda/dev-environment.yml

@@ -14,7 +14,7 @@ dependencies:
     - click
     - pytest
     - keyring
-    - secretstorage
+    - git
 
     - pip:
         - docker-compose

conda/meta.yaml

@@ -29,6 +29,7 @@ requirements:
         - requests
         - click
         - keyring
+        - git
 
 test:
     source_files: