{ "info": { "author": "Terry Cain", "author_email": "terry@terrys-home.co.uk", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Framework :: AsyncIO", "Intended Audience :: Developers", "Intended Audience :: System Administrators", "License :: OSI Approved :: Apache Software License", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Topic :: Security" ], "description": "[![PyPi](https://img.shields.io/pypi/v/terrycain-metadata-proxy.svg)](https://pypi.python.org/pypi/terrycain-metadata-proxy) [![Travis](https://img.shields.io/travis/terrycain/metadata-proxy.svg)](https://travis-ci.com/terrycain/metadata-proxy) [![PyUp](https://pyup.io/repos/github/terrycain/metadata-proxy/shield.svg)](https://pyup.io/repos/github/terrycain/metadata-proxy/)\n\n# Metadata proxy\n\n__currently undergoing some refactoring__\n\nVery simple project to present an AWS compatible metadata service\nto servers on-premise funneling all of the credential requests through\na central server which either has AWS credentials or is running in AWS \nand has a host iam role.\n\n\n## Installation\n### Metadata Server\n\nTODO - make docker container\n\nRun the following docker container `terrycain/SOMECONTAINER`\nIt listens on HTTP 8000 so put it behind a HTTPS loadbalancer / reverse proxy, \n\nTODO - Create the following Dynamo Tables\nmetadata-proxy-hosts\nmetadata-proxy-containers\nmetadata-proxy-users\n\n#### Configuration\n\nHere are some environment variables used to configure the metadata server, defaults are in parenthesis at the beginning.\n\n* `REG_KEY` - Random string used for initial client registration.\n* `HOSTNAME_PREFIX` - (ip) Hostnames will be generated like so: `192.168.0.1` -> `HOSTNAME_PREFIX-192-168-0-1` .\n* `IAM_HOST_ROLE_CACHE_TTL` - (120) Time in seconds to cache the list of IAM roles used for a dropdown list in the UI. \nThis can take a while at times..\n\nCurrently Redis is a dependency but that can be a standalone redis ran alongside this container, will look to make it o\nptional in the future.\n* `REDIS_HOST` - (localhost) Redis hostname.\n* `REDIS_PORT` - (6379) Redis port.\n* `REDIS_DB` - (0) Redis DB.\n\nSTS credentials are cached (currently in redis) and they are encrypted with an AES key. This allows for multiple servers \nto be ran in a HA manner and also reduces `STS.assume_role` requests.\n* `STS_SEED` - This should be a random secret that is long.\n\nUser authentication is either based on users in a DynamoDB table or via OpenID Connect.\n* `USER_AUTH_METHOD` - (oidc) Either `oidc` or `dynamo`\n* `OIDC_CLIENT_ID` - OpenID Connect client ID.\n* `OIDC_CLIENT_SECRET` - Client secret.\n* `OIDC_BASE_URL` - Base url of the OpenID server, at startup the server will hit the wellknown metadata url to get \nOpenID config.\n\nDynamoDB configuration\n* `DYNAMODB_REGION` - (eu-west-1) Region the DynamoDB tables are located\n* `DYNAMODB_HOSTS_TABLE` - (metadata-proxy-hosts) Table that stores registered hosts and what role they have been assigned\n* `DYNAMODB_CONTAINER_TABLE` - (metadata-proxy-containers) Table that contains \n* `DYNAMODB_USERS_TABLE` - (metadata-proxy-users)\n\n\n### Metadata proxy\n\n__Todo - make pip package__\n#### Linux\nInstall the Python package (requires Python 3.5.3+)\n```bash\nsudo pip3 install terrycain-metadata-proxy[uvloop]\n```\n\nCreate the following systemd unit file and associated users\n```bash\nsudo groupadd --system metadata-proxy\nsudo useradd --system --gid metadata-proxy --home-dir /var/lib/metadata-proxy --shell /sbin/nologin metadata-proxy\nsudo mkdir /var/lib/metadata-proxy\nsudo chown metadata-proxy:metadata-proxy /var/lib/metadata-proxy\nsudo chown 0700 /var/lib/metadata-proxy\ncat << EOF | sudo tee /etc/systemd/system/metadata-proxy.service\n[Unit]\nDescription=Metadata proxy\nRequires=network.target\nAfter=network.target\n\n[Service]\nEnvironment=PYTHONUNBUFFERED=1\nTimeoutStartSec=0\nRestart=always\nUser=metadata-proxy\nGroup=metadata-proxy\nWorkingDirectory=/var/lib/metadata-proxy\nPermissionsStartOnly=true\nExecStartPre=/sbin/iptables -t nat -I OUTPUT -p tcp -d 169.254.169.254 --dport 80 -j DNAT --to-destination 127.0.0.1:8000\nExecStart=/usr/local/bin/metadata-proxy\nExecStopPost=/sbin/iptables -t nat -D OUTPUT -p tcp -d 169.254.169.254 --dport 80 -j DNAT --to-destination 127.0.0.1:8000\n\n[Install]\nWantedBy=default.target\nEOF\n\nsudo systemctl daemon-reload\nsudo systemctl enable --now metadata-proxy\n```\n\nTest that the proxy is now running and the iptables rules are working\n```bash\ncurl http://169.254.169.254/latest/meta-data/instance-type ; echo\n# Should output:\n# c5.16xlarge\n``` \n\nRegister the metadata service against the master server with\nthe curl command from the UI\n\n```bash\ncurl --noproxy '*' -XPOST http://169.254.169.254/register -H \"Content-Type: application/json\" --data '{\"server_url\": \"https://metadata-eu.ficoccs-prod.net/api/v1/register\", \"key\": \"0753e6f9-5884-462d-bb46-d376f27047a1\"}' \n```\n\n\n#### Windows\n\nInstalling on Windows (Requires python 3.5.3+)\n```bash\npip3 install terrycain-metadata-proxy\n```\n\nCreate a service on Windows\nTODO\n\nRegister the metadata service against the master server with\nthe curl command from the UI\n\n\n\n\n\n\n\n## TODO List\n\n* Better logging\n* Add support for `cert.pem`, `key.pem`, `chain.pem` ENV vars so that it can do HTTPS\n* Finish documentation\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/terrycain/metadata-proxy/", "keywords": "aws metadata proxy", "license": "", "maintainer": "", "maintainer_email": "", "name": "terrycain-metadata-proxy", "package_url": "https://pypi.org/project/terrycain-metadata-proxy/", "platform": "", "project_url": "https://pypi.org/project/terrycain-metadata-proxy/", "project_urls": { "Homepage": "https://github.com/terrycain/metadata-proxy/" }, "release_url": "https://pypi.org/project/terrycain-metadata-proxy/1.5.0/", "requires_dist": [ "aiohttp (>=3.5.4)", "netifaces (>=0.10.7)", "python-dateutil (>=2.7.5)", "pytz (>=2019.1)", "uvloop (>=0.12.2) ; extra == 'uvloop'" ], "requires_python": "", "summary": "AWS Metadata Proxy", "version": "1.5.0" }, "last_serial": 5583241, "releases": { "0.1.6": [ { "comment_text": "", "digests": { "md5": "f3e911be4ba1b03f96f337f1bad96336", "sha256": "951f4803f2d1a6910b84735b392f8bc95f7091db92851b00d62a97f0d8bb9097" }, "downloads": -1, "filename": "terrycain_metadata_proxy-0.1.6-py3-none-any.whl", "has_sig": false, "md5_digest": "f3e911be4ba1b03f96f337f1bad96336", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 8844, "upload_time": "2019-07-11T20:51:20", "url": "https://files.pythonhosted.org/packages/7b/cc/5fe6880c4f0a035163435db16ec8db57f88b8b5f6496d5a49ee28a14aabb/terrycain_metadata_proxy-0.1.6-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "0418d5a4f0da7d28d0dfaa17b2828f66", "sha256": "4320c707f7e69669130b3b858e6ae472a49cd1162193ad765593ee6522078201" }, "downloads": -1, "filename": "terrycain-metadata-proxy-0.1.6.tar.gz", "has_sig": false, "md5_digest": "0418d5a4f0da7d28d0dfaa17b2828f66", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8168, "upload_time": "2019-07-11T20:51:22", "url": "https://files.pythonhosted.org/packages/ae/46/f2fdc2b4b24c98498f6917668852389007f7d9f869f948ed7c340d88fa80/terrycain-metadata-proxy-0.1.6.tar.gz" } ], "1.0.0": [ { "comment_text": "", "digests": { "md5": "d51f036d0b6fa36dd6bad585c1db9876", "sha256": "50a3035f0c6f85a039583d99c765a8b3c6ed216a6365d98f89570b9ae6eff9e3" }, "downloads": -1, "filename": "terrycain_metadata_proxy-1.0.0-py3-none-any.whl", "has_sig": false, "md5_digest": "d51f036d0b6fa36dd6bad585c1db9876", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 9706, "upload_time": "2019-07-18T12:43:31", "url": "https://files.pythonhosted.org/packages/c9/26/6c4327b655c83dbd0649e2ee59ff64b73fe75b28dfa8513972193919adfb/terrycain_metadata_proxy-1.0.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "8adbbf8cc5a4bfa8c4850db9fb0e68ed", "sha256": "8dd0271802feed3845fc3bb432d44e9c71bb9b49ce7674d2a0f53ab282355036" }, "downloads": -1, "filename": "terrycain-metadata-proxy-1.0.0.tar.gz", "has_sig": false, "md5_digest": "8adbbf8cc5a4bfa8c4850db9fb0e68ed", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9544, "upload_time": "2019-07-18T12:43:33", "url": "https://files.pythonhosted.org/packages/a0/b9/1717d7182f2f8922ba8f0668ec7a0f4995b06948cb3eceaafe136dcabd42/terrycain-metadata-proxy-1.0.0.tar.gz" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "78f9c414fca8ed6079fe4edd3aea7c08", "sha256": "85d175c9d93d5cbd6be4f3a50ffe6383ece52d959f7923b1d34c4b948337453e" }, "downloads": -1, "filename": "terrycain_metadata_proxy-1.0.1-py3-none-any.whl", "has_sig": false, "md5_digest": "78f9c414fca8ed6079fe4edd3aea7c08", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 9701, "upload_time": "2019-07-18T15:09:40", "url": "https://files.pythonhosted.org/packages/55/3a/1da1f0c57990c6b755876b35646f1cdcda750aea88341355fc8e0fa956da/terrycain_metadata_proxy-1.0.1-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "bbc50b641c806159eb7c0e763a2570c2", "sha256": "1ed2480e7ecdc5667d229c3c02382cdb5168047210b56f65b0e53bc055d72dad" }, "downloads": -1, "filename": "terrycain-metadata-proxy-1.0.1.tar.gz", "has_sig": false, "md5_digest": "bbc50b641c806159eb7c0e763a2570c2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9197, "upload_time": "2019-07-18T15:09:41", "url": "https://files.pythonhosted.org/packages/28/ec/391e4d5a8fcae24421e79874bb744afe672b8fd3a946a73e548325576718/terrycain-metadata-proxy-1.0.1.tar.gz" } ], "1.1.0": [ { "comment_text": "", "digests": { "md5": "587479dddec99b516c9a87c917ea6231", "sha256": "f96edb701e14c390a7fe5446d05c30caf7e7cee13b4f0d5f1ff90284aed4430d" }, "downloads": -1, "filename": "terrycain_metadata_proxy-1.1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "587479dddec99b516c9a87c917ea6231", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 9706, "upload_time": "2019-07-18T15:11:53", "url": "https://files.pythonhosted.org/packages/50/b0/d90ba4561be7d29f2d55f02be7e89bce80ad0cae3bea5f25f2b2bd2ef81c/terrycain_metadata_proxy-1.1.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "1379cb77a411eec960cae7f11fa0f4b2", "sha256": "e914f17efef4e53c8d81dd1c0db47d22d0d6af10f60629a66ec88300558c2a2a" }, "downloads": -1, "filename": "terrycain-metadata-proxy-1.1.0.tar.gz", "has_sig": false, "md5_digest": "1379cb77a411eec960cae7f11fa0f4b2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9201, "upload_time": "2019-07-18T15:11:55", "url": "https://files.pythonhosted.org/packages/24/c8/f274e68cce7c574a4d6001c126103ad7b0c09b958803f52cd38d83ebfcf9/terrycain-metadata-proxy-1.1.0.tar.gz" } ], "1.2.0": [ { "comment_text": "", "digests": { "md5": "4dc1e184af42c47d72357925c35b7e56", "sha256": "330a07a38ce49ba513645246aab37cf79fb8b94ca25864d213a889c8b2f03f16" }, "downloads": -1, "filename": "terrycain_metadata_proxy-1.2.0-py3-none-any.whl", "has_sig": false, "md5_digest": "4dc1e184af42c47d72357925c35b7e56", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 10031, "upload_time": "2019-07-18T20:46:41", "url": "https://files.pythonhosted.org/packages/0b/7e/544440bd6f12d41de002d471fde4941f7ee6c6a4f89e785107c13f6b8c81/terrycain_metadata_proxy-1.2.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "78a2c6dbb85831074b34acad86157261", "sha256": "68d908b1cbb19b978660ecf61447d26e8879c8a2cb1561cc371ae622c159c6a5" }, "downloads": -1, "filename": "terrycain-metadata-proxy-1.2.0.tar.gz", "has_sig": false, "md5_digest": "78a2c6dbb85831074b34acad86157261", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9551, "upload_time": "2019-07-18T20:46:42", "url": "https://files.pythonhosted.org/packages/bb/34/ef84ebb79d27fb9c384b81440599983ba3bf112a08fc63bcef5809f76ffa/terrycain-metadata-proxy-1.2.0.tar.gz" } ], "1.3.0": [ { "comment_text": "", "digests": { "md5": "a5183673958fd858076555ad425f2f28", "sha256": "b52cf0db97a947c56b6d32692e50c2579c7e90e315b52868ccccc250f09d7a28" }, "downloads": -1, "filename": "terrycain_metadata_proxy-1.3.0-py3-none-any.whl", "has_sig": false, "md5_digest": "a5183673958fd858076555ad425f2f28", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 10155, "upload_time": "2019-07-18T20:55:26", "url": "https://files.pythonhosted.org/packages/26/53/397056e828b5056456dc1d789992b3298b093c4491d38ae6e08c5dba90c0/terrycain_metadata_proxy-1.3.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "fc4232c1cfdd4e9c10ec052fcca344b4", "sha256": "80ad40318f04cc390b31c71e09de665e022c51cb5ccc0fcc40c5f9cb337f84a5" }, "downloads": -1, "filename": "terrycain-metadata-proxy-1.3.0.tar.gz", "has_sig": false, "md5_digest": "fc4232c1cfdd4e9c10ec052fcca344b4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9674, "upload_time": "2019-07-18T20:55:30", "url": "https://files.pythonhosted.org/packages/f4/7d/881c72811e662d663f2fa13b7ca7fc2ed74a8bf40291b990b2de3f43adaf/terrycain-metadata-proxy-1.3.0.tar.gz" } ], "1.4.0": [ { "comment_text": "", "digests": { "md5": "ab74e43fd63e9c59274722c241f4e599", "sha256": "21883fe4f757397e76b93e977609b61eb4efd58293fc3ae9ede954afa8c8b20d" }, "downloads": -1, "filename": "terrycain_metadata_proxy-1.4.0-py3-none-any.whl", "has_sig": false, "md5_digest": "ab74e43fd63e9c59274722c241f4e599", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 9996, "upload_time": "2019-07-19T15:30:36", "url": "https://files.pythonhosted.org/packages/6c/45/08ed28e94d1fdb26690e8f0d50e0e991700fc0e6135a30cea83afe229dad/terrycain_metadata_proxy-1.4.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "2b8c801e326f62c1265bd7a0da7cffb9", "sha256": "7c7baac7bb77880240496253b465397537213b58c79d2e2d48c44dd28a59ba0a" }, "downloads": -1, "filename": "terrycain-metadata-proxy-1.4.0.tar.gz", "has_sig": false, "md5_digest": "2b8c801e326f62c1265bd7a0da7cffb9", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9707, "upload_time": "2019-07-19T15:30:37", "url": "https://files.pythonhosted.org/packages/9f/14/3c74a509477031992b942af61a86efe29edf69ecd5765b1014f76e27204d/terrycain-metadata-proxy-1.4.0.tar.gz" } ], "1.5.0": [ { "comment_text": "", "digests": { "md5": "c25119766a45d656f0a8c4d7a856b002", "sha256": "eaf04ef3db0af60922d33accd624c4df442c8d478bbeca1a290563a2edc7ff78" }, "downloads": -1, "filename": "terrycain_metadata_proxy-1.5.0-py3-none-any.whl", "has_sig": false, "md5_digest": "c25119766a45d656f0a8c4d7a856b002", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 9993, "upload_time": "2019-07-25T13:33:02", "url": "https://files.pythonhosted.org/packages/b0/50/c70c57a1b7ffed7c28f8d1c3732f48c0ecd5bfb6742ddb5dffb21b38edc6/terrycain_metadata_proxy-1.5.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "9116e7c223409b4822e810c2c997e52d", "sha256": "3cc347b14bf0b3a90aeeb2d127a3b5cfab52e2dff5c9b9e1ff2fc7d30f9bcfb6" }, "downloads": -1, "filename": "terrycain-metadata-proxy-1.5.0.tar.gz", "has_sig": false, "md5_digest": "9116e7c223409b4822e810c2c997e52d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9695, "upload_time": "2019-07-25T13:33:04", "url": "https://files.pythonhosted.org/packages/d9/36/3e927207f58e0d8ba9fb2d855d0ddc2b9ce4e5652eec48e4cd916b57df5a/terrycain-metadata-proxy-1.5.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "c25119766a45d656f0a8c4d7a856b002", "sha256": "eaf04ef3db0af60922d33accd624c4df442c8d478bbeca1a290563a2edc7ff78" }, "downloads": -1, "filename": "terrycain_metadata_proxy-1.5.0-py3-none-any.whl", "has_sig": false, "md5_digest": "c25119766a45d656f0a8c4d7a856b002", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 9993, "upload_time": "2019-07-25T13:33:02", "url": "https://files.pythonhosted.org/packages/b0/50/c70c57a1b7ffed7c28f8d1c3732f48c0ecd5bfb6742ddb5dffb21b38edc6/terrycain_metadata_proxy-1.5.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "9116e7c223409b4822e810c2c997e52d", "sha256": "3cc347b14bf0b3a90aeeb2d127a3b5cfab52e2dff5c9b9e1ff2fc7d30f9bcfb6" }, "downloads": -1, "filename": "terrycain-metadata-proxy-1.5.0.tar.gz", "has_sig": false, "md5_digest": "9116e7c223409b4822e810c2c997e52d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9695, "upload_time": "2019-07-25T13:33:04", "url": "https://files.pythonhosted.org/packages/d9/36/3e927207f58e0d8ba9fb2d855d0ddc2b9ce4e5652eec48e4cd916b57df5a/terrycain-metadata-proxy-1.5.0.tar.gz" } ] }