I have a python script for some automation that contains a username and password.
This script triggers in a azure pipeline on GitHub.
But the idea of pushing credentials to GitHub is not good so I would like to store those credentials in a variable so it can be used by the script when the pipeline triggers.
Just to make the example clear, the python script holding the credentials looks like this:
wait.until(EC.element_to_be_clickable((By.CSS_SELECTOR, "div[class$='visible-lg'] input#signInFormUsername"))).send_keys('<USERNAME>')
wait.until(EC.element_to_be_clickable((By.CSS_SELECTOR, "div[class$='visible-lg'] input#signInFormPassword"))).send_keys('<PASSWORD')
Those are the 2 important values that I would like to remove from my plain script and store them in an env variable so when the pipeline triggers the python script, will know from were to fetch those credentials.
Can anyone advice on the best practice for this kind of scenarios?
Thank you very much and if you need more info just let me know
I highly recommend github secrets. From the documentation:
Secrets are encrypted environment variables that you create in an organization, repository, or repository environment. The secrets that you create are available to use in GitHub Actions workflows. GitHub uses a libsodium sealed box to help ensure that secrets are encrypted before they reach GitHub and remain encrypted until you use them in a workflow.
Related
I'm trying to mimic the flow for authenticating with GCP using the gcloud CLI in a Go project. In this case, I can't just shell out to gcloud using the os package because I have to assume it's not installed on the system. I also need to avoid having the user go in and set an OAuth2 client_id and client_secret in the developer console since the gcloud CLI doesn't seem to require it.
I was trying to look through the Python code for gcloud and I can sort of see what it's doing but it's a bit difficult to follow since I'm not super experienced in Python and it seems like there are many layers of abstraction in the authentication code that are a bit hard to break through.
I can see the GCP URLs (the ones that you open in the browser when doing gcloud auth login) have a client_id but they don't have a client_secret. They also look like they do PKCE but I'm not super familiar with how that works. I also can't figure out exactly where they get the client_id from. If it's somehow bundled with the gcloud CLI I can't find it anywhere.
Help!
I have a small python script that logins to a website, downloads a bundle of files and then saves these files to a Sharepoint site for use by others. There are multiple files to this and several required python imports.
I'd like to move this to Azure so I can put this thing on a schedule to run periodically so I can forget about it (and have the script send notification or otherwise). Actually there are other scripts I would also like to put on a schedule.
I'm somewhat baffled in where to start doing this on Azure. I have an Azure account with some free credit but beyond that confused as what Azure service this should be built on.
Google searching is not helping as all I get is bundle of buzzwords that are not really helping.
Looking for some pointers in the right direction.
Thanks
As mentioned by #Gaurav Mantri, you can use Azure functions' Timer trigger where the function is run on a schedule. Alternatively, for codeless automated workflows, you can even opt for Azure logic apps which provide many connectors that are performed just by constructing a workflow.
REFERENCES: Connect to SharePoint from Azure Logic Apps - MSFT Docs
I am looking for the command or SDK, such as python, to generate new personal access token (PAT) in Github, but I didn't see any API for it.
https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token
All the documents are about to login github from website, and manually generate it.
Are there any automation way?
Unfortunately, this isn't something that can be done completely programmatically. Creating PATs requires sudo mode on GitHub, which prompts the user to authenticate.
The best you can do is use a command to prefill parts of the creation of a PAT (scopes, description, etc.). This isn't currently a feature of any Python package, though something similar exists in this R package: https://usethis.r-lib.org/reference/github-token.html
I have a Python script that accesses Google cloud platform, I also set up the service account, I can request & save the json file through the cloud console webpage after I login my Google account, and sets the GOOGLE_APPLICATION_CREDENTIALS to that json file, so the Python script can have access.
Now I want to share it with others, I have requirements.txt for the Python scrip to install the gcloud-api library, but I don't want to enforce others to install gcloud-sdk. And I don't want to share that json file with others. I would like to let others run the script, and if that json credential file is not found, the script will ask them to:
login gcloud
generate and save json credential, e.g., to a default directory
sets GOOGLE_APPLICATION_CREDENTIALS to that json file
All the step better be done without browser. Is there a way to use Python to do such thing? I did some research & googling but no luck.
I believe I can do this anyway by Python invoking curl or using requests, but just wonder if there is a simpler way to do this.
UPDATE
Thanks to the comments but I just want to release to others a Python script file.
I read through the service account and the work identity federation, I don‘t have infra to setup identity provider. I believe that based on my reading and the comments, if I want to use something like oauth, I need to register my script as a client on Google. I am not sure if this is feasible or considered as a good practice...
I am looking for a way to clone locally, a remote private git repository via python. Git i.e. not specific to a version control provider. Ideally I am looking to establish a connection with the remote repo(provider) using the credentials and then clone(emulate what would happen through bash) or just download the repo. This needs to happen via the python-script though. The credentials would be provided to the script as encoded arguments on console execution.
Everything I have tried so far seems to have a quirk that does not solve the issue entirely.
This post seems to solve the issue of cloning a public repo(GitPython): https://stackoverflow.com/a/2472616/6599916
Searching through stack and the GitPython documentation I haven't found a way to set authentication credentials through the GitPython library though. If anyone has implemented this it would be greatly appreciated.
Furthermore, in the past, I have implemented a version of this with a user prompt, but only for GitHub by employing requests to authenticate and then download the zip file of the remote repo. I can still use this, just for github.
remoteReply = requests.get(remURL, timeout=20, auth=credentials)
Also, I tried this: https://github.community/t5/How-to-use-Git-and-GitHub/Clone-private-repo/td-p/12616
which is still just for github. I would have tried a gitlab implemention but this yields errors when user password contains special characters like #. Is there a way to resolve this?
Finally, an implementation via the APIs of version control providers would be feasible if there existed a way to authenticate via username and password. All info regarding my issue circles around using sha or tokens which are not a solution in my case.