#!/usr/bin/env pythonimport boto3import jsonimport osimport hvacimport sys

1. #!/usr/bin/env python
2. import boto3
3. import json
4. import os
5. import hvac
6. import sys
7. import mysql.connector
8. import base64
9. import time
10. from threading import Thread
11. from mysql.connector import errorcode
12.  
13. AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID']
14. AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY']
15. s3 = boto3.client('s3',aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY)
16. S3_BUCKET = os.environ['S3_BUCKET']
17. MYSQL_ADDR = os.environ['MYSQL_ADDR']
18. vault = hvac.Client(url=os.environ['VAULT_ADDR'], token=os.environ['VAULT_TOKEN'])
19. action = sys.argv[1]
20.  
21. def getMySQLcreds(vault):
22. mysqlcreds = vault.read('mysql/creds/readonly')
23. return mysqlcreds
24.  
25. def mysqlclient(mysqlcreds, mysql_addr):
26. print("Connecting to Mysql as %s" % mysqlcreds['data']['username'])
27. try:
28. mysqlobj = mysql.connector.connect(user=mysqlcreds['data']['username'], password=mysqlcreds['data']['password'],
29. host=mysql_addr,
30. database='world')
31. except mysqlobj.connector.Error as err:
32. if err.errno == errorcode.ER_ACCESS_DENIED_ERROR:
33. print("Something is wrong with your username or password")
34. elif err.errno == errorcode.ER_BAD_DB_ERROR:
35. print("Database does not exist")
36. else:
37. print(err)
38. else:
39. return mysqlobj
40.  
41. def iterate_bucket_items(s3, s3_bucket):
42. paginator = s3.get_paginator('list_objects_v2')
43. page_iterator = paginator.paginate(Bucket=s3_bucket)
44.  
45. for page in page_iterator:
46. for item in page['Contents']:
47. yield item
48.  
49. def importtoS3(vault, s3, s3_bucket):
50. mysqlcreds = getMySQLcreds(vault)
51. mysqlconn = mysqlclient(mysqlcreds, MYSQL_ADDR)
52. cursor = mysqlconn.cursor()
53. start_time = time.time()
54. cursor.execute("select * from City")
55. print("---Time selecting dataset: %s seconds ---" % (time.time() - start_time))
56. for (ID, Name, CountryCode, District, Population) in cursor:
57. t = Thread(target=makeJson, args=(vault, s3, s3_bucket, ID, Name, CountryCode, District, Population))
58. t.start()
59. mysqlconn.close()
60.  
61. def makeJson(vault, s3, s3_bucket, ID, Name, CountryCode, District, Population):
62. # Take the starting time for the whole function
63. tot_time = time.time()
64. # Take the starting time for encryption
65. enc_time = time.time()
66. # Base64 a single Value
67. Nameb64 = base64.b64encode(Name.encode('utf-8'))
68. # Encrypt it through Vault
69. NameEnc = vault.write('transit/encrypt/world-transit', plaintext=bytes(Nameb64), context=base64.b64encode('world-transit'))
70. # Calculate how long it took to encrypt
71. eetime = time.time() - enc_time
72. # Create the object to persist and convert it to JSON
73. Cityobj = { "ID": ID, "Name": NameEnc['data']['ciphertext'], "CountryCode": CountryCode, "District": District, "Population": Population }
74. City = json.dumps(Cityobj)
75. filename = "%s.json" % ID
76. #print("Writing %s" % filename)
77. # Take the starting time for persisting it into S3, for comparison
78. store_time = time.time()
79. # Persist the object
80. s3.put_object(Body=City, Bucket=s3_bucket, Key=filename)
81. # Calculate how long it took to store it
82. sstime = time.time() - store_time
83. # Calculate how long it took to run the whole function
84. tttime = time.time() - tot_time
85. print("%i,%s,%s,%s\n" % (int(ID), str(sstime), str(eetime), str(tttime)))
86.  
87. def exporttoMySQL(vault, s3, s3_bucket):
88. mysqlcreds = getMySQLcreds(vault)
89. mysqlconn = mysqlclient(mysqlcreds, MYSQL_ADDR)
90. cursor = mysqlconn.cursor()
91. cursor.execute('DROP TABLE IF EXISTS `CityDecoded`;')
92. cursor.execute('''CREATE TABLE `CityDecoded` (
93. `ID` int(11) NOT NULL auto_increment,
94. `Name` char(35) NOT NULL default '',
95. `CountryCode` char(3) NOT NULL default '',
96. `District` char(20) NOT NULL default '',
97. `Population` int(11) NOT NULL default '0',
98. PRIMARY KEY (`ID`)
99. ) ENGINE=MyISAM DEFAULT CHARSET=latin1;''')
100. for file in iterate_bucket_items(s3, s3_bucket):
101. print("Decoding and storing %s" % file['Key'])
102. file = s3.get_object(Key=file['Key'], Bucket=s3_bucket)
103. content = json.loads(file['Body'].read())
104. NameEnc = content['Name']
105. NameDec = vault.write('transit/decrypt/world-transit', ciphertext=NameEnc, context=base64.b64encode('world-transit'))
106. Name = base64.b64decode(NameDec['data']['plaintext'])
107. print("Inserting row in the table for City %s" % str(Name))
108. cursor.execute('INSERT INTO `CityDecoded` VALUES (%i,\'%s\',\'%s\',\'%s\',%i);' % (int(content['ID']), str(Name), content['CountryCode'].encode('utf-8'), content['District'].encode('utf-8'), int(content['Population'])))
109. mysqlconn.close()
110.  
111.  
112. def main():
113. if action == "import":
114. importtoS3(vault,s3,S3_BUCKET)
115. elif action == "export":
116. exporttoMySQL(vault,s3,S3_BUCKET)
117. else:
118. print("What should I do? import/export")
119.  
120. if __name__ == "__main__": main()