Source code for airflow.contrib.hooks.winrm_hook

# -*- coding: utf-8 -*-
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
#

import getpass

from winrm.protocol import Protocol

from airflow.exceptions import AirflowException
from airflow.hooks.base_hook import BaseHook


[docs]class WinRMHook(BaseHook): """ Hook for winrm remote execution using pywinrm. :seealso: https://github.com/diyan/pywinrm/blob/master/winrm/protocol.py :param ssh_conn_id: connection id from airflow Connections from where all the required parameters can be fetched like username and password. Thought the priority is given to the param passed during init :type ssh_conn_id: str :param endpoint: When set to `None`, endpoint will be constructed like this: 'http://{remote_host}:{remote_port}/wsman' :type endpoint: str :param remote_host: Remote host to connect to. Ignored if `endpoint` is not `None`. :type remote_host: str :param remote_port: Remote port to connect to. Ignored if `endpoint` is not `None`. :type remote_port: int :param transport: transport type, one of 'plaintext' (default), 'kerberos', 'ssl', 'ntlm', 'credssp' :type transport: str :param username: username to connect to the remote_host :type username: str :param password: password of the username to connect to the remote_host :type password: str :param service: the service name, default is HTTP :type service: str :param keytab: the path to a keytab file if you are using one :type keytab: str :param ca_trust_path: Certification Authority trust path :type ca_trust_path: str :param cert_pem: client authentication certificate file path in PEM format :type cert_pem: str :param cert_key_pem: client authentication certificate key file path in PEM format :type cert_key_pem: str :param server_cert_validation: whether server certificate should be validated on Python versions that suppport it; one of 'validate' (default), 'ignore' :type server_cert_validation: str :param kerberos_delegation: if True, TGT is sent to target server to allow multiple hops :type kerberos_delegation: bool :param read_timeout_sec: maximum seconds to wait before an HTTP connect/read times out (default 30). This value should be slightly higher than operation_timeout_sec, as the server can block *at least* that long. :type read_timeout_sec: int :param operation_timeout_sec: maximum allowed time in seconds for any single wsman HTTP operation (default 20). Note that operation timeouts while receiving output (the only wsman operation that should take any significant time, and where these timeouts are expected) will be silently retried indefinitely. :type operation_timeout_sec: int :param kerberos_hostname_override: the hostname to use for the kerberos exchange (defaults to the hostname in the endpoint URL) :type kerberos_hostname_override: str :param message_encryption_enabled: Will encrypt the WinRM messages if set to True and the transport auth supports message encryption (Default True). :type message_encryption_enabled: bool :param credssp_disable_tlsv1_2: Whether to disable TLSv1.2 support and work with older protocols like TLSv1.0, default is False :type credssp_disable_tlsv1_2: bool :param send_cbt: Will send the channel bindings over a HTTPS channel (Default: True) :type send_cbt: bool """ def __init__(self, ssh_conn_id=None, endpoint=None, remote_host=None, remote_port=5985, transport='plaintext', username=None, password=None, service='HTTP', keytab=None, ca_trust_path=None, cert_pem=None, cert_key_pem=None, server_cert_validation='validate', kerberos_delegation=False, read_timeout_sec=30, operation_timeout_sec=20, kerberos_hostname_override=None, message_encryption='auto', credssp_disable_tlsv1_2=False, send_cbt=True, ): super(WinRMHook, self).__init__(ssh_conn_id) self.ssh_conn_id = ssh_conn_id self.endpoint = endpoint self.remote_host = remote_host self.remote_port = remote_port self.transport = transport self.username = username self.password = password self.service = service self.keytab = keytab self.ca_trust_path = ca_trust_path self.cert_pem = cert_pem self.cert_key_pem = cert_key_pem self.server_cert_validation = server_cert_validation self.kerberos_delegation = kerberos_delegation self.read_timeout_sec = read_timeout_sec self.operation_timeout_sec = operation_timeout_sec self.kerberos_hostname_override = kerberos_hostname_override self.message_encryption = message_encryption self.credssp_disable_tlsv1_2 = credssp_disable_tlsv1_2 self.send_cbt = send_cbt self.client = None self.winrm_protocol = None
[docs] def get_conn(self): if self.client: return self.client self.log.debug('Creating WinRM client for conn_id: %s', self.ssh_conn_id) if self.ssh_conn_id is not None: conn = self.get_connection(self.ssh_conn_id) if self.username is None: self.username = conn.login if self.password is None: self.password = conn.password if self.remote_host is None: self.remote_host = conn.host if conn.extra is not None: extra_options = conn.extra_dejson if "endpoint" in extra_options: self.endpoint = str(extra_options["endpoint"]) if "remote_port" in extra_options: self.remote_port = int(extra_options["remote_port"]) if "transport" in extra_options: self.transport = str(extra_options["transport"]) if "service" in extra_options: self.service = str(extra_options["service"]) if "keytab" in extra_options: self.keytab = str(extra_options["keytab"]) if "ca_trust_path" in extra_options: self.ca_trust_path = str(extra_options["ca_trust_path"]) if "cert_pem" in extra_options: self.cert_pem = str(extra_options["cert_pem"]) if "cert_key_pem" in extra_options: self.cert_key_pem = str(extra_options["cert_key_pem"]) if "server_cert_validation" in extra_options: self.server_cert_validation = \ str(extra_options["server_cert_validation"]) if "kerberos_delegation" in extra_options: self.kerberos_delegation = \ str(extra_options["kerberos_delegation"]).lower() == 'true' if "read_timeout_sec" in extra_options: self.read_timeout_sec = int(extra_options["read_timeout_sec"]) if "operation_timeout_sec" in extra_options: self.operation_timeout_sec = \ int(extra_options["operation_timeout_sec"]) if "kerberos_hostname_override" in extra_options: self.kerberos_hostname_override = \ str(extra_options["kerberos_hostname_override"]) if "message_encryption" in extra_options: self.message_encryption = str(extra_options["message_encryption"]) if "credssp_disable_tlsv1_2" in extra_options: self.credssp_disable_tlsv1_2 = \ str(extra_options["credssp_disable_tlsv1_2"]).lower() == 'true' if "send_cbt" in extra_options: self.send_cbt = str(extra_options["send_cbt"]).lower() == 'true' if not self.remote_host: raise AirflowException("Missing required param: remote_host") # Auto detecting username values from system if not self.username: self.log.debug( "username to WinRM to host: %s is not specified for connection id" " %s. Using system's default provided by getpass.getuser()", self.remote_host, self.ssh_conn_id ) self.username = getpass.getuser() # If endpoint is not set, then build a standard wsman endpoint from host and port. if not self.endpoint: self.endpoint = 'http://{0}:{1}/wsman'.format( self.remote_host, self.remote_port ) try: if self.password and self.password.strip(): self.winrm_protocol = Protocol( endpoint=self.endpoint, transport=self.transport, username=self.username, password=self.password, service=self.service, keytab=self.keytab, ca_trust_path=self.ca_trust_path, cert_pem=self.cert_pem, cert_key_pem=self.cert_key_pem, server_cert_validation=self.server_cert_validation, kerberos_delegation=self.kerberos_delegation, read_timeout_sec=self.read_timeout_sec, operation_timeout_sec=self.operation_timeout_sec, kerberos_hostname_override=self.kerberos_hostname_override, message_encryption=self.message_encryption, credssp_disable_tlsv1_2=self.credssp_disable_tlsv1_2, send_cbt=self.send_cbt ) self.log.info( "Establishing WinRM connection to host: %s", self.remote_host ) self.client = self.winrm_protocol.open_shell() except Exception as error: error_msg = "Error connecting to host: {0}, error: {1}".format( self.remote_host, error ) self.log.error(error_msg) raise AirflowException(error_msg) return self.client