def test_cacert_arg(self):
# Valid value, boolean True
base_url = 'http://www.stackstorm.com'
api_url = 'http://www.st2.com:9101/v1'
client = Client(base_url=base_url, api_url=api_url, cacert=True)
self.assertEqual(client.cacert, True)
# Valid value, boolean False
base_url = 'http://www.stackstorm.com'
api_url = 'http://www.st2.com:9101/v1'
client = Client(base_url=base_url, api_url=api_url, cacert=False)
self.assertEqual(client.cacert, False)
# Valid value, existing path to a CA bundle
cacert = os.path.abspath(__file__)
client = Client(base_url=base_url, api_url=api_url, cacert=cacert)
self.assertEqual(client.cacert, cacert)
# Invalid value, path to the bundle doesn't exist
cacert = os.path.abspath(__file__)
expected_msg = 'CA cert file "doesntexist" does not exist'
self.assertRaisesRegexp(ValueError,
expected_msg,
Client,
base_url=base_url,
api_url=api_url,
cacert='doesntexist')
def decrypt_password(self, input_token, log_file=True):
self.print_log("Decrypt xmc password...", log_file)
st2_client = Client(api_url='https://{0}/api'.format(self.st2ip),
token=input_token)
password = st2_client.keys.get_by_name(XMC_KEY_NAME, decrypt=True)
return password.value
def run(self, source, ns):
"""
Entry into the action script
"""
env = self.config.get('environment')
region = self.config.get('region')
k8suser = self.config.get('user')
k8spass = self.config.get('password')
k8surl = self.config.get('kubernetes_api_url')
domain = self.config.get('domain')
self.project, suffix = ns.split("-")
# only install jenkins if dev, otherwise carry on
if suffix != "dev":
return 0
self.k8s = k8s.K8sClient(k8surl, k8suser, k8spass)
client = Client(base_url='http://localhost')
self.source = source
self.ns = ns
key = ns + ".gitrepo"
self.gitrepo = client.keys.get_by_name(key).value
self._createSvc()
self._createDep()
self._createIng()
def __init__(self, config):
super(FormatResultAction, self).__init__(config)
api_url = os.environ.get('ST2_ACTION_API_URL', None)
token = os.environ.get('ST2_ACTION_AUTH_TOKEN', None)
self.client = Client(api_url=api_url, token=token)
self.jinja = jinja2.Environment(trim_blocks=True, lstrip_blocks=True)
self.jinja.tests['in'] = lambda item, list: item in list
def run(self):
self.client = Client(base_url='http://localhost')
queryresult1 = self.client.keys.query(prefix="NPING")
iplist = []
queryresult2 = self.client.keys.query(prefix="NDEV")
nbgplist = []
for key in queryresult1:
_name = key.name
_ip = _name.split(':')[1]
iplist.append(_ip)
for key in queryresult2:
_name = key.name
_nname = _name.split(':')[1]
nbgplist.append(_nname)
'''I can't see blue on Windows!. Now we will build a dict for every entry on every device.'''
combinedlist = []
for dev in nbgplist:
for ip in iplist:
combinedlist.append({'device': dev, 'ip': ip})
if combinedlist:
return (True, combinedlist)
return (False)
def run(self, endpoint_uri, **kwargs):
"""Base get action
endpoint_uri is pased from metadata file
"""
if kwargs.get('id', False):
# modify the `endpoint_uri` to use the detail route
endpoint_uri = '{}{}/'.format(endpoint_uri, str(kwargs.pop('id')))
self.logger.debug(
'endpoint_uri transformed to {} because id was passed'.format(
endpoint_uri))
if kwargs.get('save_in_key_store'
) and not kwargs.get('save_in_key_store_key_name'):
return (
False,
'save_in_key_store_key_name MUST be used with save_in_key_store!'
)
result = self.get(endpoint_uri, **kwargs)
if kwargs['save_in_key_store']:
# save the result in the st2 keystore
client = Client(base_url='http://localhost')
key_name = kwargs['save_in_key_store_key_name']
client.keys.update(
KeyValuePair(name=key_name,
value=json.dumps(result),
ttl=kwargs['save_in_key_store_ttl']))
return (True, "Result stored in st2 key {}".format(key_name))
return result
def run(self, action_ref, parameters=None, count=10, concurrency=None):
if not concurrency:
concurrency = count
pool = GreenPool(concurrency)
client = Client()
execution_ids = []
def schedule_action(action_ref, parameters):
execution = LiveAction()
execution.action = action_ref
execution.parameters = parameters
execution = client.liveactions.create(execution)
execution_ids.append(execution.id)
start_timestamp = time.time()
for index in range(0, count):
pool.spawn(schedule_action, action_ref, parameters)
pool.waitall()
end_timestamp = time.time()
delta = (end_timestamp - start_timestamp)
print('Scheduled %s action executions in %ss.' % (count, delta))
def run(
self,
identifier,
identifier_type,
lc_type_id,
additional_changes=None
):
st2client = Client(base_url='http://localhost')
# search st2 datastore for value stored under the lifecycle event id
# in the datastore, the IDs are stored under the format
# lc_{lc event id} so prepend 'lc_'
key = "lc_%s" % lc_type_id
lc_type_name = st2client.keys.get_by_name(name=key)
# add device identifier to payload
payload = {identifier_type: identifier}
# change obj cat with the LC name (as a basic example)
changes = {
"new_object_category": "%s" % (lc_type_name.value),
}
payload.update(changes)
# if additional_changes:
# payload.update(additional_changes)
url = 'device/'
response = self.putAPI(url, payload=payload)
return response
def run(self, deviceIP):
# Fetching device credentials based on keys derived from deviceIP
#################################################################
user_key_name = deviceIP + "_user"
pswd_key_name = deviceIP + "_pswd"
client = Client()
try:
user = (client.keys.get_by_name(user_key_name)).value
pswd = (client.keys.get_by_name(pswd_key_name)).value
except Exception:
return (False, "No credentials for : " + deviceIP)
# Preapring the URL request(s)
#################################################################
h = {
"accept": "application/json",
"content-length": "0"
}
url_base = "https://" + deviceIP
url = url_base + "/rest/conf/"
# Sending the URL call(s)
#################################################################
with warnings.catch_warnings():
warnings.simplefilter("ignore")
r = requests.post(url, auth=(user, pswd), headers=h, verify=False)
if r.status_code == 201:
cmd_path = r.headers["Location"]
cmd_path = cmd_path[0:26]
cmd_path = str(cmd_path)
print(cmd_path[0:26])
else:
return (False, "Failed!")
def run(self,list_subscription_name,list_dbserver_type,subscription_id,client_id,client_tenant):
list_result = list()
for subscription_name in list_subscription_name:
print subscription_name
for dbserver_type in list_dbserver_type:
print dbserver_type
subscriptionid = subscription_id[subscription_name]
client = Client(base_url='http://localhost')
client_secret = client.keys.get_by_name(name='azure_stackstorm_secret', decrypt=True)
credentials = ServicePrincipalCredentials(client_id, client_secret.value, tenant=client_tenant, china=True)
if dbserver_type == "mysql":
dbserverclient = MySQLManagementClient(credentials, subscriptionid, base_url="https://management.chinacloudapi.cn")
if dbserver_type == "postgresql":
dbserverclient = PostgreSQLManagementClient(credentials, subscriptionid, base_url="https://management.chinacloudapi.cn")
if dbserver_type == "sqlserver":
dbserverclient = SqlManagementClient(credentials, subscriptionid, base_url="https://management.chinacloudapi.cn")
list_dict_resgroup_dbserver = self._list_all_dbserverserver(dbserverclient)
num = len(list_dict_resgroup_dbserver)
for n in range(0, num):
dict_resgroup_rules = dict()
list_rule =self._list_firewall_rule(dbserverclient,list_dict_resgroup_dbserver[n]["resource_group"],list_dict_resgroup_dbserver[n]["dbserver_name"])
dict_resgroup_rules["resource_group"] = list_dict_resgroup_dbserver[n]["resource_group"]
dict_resgroup_rules["dbserver_name"] = list_dict_resgroup_dbserver[n]["dbserver_name"]
dict_resgroup_rules["rule_name"] = list_rule
now_time = datetime.datetime.now().strftime("%y-%m-%d")
rule_num = len(dict_resgroup_rules["rule_name"])
for i in range(0, rule_num):
if dict_resgroup_rules["rule_name"][i].split('_')[0] == now_time:
result = self._delete_rule(dbserverclient,dict_resgroup_rules["resource_group"],dict_resgroup_rules["dbserver_name"],dict_resgroup_rules["rule_name"][i])
list_result.append(result)
return (True,list_result)
def handle_evaluate():
data = request.json or request.form
if data is None:
return json_error_response(
"yaml and yaql_expression are missing in request body")
if not "yaql_expression" in data:
return json_error_response("yaql_expression is missing")
if not "yaml" in data:
return json_error_response("yaml is missing")
if data['st2_host'] and data['st2_key'] and data['st2_execution']:
from st2client.client import Client
import json
try:
client = Client(api_url=data['st2_host'] + '/api/v1',
api_key=data['st2_key'])
execution = client.liveactions.get_by_id(data['st2_execution'])
payload = execution.result
except Exception as e:
return json_error_response(str(e))
else:
payload = data['yaml']
return invoke(yaqluator.evaluate, {
"expression": data["yaql_expression"],
"data": payload
})
def run(self, deviceIP):
# Fetching device credentials based on keys derived from deviceIP
#################################################################
user_key_name = deviceIP + "_user"
pswd_key_name = deviceIP + "_pswd"
print("\n")
print(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
print("Looking for credentials in KV store")
client = Client()
try:
user = (client.keys.get_by_name(user_key_name)).value
pswd = (client.keys.get_by_name(pswd_key_name)).value
print(" Obtained from KV store: user = "******" Obtained from KV store: pswd = " + pswd)
except Exception:
return (False, "No credentials for : " + deviceIP)
# Preapring the URL request(s)
#################################################################
h = {"accept": "application/json", "content-length": "0"}
url_base = "https://" + deviceIP + "/rest/op/"
url = url_base + "show/vpn/ike/sa"
# Sending the URL call(s)
#################################################################
print("Sending REST call(s):")
print(" POST " + url)
with warnings.catch_warnings():
warnings.simplefilter("ignore")
r = requests.post(url, auth=(user, pswd), headers=h, verify=False)
r_code = str(r.status_code)
print(" Response code: " + r_code)
r_code = int(r.status_code)
if r_code != 201:
return (False, r_code)
else:
cmd_path = r.headers["Location"]
url = "https://" + deviceIP + "/" + cmd_path
print(" GET " + url)
with warnings.catch_warnings():
warnings.simplefilter("ignore")
r2 = requests.get(url,
auth=(user, pswd),
headers=h,
verify=False)
r2_code = str(r2.status_code)
print(" Response code: " + r2_code)
print(
">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
r2_code = int(r2.status_code)
if r2_code != 200:
return (False, r2_code)
else:
try:
print("\n")
print(r2.text)
except Exception:
print(" Response body: empty")
def run(self, key, action, st2host='localhost', value=""):
try:
client = Client()
except Exception as e:
return e
if action == 'get':
kvp = client.keys.get_by_name(key)
if not kvp:
raise Exception('Key error with %s.' % key)
return kvp.value
else:
instance = client.keys.get_by_name(key) or KeyValuePair()
instance.id = key
instance.name = key
instance.value = value
kvp = client.keys.update(instance) if action in [
'create', 'update'
] else None
if action == 'delete':
return kvp
else:
return kvp.serialize()
def run(self, user, url):
client = Client()
gitorgs = client.keys.get_by_name(name='git-orgs', decrypt=True)
if gitorgs:
dict = json.loads(gitorgs.value)
else:
dict = {}
user = user.strip()
url = url.strip()
key = user + '|' + url
if key in dict:
org = dict[key]
del dict[key]
gitorgs = json.dumps(dict)
client.keys.update(
KeyValuePair(name='git-orgs', value=gitorgs, secret=True))
return list((key, filter_org(org)))
return False
def __init__(self, config):
super(SessionAction, self).__init__(config)
#self._username = self.config['username']
#self._password = self.config['password']
#self._enable_username = self.config['enable_username']
#self._enable_password = self.config['enable_password']
# Get Encryption Setup and Key
is_encryption_enabled = cfg.CONF.keyvalue.enable_encryption
if is_encryption_enabled:
crypto_key_path = cfg.CONF.keyvalue.encryption_key_path
with open(crypto_key_path) as key_file:
crypto_key = AesKey.Read(key_file.read())
# Retrieve and decrypt values
client = Client(base_url='http://localhost')
key = client.keys.get_by_name('campus_ztp.username')
if key:
self._username = key.value
key = client.keys.get_by_name('campus_ztp.password')
if key:
self._password = symmetric_decrypt(crypto_key, key.value)
key = client.keys.get_by_name('campus_ztp.enable_username')
if key:
self._enable_username = key.value
key = client.keys.get_by_name('campus_ztp.enable_password')
if key:
self._enable_password = symmetric_decrypt(crypto_key, key.value)
def run(self, deviceIP, cmd_path, neighborIP, localAS, remoteAS):
cmd_path = cmd_path[:26]
localAS = str(localAS)
remoteAS = str(remoteAS)
# Fetching device credentials based on keys derived from deviceIP
#################################################################
user_key_name = deviceIP + "_user"
pswd_key_name = deviceIP + "_pswd"
print("\n")
print(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
print("Looking for credentials in KV store")
client = Client()
try:
user = (client.keys.get_by_name(user_key_name)).value
pswd = (client.keys.get_by_name(pswd_key_name)).value
print(" Obtained from KV store: user = "******" Obtained from KV store: pswd = " + pswd)
except Exception:
return (False, "No credentials for : " + deviceIP)
# Preapring the URL request(s)
#################################################################
h = {"accept": "application/json", "content-length": "0"}
url_list = list()
url_0 = "https://" + deviceIP + "/" + cmd_path
url_1 = "/set/protocols/bgp/" + localAS
url_2 = "/neighbor/" + neighborIP
url = url_0 + url_1 + url_2 + "/remote-as/" + remoteAS
url_list.append(url)
url = url_0 + url_1 + url_2 + "/address-family/ipv4-unicast"
url_list.append(url)
# Sending the URL call(s)
#################################################################
print("Sending REST call(s):")
for u in url_list:
with warnings.catch_warnings():
warnings.simplefilter("ignore")
print(" PUT " + u)
r = requests.put(u, auth=(user, pswd), headers=h, verify=False)
r_code = str(r.status_code)
print(" Response code: " + r_code)
cmd_response_code = int(r.status_code)
if cmd_response_code != 200:
return (False, cmd_response_code)
else:
try:
data = json.loads(r.text)
print(" Response body: ")
print(json.dumps(data, sort_keys=True, indent=4))
except Exception:
print(" Response body: empty")
print(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
def test_args_base_only(self):
base_url = 'http://www.stackstorm.com'
api_url = 'http://www.stackstorm.com:9101/v1'
client = Client(base_url=base_url)
endpoints = client.endpoints
self.assertEqual(endpoints['base'], base_url)
self.assertEqual(endpoints['api'], api_url)
def test_default(self):
base_url = 'http://localhost'
api_url = 'http://localhost:9101/v1'
client = Client()
endpoints = client.endpoints
self.assertEqual(endpoints['base'], base_url)
self.assertEqual(endpoints['api'], api_url)
def test_get_cached_auth_token_invalid_permissions(self):
shell = Shell()
client = Client()
username = '******'
password = '******'
cached_token_path = shell._get_cached_token_path_for_user(username=username)
data = {
'token': 'yayvalid',
'expire_timestamp': (int(time.time()) + 20)
}
with open(cached_token_path, 'w') as fp:
fp.write(json.dumps(data))
# 1. Current user doesn't have read access to the config directory
os.chmod(self._mock_config_directory_path, 0o000)
shell.LOG = mock.Mock()
result = shell._get_cached_auth_token(client=client, username=username,
password=password)
self.assertEqual(result, None)
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = ('Unable to retrieve cached token from .*? read access to the parent '
'directory')
self.assertRegexpMatches(log_message, expected_msg)
# 2. Read access on the directory, but not on the cached token file
os.chmod(self._mock_config_directory_path, 0o777) # nosec
os.chmod(cached_token_path, 0o000)
shell.LOG = mock.Mock()
result = shell._get_cached_auth_token(client=client, username=username,
password=password)
self.assertEqual(result, None)
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = ('Unable to retrieve cached token from .*? read access to this file')
self.assertRegexpMatches(log_message, expected_msg)
# 3. Other users also have read access to the file
os.chmod(self._mock_config_directory_path, 0o777) # nosec
os.chmod(cached_token_path, 0o444)
shell.LOG = mock.Mock()
result = shell._get_cached_auth_token(client=client, username=username,
password=password)
self.assertEqual(result, 'yayvalid')
self.assertEqual(shell.LOG.warn.call_count, 1)
log_message = shell.LOG.warn.call_args[0][0]
expected_msg = ('Permissions .*? for cached token file .*? are too permissive.*')
self.assertRegexpMatches(log_message, expected_msg)
def encrypt_password(self, input_token, log_file=True):
self.print_log("Encrypt xmc password...", log_file)
st2_client = Client(api_url='https://{0}/api'.format(self.st2ip),
token=input_token)
st2_client.keys.update(
KeyValuePair(name=XMC_KEY_NAME,
value=self.xmcpassword,
secret=True))
def run(self, deviceIP, cmd_path, localAS, prefix):
cmd_path = cmd_path[:26]
# Fetching device credentials based on keys derived from deviceIP
#################################################################
user_key_name = deviceIP + "_user"
pswd_key_name = deviceIP + "_pswd"
print "\n"
print ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
print "Looking for credentials in KV store"
client = Client()
try:
user = (client.keys.get_by_name(user_key_name)).value
pswd = (client.keys.get_by_name(pswd_key_name)).value
print " Obtained from KV store: user = "******" Obtained from KV store: pswd = " + pswd
except:
return (False, "No credentials for : " + deviceIP)
# Preapring the URL request(s)
#################################################################
h = {
"accept": "application/json",
"content-length": "0"
}
url_list = list()
for subnet in prefix:
subnet = subnet.replace("/", "%2F")
url_0 = "https://" + deviceIP + "/" + cmd_path
url_1 = "/set/protocols/bgp/" + str(localAS)
url_2 = "/address-family/ipv4-unicast/network/" + subnet
url = url_0 + url_1 + url_2
url_list.append(url)
# Sending the URL call(s)
#################################################################
print "Sending REST call(s):"
for u in url_list:
with warnings.catch_warnings():
warnings.simplefilter("ignore")
print " PUT " + u
r = requests.put(u, auth=(user, pswd), headers=h, verify=False)
r_code = str(r.status_code)
print " Response code: " + r_code
cmd_response_code = int(r.status_code)
if cmd_response_code != 200:
return (False, cmd_response_code)
else:
try:
data = json.loads(r.text)
print " Response body: "
print json.dumps(data, sort_keys=True, indent=4)
except:
print " Response body: empty"
print ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
def test_get_cached_auth_token_no_token_cache_file(self):
client = Client()
shell = Shell()
username = '******'
password = '******'
result = shell._get_cached_auth_token(client=client, username=username,
password=password)
self.assertEqual(result, None)
def run(self, application_name):
client = Client(base_url='http://localhost')
keys = client.keys.get_all()
asg = ""
for key in keys:
if ('asg' in key.name) and (key.value == application_name):
asg = key.name.split('.')[1]
return asg
def test_args_base_only(self):
base_url = "http://www.stackstorm.com"
api_url = "http://www.stackstorm.com:9101/v1"
stream_url = "http://www.stackstorm.com:9102/v1"
client = Client(base_url=base_url)
endpoints = client.endpoints
self.assertEqual(endpoints["base"], base_url)
self.assertEqual(endpoints["api"], api_url)
self.assertEqual(endpoints["stream"], stream_url)
def test_default(self):
base_url = 'http://127.0.0.1'
api_url = 'http://127.0.0.1:9101/v1'
stream_url = 'http://127.0.0.1:9102/v1'
client = Client()
endpoints = client.endpoints
self.assertEqual(endpoints['base'], base_url)
self.assertEqual(endpoints['api'], api_url)
self.assertEqual(endpoints['stream'], stream_url)
def test_default(self):
base_url = "http://127.0.0.1"
api_url = "http://127.0.0.1:9101/v1"
stream_url = "http://127.0.0.1:9102/v1"
client = Client()
endpoints = client.endpoints
self.assertEqual(endpoints["base"], base_url)
self.assertEqual(endpoints["api"], api_url)
self.assertEqual(endpoints["stream"], stream_url)
def run(self, ns, key, value):
"""
Entry into the action script
"""
client = Client(base_url='http://localhost')
keyname = ns + "." + key
client.keys.update(KeyValuePair(name=keyname, value=value))
def get_client(self, args, debug=False):
ST2_CLI_SKIP_CONFIG = os.environ.get('ST2_CLI_SKIP_CONFIG', 0)
ST2_CLI_SKIP_CONFIG = int(ST2_CLI_SKIP_CONFIG)
skip_config = args.skip_config
skip_config = skip_config or ST2_CLI_SKIP_CONFIG
# Note: Options provided as the CLI argument have the highest precedence
# Precedence order: cli arguments > environment variables > rc file variables
cli_options = ['base_url', 'auth_url', 'api_url', 'api_version', 'cacert']
cli_options = {opt: getattr(args, opt) for opt in cli_options}
config_file_options = self._get_config_file_options(args=args)
kwargs = {}
if not skip_config:
# Config parsing is skipped
kwargs = merge_dicts(kwargs, config_file_options)
kwargs = merge_dicts(kwargs, cli_options)
kwargs['debug'] = debug
client = Client(**kwargs)
if ST2_CLI_SKIP_CONFIG:
# Config parsing is skipped
LOG.info('Skipping parsing CLI config')
return client
# If credentials are provided in the CLI config use them and try to authenticate
rc_config = self._parse_config_file(args=args)
credentials = rc_config.get('credentials', {})
username = credentials.get('username', None)
password = credentials.get('password', None)
cache_token = rc_config.get('cli', {}).get('cache_token', False)
if username and password:
# Credentials are provided, try to authenticate agaist the API
try:
token = self._get_auth_token(client=client, username=username, password=password,
cache_token=cache_token)
except requests.exceptions.ConnectionError as e:
LOG.warn('API server is not available, skipping authentication.')
LOG.exception(e)
return client
except Exception as e:
print('Failed to authenticate with credentials provided in the config.')
raise e
client.token = token
# TODO: Hack, refactor when splitting out the client
os.environ['ST2_AUTH_TOKEN'] = token
return client
def __init__(self, config):
super(FormatResultAction, self).__init__(config)
api_url = os.environ.get('ST2_ACTION_API_URL', None)
token = os.environ.get('ST2_ACTION_AUTH_TOKEN', None)
self.client = Client(api_url=api_url, token=token)
self.jinja = jinja_utils.get_jinja_environment()
self.jinja.tests['in'] = lambda item, list: item in list
path = os.path.dirname(os.path.realpath(__file__))
with open(os.path.join(path, 'templates/default.j2'), 'r') as f:
self.default_template = f.read()
def __init__(self, config=None, action_service=None):
super(FormatResultAction, self).__init__(config=config,
action_service=action_service)
api_url = os.environ.get('ST2_ACTION_API_URL', None)
token = os.environ.get('ST2_ACTION_AUTH_TOKEN', None)
self.client = Client(api_url=api_url, token=token)
self.jinja = jinja_utils.get_jinja_environment(allow_undefined=True)
self.jinja.tests['in'] = lambda item, list: item in list
