def _get_dcostoken_by_post_with_creds(dcos_url, creds): """ Get DC/OS Authentication token by POST to `acs/api/v1/auth/login` with specific credentials. Credentials can be uid/password for username/password authentication, OIDC ID token for implicit OIDC flow (used for open DC/OS), or uid/token for service accounts (where token is a jwt token encoded with private key). :param dcos_url: url to cluster :type dcos_url: str :param creds: credentials to login endpoint :type creds: {} :returns: DC/OS Authentication Token :rtype: str """ url = dcos_url.rstrip('/') + '/acs/api/v1/auth/login' response = http._request('post', url, json=creds) token = None if response.status_code == 200: token = response.json()['token'] config.set_val("core.dcos_acs_token", token) return token
def header_challenge_auth(dcos_url): """ Triggers authentication using scheme specified in www-authenticate header. Raises exception if authentication fails. :param dcos_url: url to cluster :type dcos_url: str :rtype: None """ # hit protected endpoint which will prompt for auth if cluster has auth endpoint = '/pkgpanda/active.buildinfo.full.json' url = urllib.parse.urljoin(dcos_url, endpoint) response = http._request('HEAD', url) auth_scheme = _get_auth_scheme(response) for _ in range(3): if response.status_code == 401: # this header claims the cluster is open DC/OS 1.7, 1.8 or 1.9 # and supports OIDC implicit auth if auth_scheme == "oauthjwt": token = _get_dcostoken_by_oidc_implicit_flow(dcos_url) # auth_scheme == "acsjwt" # this header claims the cluster is enterprise DC/OS 1.7, 1.8 or # 1.9 and supports username/pawword auth else: token = _get_dcostoken_by_dcos_uid_password_auth(dcos_url) if token is not None: break elif response.status_code == 200: break else: raise DCOSAuthenticationException(response)
def browser_prompt_auth(dcos_url, provider_info): """ Get DC/OS Authentication token by browser prompt :param dcos_url: url to cluster :type dcos_url: str :param provider_info: info about provider to auth with :param provider_info: str :rtype: None """ start_flow_url = provider_info["config"]["start_flow_url"].lstrip('/') if not urlparse(start_flow_url).netloc: start_flow_url = dcos_url.rstrip('/') + start_flow_url dcos_token = _prompt_user_for_token(start_flow_url, "DC/OS Authentication Token") # verify token endpoint = '/pkgpanda/active.buildinfo.full.json' url = urllib.parse.urljoin(dcos_url, endpoint) response = http._request('HEAD', url, auth=http.DCOSAcsAuth(dcos_token)) if response.status_code in [200, 403]: config.set_val("core.dcos_acs_token", dcos_token) else: raise DCOSException("Authentication failed")
def header_challenge_auth(dcos_url): """ Triggers authentication using scheme specified in www-authenticate header. Raises exception if authentication fails. :param dcos_url: url to cluster :type dcos_url: str :rtype: None """ # hit protected endpoint which will prompt for auth if cluster has auth endpoint = '/pkgpanda/active.buildinfo.full.json' url = urllib.parse.urljoin(dcos_url, endpoint) response = http._request('HEAD', url) auth_scheme = _get_auth_scheme(response) for _ in range(3): if response.status_code == 401: # this header claims the cluster is open DC/OS 1.7, 1.8 or 1.9 # and supports OIDC implicit auth if auth_scheme == "oauthjwt": token = _get_dcostoken_by_oidc_implicit_flow(dcos_url) # auth_scheme == "acsjwt" # this header claims the cluster is enterprise DC/OS 1.7, 1.8 or # 1.9 and supports username/pawword auth else: token = _get_dcostoken_by_dcos_uid_password_auth(dcos_url) if token is not None: response.status_code = 200 break else: raise DCOSAuthenticationException(response)
def browser_prompt_auth(dcos_url, provider_info): """ Get DC/OS Authentication token by browser prompt :param dcos_url: url to cluster :type dcos_url: str :param provider_info: info about provider to auth with :param provider_info: str :rtype: None """ start_flow_url = provider_info["config"]["start_flow_url"].lstrip('/') if not urlparse(start_flow_url).netloc: start_flow_url = dcos_url.rstrip('/') + start_flow_url dcos_token = _prompt_user_for_token( start_flow_url, "DC/OS Authentication Token") # verify token endpoint = '/pkgpanda/active.buildinfo.full.json' url = urllib.parse.urljoin(dcos_url, endpoint) response = http._request('HEAD', url, auth=http.DCOSAcsAuth(dcos_token)) if response.status_code in [200, 403]: config.set_val("core.dcos_acs_token", dcos_token) else: raise DCOSException("Authentication failed")