def authorize_console(self, context, token, console_type, host, port,
internal_access_path, instance_uuid):
token_dict = {'token': token,
'instance_uuid': instance_uuid,
'console_type': console_type,
'host': host,
'port': port,
'internal_access_path': internal_access_path,
'last_activity_at': time.time()}
data = jsonutils.dumps(token_dict)
# We need to log the warning message if the token is not cached
# successfully, because the failure will cause the console for
# instance to not be usable.
if not self.mc.set(token.encode('UTF-8'),
data, CONF.console_token_ttl):
LOG.warning(_LW("Token: %(token)s failed to save into memcached."),
{'token': HWExtend.b64encodeToken(token)})
tokens = self._get_tokens_for_instance(instance_uuid)
# Remove the expired tokens from cache.
for tok in tokens:
token_str = self.mc.get(tok.encode('UTF-8'))
if not token_str:
tokens.remove(tok)
tokens.append(token)
if not self.mc.set(instance_uuid.encode('UTF-8'),
jsonutils.dumps(tokens)):
LOG.warning(_LW("Instance: %(instance_uuid)s failed to save "
"into memcached"),
{'instance_uuid': instance_uuid})
token = HWExtend.b64encodeToken(token)
token_dict['token'] = token
LOG.audit(_("Received Token: %(token)s, %(token_dict)s"),
{'token': token, 'token_dict': token_dict})
def check_token(self, context, token):
token_str = self.mc.get(token.encode('UTF-8'))
token_valid = (token_str is not None)
LOG.audit(_("Checking Token: %(token)s, %(token_valid)s"),
{'token': HWExtend.b64encodeToken(token), 'token_valid': token_valid})
if token_valid:
token = jsonutils.loads(token_str)
if self._validate_token(context, token):
return token
def __call__(self, request):
now = timeutils.utcnow()
reqBody = "-"
heartBeatLog = False
if 'xml' in str(request.content_type) or 'json' in str(
request.content_type):
if request.content_length is not None and request.content_length < 10240:
reqBody = str(request.body) or '-'
if HWExtend.hasSensitiveStr(reqBody):
reqBody = '-'
reqBody = h_utils._filter_sensitive_data(reqBody)
data = {
'remote_addr': request.remote_addr,
'remote_user': request.remote_user or '-',
'token_id': "None",
'request_datetime': '%s' % now.strftime(APACHE_TIME_FORMAT),
'response_datetime': '%s' % now.strftime(APACHE_TIME_FORMAT),
'method': request.method,
'url': request.url,
'http_version': request.http_version,
'status': 500,
'content_length': '-',
'request_body': reqBody,
'instance_id': '-'
}
token = ''
try:
token = request.headers['X-Auth-Token']
token = HWExtend.b64encodeToken(token)
except:
token = "-"
try:
response = request.get_response(self.application)
data['status'] = response.status_int
data['content_length'] = response.content_length or '-'
finally:
# must be calculated *after* the application has been called
now = timeutils.utcnow()
data['token_id'] = token
if "GET" in data['method'] and "/tokens/" in data['url']:
Pos = data['url'].find("tokens") + 7
logToken = data['url'][Pos:Pos + 32]
encodedToken = HWExtend.b64encodeToken(logToken)
data['url'] = data['url'].replace(logToken, encodedToken)
elif "POST" in data['method'] and data['url'].endswith("/servers"):
if int(data['status']) < 400:
try:
resp_body = json.loads(response.body)
vm_server = resp_body.get('server', None)
if vm_server is not None:
instance_id = vm_server.get('id', None)
if instance_id is not None:
data['instance_id'] = instance_id
except Exception:
pass
elif "OPTIONS" in data['method'] and data['url'].endswith(
":%s/" % self.port):
heartBeatLog = True
if heartBeatLog != True:
#timeutils may not return UTC, so we can't hardcode +0000
data['response_datetime'] = '%s' % (
now.strftime(APACHE_TIME_FORMAT))
log.info(DRM_LOG_FORMAT % data, extra={"type": "operate"})
return response
def __call__(self, request):
now = timeutils.utcnow()
reqBody = "-"
heartBeatLog = False
if 'xml' in str(request.content_type) or 'json' in str(request.content_type):
if request.content_length is not None and request.content_length < 10240:
reqBody = str(request.body) or '-'
if HWExtend.hasSensitiveStr(reqBody):
reqBody = '-'
reqBody = h_utils._filter_sensitive_data(reqBody)
data = {
'remote_addr': request.remote_addr,
'remote_user': request.remote_user or '-',
'token_id':"None",
'request_datetime':'%s' % now.strftime(APACHE_TIME_FORMAT),
'response_datetime':'%s' % now.strftime(APACHE_TIME_FORMAT),
'method': request.method,
'url': request.url,
'http_version': request.http_version,
'status': 500,
'content_length': '-',
'request_body':reqBody,
'instance_id':'-'}
token = ''
try:
token = request.headers['X-Auth-Token']
token = HWExtend.b64encodeToken(token)
except:
token = "-"
try:
response = request.get_response(self.application)
data['status'] = response.status_int
data['content_length'] = response.content_length or '-'
finally:
# must be calculated *after* the application has been called
now = timeutils.utcnow()
data['token_id'] = token
if "GET" in data['method'] and "/tokens/" in data['url']:
Pos = data['url'].find("tokens") + 7
logToken = data['url'][Pos:Pos+32]
encodedToken = HWExtend.b64encodeToken(logToken)
data['url'] = data['url'].replace(logToken,encodedToken)
elif "POST" in data['method'] and data['url'].endswith("/servers"):
if int(data['status']) < 400:
try:
resp_body = json.loads(response.body)
vm_server = resp_body.get('server', None)
if vm_server is not None:
instance_id = vm_server.get('id', None)
if instance_id is not None:
data['instance_id'] = instance_id
except Exception:
pass
elif "OPTIONS" in data['method'] and data['url'].endswith(":%s/" % self.port):
heartBeatLog = True
if heartBeatLog != True:
#timeutils may not return UTC, so we can't hardcode +0000
data['response_datetime'] = '%s' % (now.strftime(APACHE_TIME_FORMAT))
log.info(DRM_LOG_FORMAT % data, extra={"type":"operate"})
return response