def require_auth_token(roles=[]):
"""
Function that validates an authentication token in a flask request context.
If any roles are provided, the token holder must have *at least one* of the roles.
Raises some exception if any auth requirement is not met.
"""
config = get_config()
if not flask.request.headers.get('Authorization'):
# No authorization token was provided in the headers
raise MissingHeader('Authorization')
token = get_auth_header()
# Make an authorization request to the kbase auth2 server
headers = {'Authorization': token}
auth_url = config['auth_url'] + '/api/V2/me'
auth_resp = requests.get(auth_url, headers=headers)
if not auth_resp.ok:
print('-' * 80)
print(auth_resp.text)
raise UnauthorizedAccess(config['auth_url'], auth_resp.text)
auth_json = auth_resp.json()
if len(roles):
check_roles(required=roles,
given=auth_json['customroles'],
auth_url=config['auth_url'])
def setUpClass(cls):
cls.maxDiff = None
cls.config = get_config()
cls.repo_path = cls.config['spec_paths']['root']
for key in cls.config['spec_paths'].keys():
if cls.repo_path in cls.config['spec_paths'][key]:
cls.config['spec_paths'][key] = cls.config['spec_paths'][key].replace(
cls.repo_path,
_BASE_DIR
)
def show_config():
"""Show public config data."""
conf = config.get_config()
return flask.jsonify({
'auth_url': conf['auth_url'],
'workspace_url': conf['workspace_url'],
'kbase_endpoint': conf['kbase_endpoint'],
'db_url': conf['db_url'],
'db_name': conf['db_name'],
'spec_url': conf['spec_url']
})
def setUpClass(cls):
cls.test_dir = os_path.join('/app', 'relation_engine_server', 'test')
cls.test_spec_dir = os_path.join(cls.test_dir, 'spec_release',
'sample_spec_release', 'spec')
cls.config = get_config()
cls.repo_path = cls.config['spec_paths']['root']
for key in cls.config['spec_paths'].keys():
if cls.repo_path in cls.config['spec_paths'][key]:
cls.config['spec_paths'][key] = cls.config['spec_paths'][
key].replace(cls.repo_path, cls.test_spec_dir)
def get_workspace_ids(auth_token):
"""Get a list of workspace IDs that the given username is allowed to access in
the workspace."""
if not auth_token:
return [] # anonymous users
config = get_config()
ws_url = config['workspace_url']
# Make an admin request to the workspace (command is 'listWorkspaceIds')
payload = {
'method': 'Workspace.list_workspace_ids',
'version': '1.1',
'params': [{
'perm': 'r'
}]
}
headers = {'Authorization': auth_token}
resp = requests.post(ws_url, data=json.dumps(payload), headers=headers)
if not resp.ok:
raise UnauthorizedAccess(ws_url, resp.text)
return resp.json()['result'][0]['workspaces']
"""
Block until all dependent services come online.
"""
import requests
import time
import sys
from relation_engine_server.utils.config import get_config
_CONF = get_config()
def wait_for_service(service_list):
'''wait for a service or list of services to start up'''
timeout = int(time.time()) + 60
service_conf_list = [get_service_conf(s) for s in service_list]
while True:
try:
for service in service_conf_list:
name = service['name']
url = service['url']
if service['auth'] is not None:
requests.get(service['url'],
auth=service['auth']).raise_for_status()
else:
# auth and workspace both return 500, so don't raise_for_status
requests.get(service['url'])
break
except Exception:
print(f"Waiting for {name} to start...")