def check_login(fn, self, *a, **kw):
session_key = cherrypy.session.get('sessionKey', None)
is_api = util.is_api()
if not session_key:
logger.info(
'require_login - no splunkd sessionKey variable set; cherrypy_session=%s request_path=%s'
% (cherrypy.session.id, cherrypy.request.path_info))
logger.debug('require_login - cookie request header: %s' %
unicode(cherrypy.request.cookie))
logger.debug('require_login - cookie response header: %s' %
unicode(cherrypy.response.cookie))
if is_api or util.is_xhr():
logger.info(
'require_login - is api/XHR request, raising 401 status')
raise cherrypy.HTTPError(401)
else:
logger.info('require_login - redirecting to login')
self.redirect_to_url('/account/login',
_qs=[('return_to',
util.current_url_path())])
try:
return fn(self, *a, **kw)
except splunk.AuthenticationFailed:
logger.info('sessionKey rejected by splunkd')
cherrypy.session.delete()
if is_api or util.is_xhr():
raise cherrypy.HTTPError(401)
else:
self.redirect_to_url('/account/login',
_qs=[('return_to',
util.current_url_path())])
def submitPrincipal(self, config, action, **kwargs):
'''
add configuration for a single principal used with a cluster's kerberos
'''
app = cherrypy.request.path_info.split('/')[3]
user = cherrypy.session['user']['name']
id = kwargs.pop('id', None)
try:
principal = Principal.get(id)
principal.update(kwargs)
# Change the owner to nobody, so that REST call will be made to /servicesNS/nobody/HadoopConnect/...
# instead of /servicesNS/admin/HadoopConnect/... or /servicesNS/<owner>/HadoopConnect/...
if principal.entity and principal.entity.owner:
principal.entity.owner = 'nobody'
except:
principal = Principal(app, user, **kwargs)
if principal.passive_save():
if app_util.is_xhr():
cherrypy.response.status = 200
return ""
else:
raise cherrypy.HTTPRedirect(
self.make_url(['app', app, 'config_clusters']), 303)
else:
if app_util.is_xhr():
cherrypy.response.status = 404
return self.render_template(
'/%s:/templates/add_principal.html' % app,
dict(form_content='fomasdafe', app=app, principal=principal))
def submit(self, action, **kwargs):
'''Accept data to setup the Splunk HDFS app'''
app = cherrypy.request.path_info.split('/')[3]
user = cherrypy.session['user']['name']
#remove the csrf protection...(perhaps this should be done for us?
del kwargs['splunk_form_key']
#TODO make this a lib function or static method on the model and replace this and the one in the defaultExports.saveJob
keys = kwargs.keys()
partitions = []
for k in keys:
if k.startswith(
'partition_'
): # and splunk.util.normalizeBoolean(kwargs.get(k, 'f')):
partitions.append(k[len('partition_'):])
del kwargs[k]
kwargs['partition_fields'] = ','.join(
partitions) if len(partitions) > 0 else 'None'
kwargs['search'] = 'This should not get saved'
defaultExport = HDFSExport(app, user, 'default', **kwargs)
defaultExport.metadata.sharing = 'app'
defaultExport.metadata.owner = 'nobody'
defaultExport.metadata.app = app
logger.info("Submitted setup form with params: %s" % kwargs)
if defaultExport.passive_save():
if app_util.is_xhr():
cherrypy.response.status = 200
return ""
raise cherrypy.HTTPRedirect(
self.make_url(['app', app, 'config_clusters']), 303)
if app_util.is_xhr():
cherrypy.response.status = 404
return self.render_template(
'/%s:/templates/export_defaults.html' % app,
dict(form_content='fomasdafe',
app=app,
defaultExport=defaultExport))
def check(fn, self, *a, **kw):
is_api = util.is_api()
request = cherrypy.request
if not handle_api and is_api:
raise RequestRefused(404)
if handle_api is ONLY_API and not is_api:
raise RequestRefused(404)
_methods = methods
if _methods:
if isinstance(_methods, basestring):
_methods = [ _methods ]
if request.method not in _methods:
raise RequestRefused(405)
# verify that version info is good; do it here so that any URI access
# will trigger the check
startup.initVersionInfo()
# add a convenience property to all request objects to get at the
# current relative URI
request.relative_uri = request.path_info + (('?' + request.query_string) if request.query_string else '')
if cherrypy.config.get('root_endpoint') not in ['/', None, '']:
request.relative_uri = cherrypy.config.get('root_endpoint') + request.relative_uri
# CSRF protection
# Disable in tests by setting cherrypy.config.update({'environment': 'test_suite'})
if verify_session and request.method == 'POST' and not cherrypy.config.get('environment') == 'test_suite':
is_xhr = util.is_xhr()
form_key = request.headers.get('X-Splunk-Form-Key') if is_xhr else request.params.get('splunk_form_key')
# verify that the incoming form key matches server's version
if not util.isValidFormKey(form_key):
if is_xhr:
logger.warn('CSRF: validation failed because client XHR did not include proper header')
else:
logger.warn('CSRF: validation failed because HTTP POST did not include expected parameter')
if must_login:
if is_xhr:
raise cherrypy.HTTPError(401, _('Splunk cannot authenticate the request. CSRF validation failed.'))
else:
return self.redirect_to_url('/account/login', _qs=[ ('return_to', util.current_url_path()) ] )
logger.warn('CSRF: skipping 401 redirect response because endpoint did not request protection')
# basic input cleansing
if trim_spaces:
for key, value in kw.iteritems():
if isinstance(value, basestring):
kw[key] = value.strip()
if kw[key] != value:
logger.debug('Leading/trailing whitespaces were trimmed in "%s" argument' % key)
return fn(self, *a, **kw)
def check_login(fn, self, *a, **kw):
session_key = cherrypy.session.get('sessionKey', None)
is_api = util.is_api()
if not session_key:
logger.info('require_login - no splunkd sessionKey variable set; cherrypy_session=%s request_path=%s' % (cherrypy.session.id, cherrypy.request.path_info))
logger.debug('require_login - cookie request header: %s' % unicode(cherrypy.request.cookie))
logger.debug('require_login - cookie response header: %s' % unicode(cherrypy.response.cookie))
if is_api or util.is_xhr():
logger.info('require_login - is api/XHR request, raising 401 status')
raise cherrypy.HTTPError(401)
else:
logger.info('require_login - redirecting to login')
self.redirect_to_url('/account/login', _qs=[ ('return_to', util.current_url_path()) ] )
try:
return fn(self, *a, **kw)
except splunk.AuthenticationFailed:
logger.info('sessionKey rejected by splunkd')
cherrypy.session.delete()
if is_api or util.is_xhr():
raise cherrypy.HTTPError(401)
else:
self.redirect_to_url('/account/login', _qs=[ ('return_to', util.current_url_path()) ] )
def check(fn, self, *a, **kw):
is_api = util.is_api()
request = cherrypy.request
if not handle_api and is_api:
raise RequestRefused(404)
if handle_api is ONLY_API and not is_api:
raise RequestRefused(404)
_methods = methods
if _methods:
if isinstance(_methods, basestring):
_methods = [_methods]
if request.method not in _methods:
raise RequestRefused(405)
# verify that version info is good; do it here so that any URI access
# will trigger the check
startup.initVersionInfo()
# add a convenience property to all request objects to get at the
# current relative URI
request.relative_uri = request.path_info + (
('?' + request.query_string) if request.query_string else '')
if cherrypy.config.get('root_endpoint') not in ['/', None, '']:
request.relative_uri = cherrypy.config.get(
'root_endpoint') + request.relative_uri
# CSRF protection
# Disable in tests by setting cherrypy.config.update({'environment': 'test_suite'})
if verify_session and request.method == 'POST' and not cherrypy.config.get(
'environment') == 'test_suite':
is_xhr = util.is_xhr()
form_key = request.headers.get(
'X-Splunk-Form-Key') if is_xhr else request.params.get(
'splunk_form_key')
# verify that the incoming form key matches server's version
if not util.isValidFormKey(form_key):
if is_xhr:
logger.warn(
'CSRF: validation failed because client XHR did not include proper header'
)
else:
logger.warn(
'CSRF: validation failed because HTTP POST did not include expected parameter'
)
if must_login:
if is_xhr:
raise cherrypy.HTTPError(
401,
_('Splunk cannot authenticate the request. CSRF validation failed.'
))
else:
return self.redirect_to_url(
'/account/login',
_qs=[('return_to', util.current_url_path())])
logger.warn(
'CSRF: skipping 401 redirect response because endpoint did not request protection'
)
# basic input cleansing
if trim_spaces:
for key, value in kw.iteritems():
if isinstance(value, basestring):
kw[key] = value.strip()
if kw[key] != value:
logger.debug(
'Leading/trailing whitespaces were trimmed in "%s" argument'
% key)
return fn(self, *a, **kw)
def submitCluster(self, config, action, **kwargs):
'''add configuration for a single HDFS cluster'''
app = cherrypy.request.path_info.split('/')[3]
user = cherrypy.session['user']['name']
errors = []
if kwargs.get('secure', 0):
#TODO: verify service principal is provided
if kwargs.get('kerberos_principal') == 'add':
principal = Principal(
app, user, **{
'name': kwargs.get('principal_name'),
'keytab_path': kwargs.get('principal_keytab_location')
})
if principal.passive_save():
kwargs['kerberos_principal'] = kwargs.get('principal_name')
else:
errors += principal.errors
else:
if kwargs.get('kerberos_principal'):
kwargs['kerberos_principal'] = ''
if kwargs.get('kerberos_service_principal'):
kwargs['kerberos_service_principal'] = ''
id = kwargs.pop('id', None)
type = kwargs.pop('type', None)
if type == 'remote':
kwargs['uri'] = 'hdfs://%s' % kwargs.get(
'name') if 'name' in kwargs else None
elif type == 'local':
kwargs['uri'] = 'file://%s' % kwargs.pop('local_mount')
else:
raise cherrypy.HTTPError(400, 'Expected cluster type parameter')
try:
cluster = Cluster.get(id)
cluster.update(kwargs)
# Change the owner to nobody, so that REST call will be made to /servicesNS/nobody/HadoopConnect/...
# instead of /servicesNS/admin/HadoopConnect/... or /servicesNS/<owner>/HadoopConnect/...
if cluster.entity and cluster.entity.owner:
cluster.entity.owner = 'nobody'
edit = True
except:
cluster = Cluster(app, user, **kwargs)
edit = False
# save stuff iff there were no errors while saving the principal
if len(errors) == 0:
logger.info("Saving cluster with args: %s " % kwargs)
if cluster.passive_save():
this_app = App.get(App.build_id(app, app, user))
this_app.is_configured = True
this_app.passive_save()
if app_util.is_xhr():
cherrypy.response.status = 200
return ""
raise cherrypy.HTTPRedirect(
self.make_url(['app', app, 'config_clusters']), 303)
principals = Principal.all().filter_by_app(app)
principal_name = kwargs.get('principal_name', '')
principal_keytab_location = kwargs.get('principal_keytab_location', '')
cluster.errors += errors
if app_util.is_xhr():
cherrypy.response.status = 404
return self.render_template(
'/%s:/templates/add_cluster.html' % app,
dict(form_content='fomasdafe',
app=app,
cluster=cluster,
edit=edit,
principals=principals,
principal_name=principal_name,
principal_keytab_location=principal_keytab_location,
selectedTab=type))
