def authz_heartbeat(*args, **kwargs): cycle_timer = kwargs['mythread']['cycle_timer'] logger.info('Checking authz availability') try: host_id = localconfig.get_host_id() authz_handlr = get_authorizer() handler = authz_handlr.__class__.__name__ ex = None try: result = authz_handlr.healthcheck() except Exception as e: ex = e result = False if not result: fail_event = ServiceAuthzPluginHealthCheckFailed(user_id=localconfig.ADMIN_ACCOUNT_NAME, name=service_name, host=host_id, plugin=handler, details=str(ex) ) logger.info('Sending healthcheck failure event: {}'.format(fail_event.__event_type__)) try: client = internal_client_for(CatalogClient, localconfig.ADMIN_ACCOUNT_NAME) client.add_event(fail_event) except Exception as ex: logger.exception( 'Failure to send authz healthcheck failure event: {}'.format(fail_event.to_json())) except Exception as e: logger.exception('Caught unexpected exception from the authz heartbeat handler') time.sleep(cycle_timer) return True
def authenticate_user(self, username, password): try: authc_token = UsernamePasswordToken(username=username, password=password, remember_me=False) authorizer = get_authorizer() authorizer.inline_authz([], authc_token=authc_token) return User(username) except: logger.exception('Error authenticating') raise
def authenticate_user(self, username, password): try: authc_token = UsernamePasswordToken(username=username, password=password, remember_me=False) authorizer = get_authorizer() identity = authorizer.inline_authz([], authc_token=authc_token) # Use the user's uuid as the username/subject for the token to avoid name conflicts over time if identity is None: raise Exception('Unknown user') else: return User(identity.user_uuid) except: logger.debug_exception('Error authenticating') raise Exception('User authentication failed')
import anchore_engine.apis from anchore_engine import db import anchore_engine.services.catalog.catalog_impl import anchore_engine.common from anchore_engine.subsys import logger import anchore_engine.configuration.localconfig import anchore_engine.subsys.servicestatus from anchore_engine.clients.services import internal_client_for from anchore_engine.clients.services.policy_engine import PolicyEngineClient from anchore_engine.apis.authorization import get_authorizer, INTERNAL_SERVICE_ALLOWED from anchore_engine.db import AccountTypes from anchore_engine.apis.context import ApiRequestContextProxy from anchore_engine.services.catalog import archiver from anchore_engine.subsys.metrics import flask_metrics authorizer = get_authorizer() @authorizer.requires_account(with_types=INTERNAL_SERVICE_ALLOWED) def status(): httpcode = 500 try: service_record = anchore_engine.subsys.servicestatus.get_my_service_record() return_object = anchore_engine.subsys.servicestatus.get_status(service_record) httpcode = 200 except Exception as err: return_object = str(err) return (return_object, httpcode)