def _clean_expired_subscriptions(self, collection):
expired_time = time_utils.get_current_timestamp() - self.clean_up_time
LOGGER.debug('Deleting subscriptions older than expired_time=%s',
expired_time)
collection.delete_expired_items(expired_time=self.clean_up_time,
expiration_attribute_name=EXPIRED_TIME)
collection.delete_items_by_query({VERSION: {NOT_EQUAL: 2}})
def _clean_expired_searches(self, collection):
stuck_search_delete_time = self.clean_up_time * self.STUCK_SEARCH_MULTIPLIER
timestamp_before = time_utils.get_current_timestamp() - stuck_search_delete_time
LOGGER.debug('Deleting searches older than last_update_time=%s', timestamp_before)
collection.delete_expired_items(expired_time=stuck_search_delete_time,
expiration_attribute_name=LAST_UPDATE_TIME)
collection.delete_items_by_query({VERSION: {NOT_EQUAL: 2}})
def delete_invalid_entries(self, collection, collection_handler, timestamp_attribute_name):
try:
current_timestamp = get_current_timestamp()
query = {timestamp_attribute_name: {constants.GREATER_THAN_OPERATOR: current_timestamp}}
resp = collection_handler.delete_items_by_query(query)
LOGGER.info(
"Successfully deleted invalid entries for collection=%s with response=%s" % (collection, str(resp)))
except:
LOGGER.exception("Exception deleting invalid entries for collection=%s" % collection)
def _clean_user_namespaced_items(self):
users = get_all_mobile_users(self.session_key)
timestamp_before = time_utils.get_current_timestamp() - self.clean_up_time
LOGGER.debug('Deleting credentials older than last_update_time=%s, users=%s', timestamp_before, len(users))
for owner in users:
credentials = KVStoreCollectionAccessObject(collection=SUBSCRIPTION_CREDENTIALS_COLLECTION_NAME,
owner=owner,
session_key=self.session_key)
credentials.delete_expired_items(expired_time=timestamp_before, expiration_attribute_name=LAST_UPDATE_TIME)
def sync(self):
"""
Gets all registered users. Gets all tokens per user, sorted by expiry date. Deletes all tokens except the one
with the most recent expiration date and any that are being used as subscription credentials.
"""
all_registered_users = get_all_mobile_users(self.session_key)
try:
for user in all_registered_users:
tokens = get_all_secure_gateway_tokens(self.session_key, user)
current_time = get_current_timestamp()
index_to_delete = min(3, len(tokens))
for i in range(0, index_to_delete - 1):
if token[i]['content']['claims']['exp'] < current_time:
index_to_delete = i
break
tokens_to_delete = tokens[index_to_delete:]
kvstore_subscription_credentials = KvStore(
constants.SUBSCRIPTION_CREDENTIALS_COLLECTION_NAME,
self.session_key,
owner=user)
response, credentials = kvstore_subscription_credentials.get_all_items(
)
credentials = json.loads(credentials)
jwt_credential = [
c for c in credentials if 'session_type' in c
and c['session_type'] == constants.JWT_TOKEN_TYPE[0]
]
if jwt_credential:
subscription_token_info = calculate_token_info(
jwt_credential['session_key'])
else:
subscription_token_info = None
for token in tokens_to_delete:
# if that token does not exist in subscription credentials
if not subscription_token_info or token[
'name'] != subscription_token_info['id']:
delete_token_by_id(self.session_key, user,
token['name'])
except:
LOGGER.exception("Exception performing DeleteTokensSync")
async def update(session_token, async_kvstore_client, async_splunk_client):
"""
Update the devices to role mapping collection in KV Store
"""
timestamp = get_current_timestamp()
splunk_auth_header = SplunkAuthHeader(session_token)
# for each user, fetch user to roles mapping
response_code, user_to_role_dict = await async_splunk_client.async_get_users_roles_mapping(
splunk_auth_header)
LOGGER.debug("Fetched user role mapping with response code=%s, %s" %
(str(response_code), str(user_to_role_dict)))
# For each user fetch devices registered to that user
registered_devices_jsn = await get_registered_devices(
splunk_auth_header, list(user_to_role_dict.keys()),
async_kvstore_client)
# Construct kvstore payload
batch_payload = create_payloads(registered_devices_jsn, user_to_role_dict,
timestamp)
batch_post_to_kvstore(session_token, batch_payload)
await clean_up_old_entries(timestamp, async_kvstore_client, session_token)
def __init__(self, value, ttl=3600):
self.value = value
self.ttl = ttl
self.timestamp = get_current_timestamp()
def is_valid(self):
return (get_current_timestamp() - self.timestamp) < self.ttl