def _create_auth_token(self, context):
if not context:
return None
user = context.get('user', None)
if not user:
return None
return access.create_token(user)
def _create_auth_token(self, context):
if not context:
return None
user = context.get('user', None)
if not user:
return None
return access.create_token(user)
def test_delete_token(self):
token = access.create_token(USERNAME)
access.delete_token(token.token)
try:
token = Token.get(token.token)
self.assertTrue(False, 'Delete failed was expected to pass.')
except TokenNotFoundError:
self.assertTrue(True)
def test_delete_token(self):
token = access.create_token(USERNAME)
access.delete_token(token.token)
try:
token = Token.get(token.token)
self.assertTrue(False, 'Delete failed was expected to pass.')
except TokenNotFoundError:
self.assertTrue(True)
def test_create_token_ttl_ok(self):
ttl = 10
token = access.create_token(USERNAME, 10)
self.assertTrue(token is not None)
self.assertTrue(token.token is not None)
self.assertEqual(token.user, USERNAME)
expected_expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=ttl)
expected_expiry = isotime.add_utc_tz(expected_expiry)
self.assertLess(isotime.parse(token.expiry), expected_expiry)
def post(self, request, **kwargs):
if not pecan.request.remote_user:
LOG.audit('Access denied to anonymous user.')
pecan.abort(http_client.UNAUTHORIZED)
ttl = getattr(request, 'ttl', None)
tokendb = create_token(pecan.request.remote_user, ttl)
return TokenAPI.from_model(tokendb)
def test_create_token_ttl_capped(self):
ttl = cfg.CONF.auth.token_ttl + 10
expected_expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=ttl)
expected_expiry = isotime.add_utc_tz(expected_expiry)
token = access.create_token('manas', 10)
self.assertTrue(token is not None)
self.assertTrue(token.token is not None)
self.assertEqual(token.user, 'manas')
self.assertLess(isotime.parse(token.expiry), expected_expiry)
def test_create_token_ttl_capped(self):
ttl = cfg.CONF.auth.token_ttl + 10
expected_expiry = date_utils.get_datetime_utc_now() + datetime.timedelta(seconds=ttl)
expected_expiry = date_utils.add_utc_tz(expected_expiry)
token = access.create_token(USERNAME, 10)
self.assertTrue(token is not None)
self.assertTrue(token.token is not None)
self.assertEqual(token.user, USERNAME)
self.assertLess(isotime.parse(token.expiry), expected_expiry)
def test_create_token_ttl_capped(self):
ttl = cfg.CONF.auth.token_ttl + 10
expected_expiry = date_utils.get_datetime_utc_now(
) + datetime.timedelta(seconds=ttl)
expected_expiry = date_utils.add_utc_tz(expected_expiry)
token = access.create_token(USERNAME, 10)
self.assertTrue(token is not None)
self.assertTrue(token.token is not None)
self.assertEqual(token.user, USERNAME)
self.assertLess(isotime.parse(token.expiry), expected_expiry)
def test_create_token_ttl_capped(self):
ttl = cfg.CONF.auth.token_ttl + 10
expected_expiry = datetime.datetime.utcnow() + datetime.timedelta(
seconds=ttl)
expected_expiry = isotime.add_utc_tz(expected_expiry)
token = access.create_token('manas', 10)
self.assertTrue(token is not None)
self.assertTrue(token.token is not None)
self.assertEqual(token.user, 'manas')
self.assertLess(isotime.parse(token.expiry), expected_expiry)
def test_create_token_ttl_ok(self):
ttl = 10
token = access.create_token(USERNAME, 10)
self.assertIsNotNone(token)
self.assertIsNotNone(token.token)
self.assertEqual(token.user, USERNAME)
expected_expiry = date_utils.get_datetime_utc_now(
) + datetime.timedelta(seconds=ttl)
expected_expiry = date_utils.add_utc_tz(expected_expiry)
self.assertLess(isotime.parse(token.expiry), expected_expiry)
def __init__(self):
self._action_sensor_enabled = cfg.CONF.action_sensor.enable
self._trigger_type_endpoint = cfg.CONF.action_sensor.triggers_base_url
self._retry_wait = cfg.CONF.action_sensor.retry_wait
self._timeout = cfg.CONF.action_sensor.request_timeout
self._max_attempts = cfg.CONF.action_sensor.max_attempts
self._auth_creds = create_token('system.internal_trigger_registrar',
ttl=INTERNAL_TRIGGER_REGISTER_TOKEN_TTL)
self._http_post_headers = {'content-type': 'application/json',
'X-Auth-Token': self._auth_creds.token}
self._http_get_headers = {'X-Auth-Token': self._auth_creds.token}
def __init__(self):
self._action_sensor_enabled = cfg.CONF.action_sensor.enable
self._trigger_type_endpoint = cfg.CONF.action_sensor.triggers_base_url
self._retry_wait = cfg.CONF.action_sensor.retry_wait
self._timeout = cfg.CONF.action_sensor.request_timeout
self._max_attempts = cfg.CONF.action_sensor.max_attempts
self._auth_creds = create_token('system.internal_trigger_registrar',
ttl=(1 * 60 * 60))
self._http_post_headers = {'content-type': 'application/json',
'X-Auth-Token': self._auth_creds.token}
self._http_get_headers = {'X-Auth-Token': self._auth_creds.token}
def _get_api_client(self):
"""
Retrieve API client instance.
"""
if not self._client:
ttl = (24 * 60 * 60)
temporary_token = create_token(username=self._api_username, ttl=ttl)
api_url = get_full_public_api_url()
self._client = Client(api_url=api_url, token=temporary_token.token)
return self._client
def test_create_token_service_token_can_use_arbitrary_ttl(self):
ttl = (10000 * 24 * 24)
# Service token should support arbitrary TTL
token = access.create_token(USERNAME, ttl=ttl, service=True)
expected_expiry = date_utils.get_datetime_utc_now() + datetime.timedelta(seconds=ttl)
expected_expiry = date_utils.add_utc_tz(expected_expiry)
self.assertTrue(token is not None)
self.assertEqual(token.user, USERNAME)
self.assertLess(isotime.parse(token.expiry), expected_expiry)
# Non service token should throw on TTL which is too large
self.assertRaises(TTLTooLargeException, access.create_token, USERNAME, ttl=ttl,
service=False)
def _get_api_client(self):
"""
Retrieve API client instance.
"""
token_expire = self._token_expire <= get_datetime_utc_now()
if not self._client or token_expire:
self._logger.audit('Creating new Client object.')
ttl = cfg.CONF.auth.service_token_ttl
self._token_expire = get_datetime_utc_now() + timedelta(seconds=ttl)
temporary_token = create_token(username=self._api_username, ttl=ttl, service=True)
api_url = get_full_public_api_url()
self._client = Client(api_url=api_url, token=temporary_token.token)
return self._client
def _get_api_client(self):
"""
Retrieve API client instance.
"""
token_expire = self._token_expire <= get_datetime_utc_now()
if not self._client or token_expire:
self._logger.audit('Creating new Client object.')
ttl = (24 * 60 * 60)
self._token_expire = get_datetime_utc_now() + timedelta(seconds=ttl)
temporary_token = create_token(username=self._api_username, ttl=ttl)
api_url = get_full_public_api_url()
self._client = Client(api_url=api_url, token=temporary_token.token)
return self._client
def _create_auth_token(self, context, action_db, liveaction_db):
if not context:
return None
user = context.get('user', None)
if not user:
return None
metadata = {
'service': 'actions_container',
'action_name': action_db.name,
'live_action_id': str(liveaction_db.id)
}
token_db = access.create_token(username=user,
metadata=metadata,
service=True)
return token_db
def _create_auth_token(self, context, action_db, liveaction_db):
if not context:
return None
user = context.get('user', None)
if not user:
return None
metadata = {
'service': 'actions_container',
'action_name': action_db.name,
'live_action_id': str(liveaction_db.id)
}
ttl = cfg.CONF.auth.service_token_ttl
token_db = access.create_token(username=user, ttl=ttl, metadata=metadata, service=True)
return token_db
def get_api_client(self):
"""
Retrieve API client instance.
"""
token_expire = self._token_expire <= get_datetime_utc_now()
if not self._client or token_expire:
# Note: Late import to avoid high import cost (time wise)
from st2common.services.access import create_token
self._logger.debug('Creating new Client object.')
ttl = cfg.CONF.auth.service_token_ttl
api_url = get_full_public_api_url()
temporary_token = create_token(username=self._api_username, ttl=ttl, service=True)
self._client = Client(api_url=api_url, token=temporary_token.token)
self._token_expire = get_datetime_utc_now() + timedelta(seconds=ttl)
return self._client
def get_api_client(self):
"""
Retrieve API client instance.
"""
token_expire = self._token_expire <= get_datetime_utc_now()
if not self._client or token_expire:
# Note: Late import to avoid high import cost (time wise)
from st2common.services.access import create_token
self._logger.debug('Creating new Client object.')
ttl = cfg.CONF.auth.service_token_ttl
api_url = get_full_public_api_url()
temporary_token = create_token(username=self._api_username, ttl=ttl, service=True)
self._client = Client(api_url=api_url, token=temporary_token.token)
self._token_expire = get_datetime_utc_now() + timedelta(seconds=ttl)
return self._client
def test_create_token_service_token_can_use_arbitrary_ttl(self):
ttl = (10000 * 24 * 24)
# Service token should support arbitrary TTL
token = access.create_token(USERNAME, ttl=ttl, service=True)
expected_expiry = date_utils.get_datetime_utc_now(
) + datetime.timedelta(seconds=ttl)
expected_expiry = date_utils.add_utc_tz(expected_expiry)
self.assertTrue(token is not None)
self.assertEqual(token.user, USERNAME)
self.assertLess(isotime.parse(token.expiry), expected_expiry)
# Non service token should throw on TTL which is too large
self.assertRaises(TTLTooLargeException,
access.create_token,
USERNAME,
ttl=ttl,
service=False)
def _create_auth_token(self, context, action_db, liveaction_db):
if not context:
return None
user = context.get("user", None)
if not user:
return None
metadata = {
"service": "actions_container",
"action_name": action_db.name,
"live_action_id": str(liveaction_db.id),
}
ttl = cfg.CONF.auth.service_token_ttl
token_db = access.create_token(username=user,
ttl=ttl,
metadata=metadata,
service=True)
return token_db
def _spawn_sensor_process(self, sensor):
"""
Spawn a new process for the provided sensor.
New process uses isolated Python binary from a virtual environment
belonging to the sensor pack.
"""
sensor_id = self._get_sensor_id(sensor=sensor)
virtualenv_path = get_sandbox_virtualenv_path(pack=sensor['pack'])
python_path = get_sandbox_python_binary_path(pack=sensor['pack'])
if virtualenv_path and not os.path.isdir(virtualenv_path):
format_values = {'pack': sensor['pack'], 'virtualenv_path': virtualenv_path}
msg = PACK_VIRTUALENV_DOESNT_EXIST % format_values
raise Exception(msg)
trigger_type_refs = sensor['trigger_types'] or []
trigger_type_refs = ','.join(trigger_type_refs)
parent_args = json.dumps(sys.argv[1:])
args = [
python_path,
WRAPPER_SCRIPT_PATH,
'--pack=%s' % (sensor['pack']),
'--file-path=%s' % (sensor['file_path']),
'--class-name=%s' % (sensor['class_name']),
'--trigger-type-refs=%s' % (trigger_type_refs),
'--parent-args=%s' % (parent_args)
]
if sensor['poll_interval']:
args.append('--poll-interval=%s' % (sensor['poll_interval']))
env = os.environ.copy()
env['PYTHONPATH'] = get_sandbox_python_path(inherit_from_parent=True,
inherit_parent_virtualenv=True)
# Include full api URL and API token specific to that sensor
ttl = (24 * 60 * 60)
temporary_token = create_token(username='******', ttl=ttl)
env[API_URL_ENV_VARIABLE_NAME] = get_full_public_api_url()
env[AUTH_TOKEN_ENV_VARIABLE_NAME] = temporary_token.token
# TODO 1: Purge temporary token when service stops or sensor process dies
# TODO 2: Store metadata (wrapper process id) with the token and delete
# tokens for old, dead processes on startup
cmd = ' '.join(args)
LOG.debug('Running sensor subprocess (cmd="%s")', cmd)
# TODO: Intercept stdout and stderr for aggregated logging purposes
try:
process = subprocess.Popen(args=args, stdin=None, stdout=None,
stderr=None, shell=False, env=env,
preexec_fn=on_parent_exit('SIGTERM'))
except Exception as e:
cmd = ' '.join(args)
message = ('Failed to spawn process for sensor %s ("%s"): %s' %
(sensor_id, cmd, str(e)))
raise Exception(message)
self._processes[sensor_id] = process
self._sensors[sensor_id] = sensor
self._sensor_start_times[sensor_id] = int(time.time())
self._dispatch_trigger_for_sensor_spawn(sensor=sensor, process=process, cmd=cmd)
return process
def _spawn_sensor_process(self, sensor):
"""
Spawn a new process for the provided sensor.
New process uses isolated Python binary from a virtual environment
belonging to the sensor pack.
"""
sensor_id = self._get_sensor_id(sensor=sensor)
pack_ref = sensor["pack"]
virtualenv_path = get_sandbox_virtualenv_path(pack=pack_ref)
python_path = get_sandbox_python_binary_path(pack=pack_ref)
if virtualenv_path and not os.path.isdir(virtualenv_path):
format_values = {
"pack": sensor["pack"],
"virtualenv_path": virtualenv_path
}
msg = PACK_VIRTUALENV_DOESNT_EXIST % format_values
raise Exception(msg)
args = self._get_args_for_wrapper_script(python_binary=python_path,
sensor=sensor)
if self._enable_common_pack_libs:
pack_common_libs_path = get_pack_common_libs_path_for_pack_ref(
pack_ref=pack_ref)
else:
pack_common_libs_path = None
env = os.environ.copy()
sandbox_python_path = get_sandbox_python_path(
inherit_from_parent=True, inherit_parent_virtualenv=True)
if self._enable_common_pack_libs and pack_common_libs_path:
env["PYTHONPATH"] = pack_common_libs_path + ":" + sandbox_python_path
else:
env["PYTHONPATH"] = sandbox_python_path
if self._create_token:
# Include full api URL and API token specific to that sensor
LOG.debug("Creating temporary auth token for sensor %s" %
(sensor["class_name"]))
ttl = cfg.CONF.auth.service_token_ttl
metadata = {
"service": "sensors_container",
"sensor_path": sensor["file_path"],
"sensor_class": sensor["class_name"],
}
temporary_token = create_token(username="******",
ttl=ttl,
metadata=metadata,
service=True)
env[API_URL_ENV_VARIABLE_NAME] = get_full_public_api_url()
env[AUTH_TOKEN_ENV_VARIABLE_NAME] = temporary_token.token
# TODO 1: Purge temporary token when service stops or sensor process dies
# TODO 2: Store metadata (wrapper process id) with the token and delete
# tokens for old, dead processes on startup
cmd = " ".join(args)
LOG.debug('Running sensor subprocess (cmd="%s")', cmd)
# TODO: Intercept stdout and stderr for aggregated logging purposes
try:
process = subprocess.Popen(
args=args,
stdin=None,
stdout=None,
stderr=None,
shell=False,
env=env,
preexec_fn=on_parent_exit("SIGTERM"),
)
except Exception as e:
cmd = " ".join(args)
message = 'Failed to spawn process for sensor %s ("%s"): %s' % (
sensor_id,
cmd,
six.text_type(e),
)
raise Exception(message)
self._processes[sensor_id] = process
self._sensors[sensor_id] = sensor
self._sensor_start_times[sensor_id] = int(time.time())
self._dispatch_trigger_for_sensor_spawn(sensor=sensor,
process=process,
cmd=cmd)
return process
def _spawn_sensor_process(self, sensor):
"""
Spawn a new process for the provided sensor.
New process uses isolated Python binary from a virtual environment
belonging to the sensor pack.
"""
sensor_id = self._get_sensor_id(sensor=sensor)
virtualenv_path = get_sandbox_virtualenv_path(pack=sensor['pack'])
python_path = get_sandbox_python_binary_path(pack=sensor['pack'])
if virtualenv_path and not os.path.isdir(virtualenv_path):
msg = PACK_VIRTUALENV_DOESNT_EXIST % (sensor['pack'],
sensor['pack'])
raise Exception(msg)
trigger_type_refs = sensor['trigger_types'] or []
trigger_type_refs = ','.join(trigger_type_refs)
parent_args = json.dumps(sys.argv[1:])
args = [
python_path, WRAPPER_SCRIPT_PATH,
'--pack=%s' % (sensor['pack']),
'--file-path=%s' % (sensor['file_path']),
'--class-name=%s' % (sensor['class_name']),
'--trigger-type-refs=%s' % (trigger_type_refs),
'--parent-args=%s' % (parent_args)
]
if sensor['poll_interval']:
args.append('--poll-interval=%s' % (sensor['poll_interval']))
env = os.environ.copy()
env['PYTHONPATH'] = get_sandbox_python_path(
inherit_from_parent=True, inherit_parent_virtualenv=True)
# Include full api URL and API token specific to that sensor
ttl = (24 * 60 * 60)
temporary_token = create_token(username='******', ttl=ttl)
env[API_URL_ENV_VARIABLE_NAME] = get_full_api_url()
env[AUTH_TOKEN_ENV_VARIABLE_NAME] = temporary_token.token
# TODO 1: Purge temporary token when service stops or sensor process dies
# TODO 2: Store metadata (wrapper process id) with the token and delete
# tokens for old, dead processes on startup
LOG.debug('Running sensor subprocess (cmd="%s")', ' '.join(args))
# TODO: Intercept stdout and stderr for aggregated logging purposes
try:
process = subprocess.Popen(args=args,
stdin=None,
stdout=None,
stderr=None,
shell=False,
env=env)
except Exception as e:
cmd = ' '.join(args)
message = ('Failed to spawn process for sensor %s ("%s"): %s' %
(sensor_id, cmd, str(e)))
raise Exception(message)
self._processes[sensor_id] = process
return process
def test_create_token(self):
token = access.create_token(USERNAME)
self.assertIsNotNone(token)
self.assertIsNotNone(token.token)
self.assertEqual(token.user, USERNAME)
def test_create_token_fail(self):
try:
access.create_token(None)
self.assertTrue(False, 'Create succeeded was expected to fail.')
except ValueError:
self.assertTrue(True)
def test_create_token(self):
token = access.create_token(USERNAME)
self.assertTrue(token is not None)
self.assertTrue(token.token is not None)
self.assertEqual(token.user, USERNAME)
def test_create_token_fail(self):
try:
access.create_token(None)
self.assertTrue(False, 'Create succeeded was expected to fail.')
except ValueError:
self.assertTrue(True)
def test_create_token(self):
token = access.create_token(USERNAME)
self.assertTrue(token is not None)
self.assertTrue(token.token is not None)
self.assertEqual(token.user, USERNAME)
def test_create_token(self):
token = access.create_token('manas')
self.assertTrue(token is not None)
self.assertTrue(token.token is not None)
self.assertEqual(token.user, 'manas')
def test_create_token(self):
token = access.create_token('manas')
self.assertTrue(token is not None)
self.assertTrue(token.token is not None)
self.assertEqual(token.user, 'manas')
def _create_token_for_user(self, username, ttl=None):
tokendb = create_token(username=username, ttl=ttl)
return TokenAPI.from_model(tokendb)
def _spawn_sensor_process(self, sensor):
"""
Spawn a new process for the provided sensor.
New process uses isolated Python binary from a virtual environment
belonging to the sensor pack.
"""
sensor_id = self._get_sensor_id(sensor=sensor)
pack_ref = sensor['pack']
virtualenv_path = get_sandbox_virtualenv_path(pack=pack_ref)
python_path = get_sandbox_python_binary_path(pack=pack_ref)
if virtualenv_path and not os.path.isdir(virtualenv_path):
format_values = {'pack': sensor['pack'], 'virtualenv_path': virtualenv_path}
msg = PACK_VIRTUALENV_DOESNT_EXIST % format_values
raise Exception(msg)
trigger_type_refs = sensor['trigger_types'] or []
trigger_type_refs = ','.join(trigger_type_refs)
parent_args = json.dumps(sys.argv[1:])
args = [
python_path,
WRAPPER_SCRIPT_PATH,
'--pack=%s' % (sensor['pack']),
'--file-path=%s' % (sensor['file_path']),
'--class-name=%s' % (sensor['class_name']),
'--trigger-type-refs=%s' % (trigger_type_refs),
'--parent-args=%s' % (parent_args)
]
if sensor['poll_interval']:
args.append('--poll-interval=%s' % (sensor['poll_interval']))
sandbox_python_path = get_sandbox_python_path(inherit_from_parent=True,
inherit_parent_virtualenv=True)
if self._enable_common_pack_libs:
pack_common_libs_path = get_pack_common_libs_path_for_pack_ref(pack_ref=pack_ref)
else:
pack_common_libs_path = None
env = os.environ.copy()
if self._enable_common_pack_libs and pack_common_libs_path:
env['PYTHONPATH'] = pack_common_libs_path + ':' + sandbox_python_path
else:
env['PYTHONPATH'] = sandbox_python_path
# Include full api URL and API token specific to that sensor
ttl = cfg.CONF.auth.service_token_ttl
metadata = {
'service': 'sensors_container',
'sensor_path': sensor['file_path'],
'sensor_class': sensor['class_name']
}
temporary_token = create_token(username='******', ttl=ttl, metadata=metadata,
service=True)
env[API_URL_ENV_VARIABLE_NAME] = get_full_public_api_url()
env[AUTH_TOKEN_ENV_VARIABLE_NAME] = temporary_token.token
# TODO 1: Purge temporary token when service stops or sensor process dies
# TODO 2: Store metadata (wrapper process id) with the token and delete
# tokens for old, dead processes on startup
cmd = ' '.join(args)
LOG.debug('Running sensor subprocess (cmd="%s")', cmd)
# TODO: Intercept stdout and stderr for aggregated logging purposes
try:
process = subprocess.Popen(args=args, stdin=None, stdout=None,
stderr=None, shell=False, env=env,
preexec_fn=on_parent_exit('SIGTERM'))
except Exception as e:
cmd = ' '.join(args)
message = ('Failed to spawn process for sensor %s ("%s"): %s' %
(sensor_id, cmd, str(e)))
raise Exception(message)
self._processes[sensor_id] = process
self._sensors[sensor_id] = sensor
self._sensor_start_times[sensor_id] = int(time.time())
self._dispatch_trigger_for_sensor_spawn(sensor=sensor, process=process, cmd=cmd)
return process
def _create_token_for_user(self, username, ttl=None):
tokendb = create_token(username=username, ttl=ttl)
return TokenAPI.from_model(tokendb)
