Exemple #1
0
    def add_soap_services(self, session, cluster, admin_invoke_sec, pubapi_sec):
        """ Adds these Zato internal services that can be accessed through SOAP requests.
        """
        
        #
        # HTTPSOAP + services
        #
        zato_soap_channels = []
        
        for name, impl_name in zato_services.iteritems():
            
            service = Service(None, name, True, impl_name, True, cluster)
            session.add(service)
            
            # Add the HTTP channel for WSDLs
            if name == 'zato.service.get-wsdl':
                http_soap = HTTPSOAP(None, '{}.soap'.format(name), True, True, 'channel', 'plain_http', 
                    None, '/zato/wsdl', None, '', None, None, service=service, cluster=cluster)
                session.add(http_soap)
                
            elif name == 'zato.service.invoke':
                self.add_admin_invoke(session, cluster, service, admin_invoke_sec)

            zato_soap = HTTPSOAP(None, name, True, True, 'channel', 
                'soap', None, '/zato/soap', None, name, '1.1', 
                SIMPLE_IO.FORMAT.XML, service=service, cluster=cluster, security=pubapi_sec)
            session.add(zato_soap)

            json_url_path = '/zato/json/{}'.format(name)            
            json_http = HTTPSOAP(None, '{}.json'.format(name), True, True, 'channel', 'plain_http', 
                None, json_url_path, None, '', None, SIMPLE_IO.FORMAT.JSON, service=service, cluster=cluster, security=pubapi_sec)
            session.add(json_http)
Exemple #2
0
    def add_check(self, session, cluster, service, pubapi_sec):

        if 'fixed-width' in service.name:
            data_formats = [DATA_FORMAT.FIXED_WIDTH]
        else:
            data_formats = [DATA_FORMAT.JSON, DATA_FORMAT.XML]

        for data_format in data_formats:

            name = 'zato.checks.{}.{}'.format(data_format, service.name)
            url_path = '/zato/checks/{}/{}'.format(data_format, service.name)

            channel = HTTPSOAP(None,
                               name,
                               True,
                               True,
                               'channel',
                               'plain_http',
                               None,
                               url_path,
                               None,
                               '',
                               None,
                               data_format,
                               merge_url_params_req=True,
                               service=service,
                               cluster=cluster,
                               security=pubapi_sec)
            session.add(channel)
Exemple #3
0
    def add_rbac_channel(self, session, cluster, service, rbac_role, url_path, permit_read=True, permit_write=False, **kwargs):
        """ Create an RBAC-authenticated plain HTTP channel associated with a service.

        :param session: SQLAlchemy session instance
        :param cluster: Cluster model instance
        :param service: Service model instance
        :param rbac_role: RBACRole model instance
        :param url_path: "/url/path" to expose service as
        """

        # Zato
        from zato.common.odb.model import HTTPSOAP, RBACPermission, RBACRolePermission

        name = 'admin.' + service.name.replace('zato.', '')
        channel = HTTPSOAP(name=name, is_active=True, is_internal=True, connection='channel', transport='plain_http',
            url_path=url_path, soap_action='', has_rbac=True, sec_use_rbac=True, merge_url_params_req=True, service=service,
            cluster=cluster, **kwargs)
        session.add(channel)

        perms = []
        for permitted, perm_names in ((permit_read, ('Read',)), (permit_write, ('Create', 'Update'))):
            if permitted:
                perms.extend(session.query(RBACPermission).\
                    filter(RBACPermission.name.in_(perm_names)))

        for perm in perms:
            session.add(RBACRolePermission(role=rbac_role, perm=perm, service=service, cluster=cluster))
Exemple #4
0
 def add_admin_invoke(self, session, cluster, service, admin_invoke_sec):
     """ Adds an admin channel for invoking services from web admin and CLI.
     """
     channel = HTTPSOAP(None, 'admin.invoke.json', True, True, 'channel', 'plain_http', 
         None, '/zato/admin/invoke', None, '', None, SIMPLE_IO.FORMAT.JSON, service=service, cluster=cluster, 
         security=admin_invoke_sec)
     session.add(channel)
Exemple #5
0
    def add_soap_services(self, session, cluster, admin_invoke_sec, pubapi_sec):
        """ Adds these Zato internal services that can be accessed through SOAP requests.
        """

        #
        # HTTPSOAP + services
        #

        for name, impl_name in zato_services.iteritems():

            service = Service(None, name, True, impl_name, True, cluster)
            session.add(service)

            # Add the HTTP channel for WSDLs
            if name == 'zato.service.get-wsdl':
                http_soap = HTTPSOAP(
                    None, '{}.soap'.format(name), True, True, 'channel', 'plain_http',
                    None, '/zato/wsdl', None, '', None, None, service=service, cluster=cluster)
                session.add(http_soap)

            elif name == 'zato.service.invoke':
                self.add_admin_invoke(session, cluster, service, admin_invoke_sec)

            elif name == 'zato.pubsub.rest-handler':
                self.add_pubsub_rest_handler(session, cluster, service)

            session.add(get_http_soap_channel(name, service, cluster, pubapi_sec))
            session.add(get_http_json_channel(name, service, cluster, pubapi_sec))
Exemple #6
0
    def add_internal_services(self, session, cluster, admin_invoke_sec,
                              pubapi_sec, internal_invoke_sec,
                              live_browser_sec):
        """ Adds these Zato internal services that can be accessed through SOAP requests.
        """

        #
        # HTTPSOAP + services
        #

        for name, impl_name in zato_services.iteritems():

            service = Service(None, name, True, impl_name, True, cluster)
            session.add(service)

            # Add the HTTP channel for WSDLs
            if name == 'zato.service.get-wsdl':
                http_soap = HTTPSOAP(None,
                                     '{}.soap'.format(name),
                                     True,
                                     True,
                                     'channel',
                                     'plain_http',
                                     None,
                                     '/zato/wsdl',
                                     None,
                                     '',
                                     None,
                                     None,
                                     service=service,
                                     cluster=cluster)
                session.add(http_soap)

            elif name == 'zato.service.invoke':
                self.add_admin_invoke(session, cluster, service,
                                      admin_invoke_sec)
                self.add_internal_invoke(session, cluster, service,
                                         internal_invoke_sec)

            elif name == 'zato.pubsub.rest-handler':
                self.add_pubsub_rest_handler(session, cluster, service)

            elif name == 'zato.security.jwt.log-in':
                self.add_jwt_log_in(session, cluster, service)

            elif name == 'zato.security.jwt.log-out':
                self.add_jwt_log_out(session, cluster, service)

            elif name == 'zato.message.live-browser.dispatch':
                self.add_live_browser(session, cluster, service,
                                      live_browser_sec)

            elif 'apispec.pub' in name:
                self.add_apispec_pub(session, cluster, service)

            session.add(
                get_http_soap_channel(name, service, cluster, pubapi_sec))
            session.add(
                get_http_json_channel(name, service, cluster, pubapi_sec))
Exemple #7
0
 def add_internal_invoke(self, session, cluster, service, internal_invoke_sec):
     """ Adds an internal channel for invoking services from other servers.
     """
     channel = HTTPSOAP(
         None, 'zato.internal.invoke', True, True, 'channel', 'plain_http',
         None, '/zato/internal/invoke', None, '', None, SIMPLE_IO.FORMAT.JSON, service=service, cluster=cluster,
         security=internal_invoke_sec)
     session.add(channel)
Exemple #8
0
    def add_jwt_log_out(self, session, cluster, service):

        # Zato
        from zato.common.api import DATA_FORMAT
        from zato.common.odb.model import HTTPSOAP

        channel = HTTPSOAP(None, 'zato.security.jwt.log-out', True, True, 'channel', 'plain_http',
            None, '/zato/jwt/log-out', None, '', None, DATA_FORMAT.JSON, merge_url_params_req=True, service=service,
            cluster=cluster)
        session.add(channel)
Exemple #9
0
    def add_api_invoke(self, session, cluster, service, pubapi_sec):

        from zato.common.api import APISPEC
        from zato.common.odb.model import HTTPSOAP

        for url_path in (APISPEC.GENERIC_INVOKE_PATH, APISPEC.SOAP_INVOKE_PATH):
            channel = HTTPSOAP(None, url_path, True, True, 'channel', 'plain_http',
                None, url_path, None, '', None, None,
                merge_url_params_req=True, service=service, security=pubapi_sec,
                cluster=cluster)
            session.add(channel)
Exemple #10
0
    def add_sso_endpoints(self, session, cluster):

        from zato.common.api import DATA_FORMAT
        from zato.common.odb.model import HTTPSOAP, Service

        data = [

            # Users
            ['zato.sso.user.create', 'zato.server.service.internal.sso.user.Create', '/zato/sso/user/create'],
            ['zato.sso.user.signup', 'zato.server.service.internal.sso.user.Signup', '/zato/sso/user/signup'],
            ['zato.sso.user.approve', 'zato.server.service.internal.sso.user.Approve', '/zato/sso/user/approve'],
            ['zato.sso.user.reject', 'zato.server.service.internal.sso.user.Reject', '/zato/sso/user/reject'],
            ['zato.sso.user.login', 'zato.server.service.internal.sso.user.Login', '/zato/sso/user/login'],
            ['zato.sso.user.logout', 'zato.server.service.internal.sso.user.Logout', '/zato/sso/user/logout'],
            ['zato.sso.user.user', 'zato.server.service.internal.sso.user.User', '/zato/sso/user'],
            ['zato.sso.user.password', 'zato.server.service.internal.sso.user.Password', '/zato/sso/user/password'],
            ['zato.sso.user.search', 'zato.server.service.internal.sso.user.Search', '/zato/sso/user/search'],
            ['zato.sso.user.totp', 'zato.server.service.internal.sso.user.TOTP', '/zato/sso/user/totp'],
            ['zato.sso.user.lock', 'zato.server.service.internal.sso.user.Lock', '/zato/sso/user/lock'],

            # Linked accounts
            ['zato.sso.user.linked-auth', 'zato.server.service.internal.sso.user.LinkedAuth', '/zato/sso/user/linked'],

            # User sessions
            ['zato.sso.session.session', 'zato.server.service.internal.sso.session.Session', '/zato/sso/user/session'],
            ['zato.sso.session.session-list', 'zato.server.service.internal.sso.session.SessionList', '/zato/sso/user/session/list'],

            # Password reset
            ['zato.sso.user.password-reset.begin', 'zato.server.service.internal.sso.password_reset.Begin', '/zato/sso/user/password/reset/begin'],
            ['zato.sso.user.password-reset.complete', 'zato.server.service.internal.sso.password_reset.Complete', '/zato/sso/user/password/reset/complete'],

            # User attributes
            ['zato.sso.user-attr.user-attr', 'zato.server.service.internal.sso.user_attr.UserAttr', '/zato/sso/user/attr'],
            ['zato.sso.user-attr.user-attr-exists', 'zato.server.service.internal.sso.user_attr.UserAttrExists', '/zato/sso/user/attr/exists'],
            ['zato.sso.user-attr.user-attr-names', 'zato.server.service.internal.sso.user_attr.UserAttrNames', '/zato/sso/user/attr/names'],

            # Session attributes
            ['zato.sso.session-attr.session-attr', 'zato.server.service.internal.sso.session_attr.SessionAttr', '/zato/sso/session/attr'],
            ['zato.sso.session-attr.session-attr-exists', 'zato.server.service.internal.sso.session_attr.SessionAttrExists', '/zato/sso/session/attr/exists'],
            ['zato.sso.session-attr.session-attr-names', 'zato.server.service.internal.sso.session_attr.SessionAttrNames', '/zato/sso/session/attr/names'],
        ]

        for name, impl_name, url_path in data:
            service = Service(None, name, True, impl_name, True, cluster)
            channel = HTTPSOAP(None, url_path, True, True, 'channel', 'plain_http', None, url_path, None, '', None,
                DATA_FORMAT.JSON, security=None, service=service, cluster=cluster)

            session.add(service)
            session.add(channel)
Exemple #11
0
    def add_check(self, session, cluster, service, pubapi_sec):

        # Zato
        from zato.common.api import DATA_FORMAT
        from zato.common.odb.model import HTTPSOAP

        data_formats = [DATA_FORMAT.JSON, DATA_FORMAT.XML]
        for data_format in data_formats:

            name = 'zato.checks.{}.{}'.format(data_format, service.name)
            url_path = '/zato/checks/{}/{}'.format(data_format, service.name)

            channel = HTTPSOAP(None, name, True, True, 'channel', 'plain_http', None, url_path, None, '', None, data_format,
                merge_url_params_req=True, service=service, cluster=cluster, security=pubapi_sec)
            session.add(channel)
Exemple #12
0
def get_http_soap_channel(name, service, cluster, security):
    return HTTPSOAP(None,
                    name,
                    True,
                    True,
                    'channel',
                    'soap',
                    None,
                    '/zato/soap',
                    None,
                    name,
                    '1.1',
                    SIMPLE_IO.FORMAT.XML,
                    service=service,
                    cluster=cluster,
                    security=security)
Exemple #13
0
def get_http_json_channel(name, service, cluster, security):
    return HTTPSOAP(None,
                    '{}.json'.format(name),
                    True,
                    True,
                    'channel',
                    'plain_http',
                    None,
                    '/zato/json/{}'.format(name),
                    None,
                    '',
                    None,
                    SIMPLE_IO.FORMAT.JSON,
                    service=service,
                    cluster=cluster,
                    security=security)
Exemple #14
0
 def add_pubsub_rest_handler(self, session, cluster, service):
     channel = HTTPSOAP(None,
                        'zato.pubsub.rest',
                        True,
                        True,
                        'channel',
                        'plain_http',
                        None,
                        '/zato/pubsub/{item_type}/{item}/',
                        None,
                        '',
                        None,
                        None,
                        merge_url_params_req=True,
                        service=service,
                        cluster=cluster)
     session.add(channel)
Exemple #15
0
 def add_jwt_log_in(self, session, cluster, service):
     channel = HTTPSOAP(None,
                        'zato.security.jwt.log-in',
                        True,
                        True,
                        'channel',
                        'plain_http',
                        None,
                        '/zato/jwt/log-in',
                        None,
                        '',
                        None,
                        DATA_FORMAT.JSON,
                        merge_url_params_req=True,
                        service=service,
                        cluster=cluster)
     session.add(channel)
Exemple #16
0
    def add_internal_callback_wmq(self, session, cluster):

        from zato.common.api import IPC
        from zato.common.odb.model import HTTPBasicAuth, HTTPSOAP, Service

        impl_name = 'zato.server.service.internal.channel.jms_wmq.OnMessageReceived'
        service = Service(None, 'zato.channel.jms-wmq.on-message-received', True, impl_name, True, cluster)

        username = IPC.CONNECTOR.USERNAME.IBM_MQ
        sec = HTTPBasicAuth(None, username, True, username, 'Zato IBM MQ', new_password(), cluster)

        channel = HTTPSOAP(None, 'zato.internal.callback.wmq', True, True, 'channel', 'plain_http', None,
            '/zato/internal/callback/wmq',
            None, '', None, None, security=sec, service=service, cluster=cluster)

        session.add(sec)
        session.add(service)
        session.add(channel)
Exemple #17
0
    def add_crypto_endpoints(self, session, cluster):

        # Python 2/3 compatibility
        from future.utils import iteritems

        # Zato
        from zato.common.api import DATA_FORMAT
        from zato.common.odb.model import HTTPBasicAuth, HTTPSOAP, Service

        service_to_endpoint = {
            'zato.crypto.encrypt':  '/zato/crypto/encrypt',
            'zato.crypto.decrypt':  '/zato/crypto/decrypt',
            'zato.crypto.hash-secret':  '/zato/crypto/hash-secret',
            'zato.crypto.verify-hash':  '/zato/crypto/verify-hash',
            'zato.crypto.generate-secret':  '/zato/crypto/generate-secret',
            'zato.crypto.generate-password':  '******',
        }

        service_to_impl = {
            'zato.crypto.encrypt':  'zato.server.service.internal.crypto.Encrypt',
            'zato.crypto.decrypt':  'zato.server.service.internal.crypto.Decrypt',
            'zato.crypto.hash-secret':  'zato.server.service.internal.crypto.HashSecret',
            'zato.crypto.verify-hash':  'zato.server.service.internal.crypto.VerifyHash',
            'zato.crypto.generate-secret':  'zato.server.service.internal.crypto.GenerateSecret',
            'zato.crypto.generate-password':  '******',
        }

        sec = HTTPBasicAuth(None, 'zato.default.crypto.client', True, 'zato.crypto', 'Zato crypto', new_password(), cluster)
        session.add(sec)

        for name, impl_name in iteritems(service_to_impl):

            service = Service(None, name, True, impl_name, True, cluster)
            session.add(service)

            url_path = service_to_endpoint[name]

            http_soap = HTTPSOAP(None, name, True, True, 'channel', 'plain_http', None, url_path, None, '',
                None, DATA_FORMAT.JSON, security=None, service=service, cluster=cluster)

            session.add(http_soap)
Exemple #18
0
 def add_apispec_pub(self,
                     session,
                     cluster,
                     service,
                     _name_path=apispec_name_path):
     url_path = _name_path[service.name]
     channel = HTTPSOAP(None,
                        url_path,
                        True,
                        True,
                        'channel',
                        'plain_http',
                        None,
                        url_path,
                        None,
                        '',
                        None,
                        None,
                        merge_url_params_req=True,
                        service=service,
                        cluster=cluster)
     session.add(channel)
Exemple #19
0
def index(req):
    connection = req.GET.get('connection')
    transport = req.GET.get('transport')
    query = req.GET.get('query', '')
    items = []
    _security = SecurityList()

    if not all((connection, transport)):
        log_msg = "Redirecting to / because at least one of ('connection', 'transport') GET parameters was missing"
        logger.debug(log_msg)
        return HttpResponseRedirect('/')

    create_form = None
    edit_form = None
    meta = None

    colspan = 17

    if transport == 'soap':
        colspan += 2

    if req.zato.cluster_id:
        for def_item in req.zato.client.invoke('zato.security.get-list', {'cluster_id': req.zato.cluster.id}):
            if connection == 'outgoing':
                if transport == URL_TYPE.PLAIN_HTTP and def_item.sec_type not in (
                    SEC_DEF_TYPE.BASIC_AUTH, SEC_DEF_TYPE.TLS_KEY_CERT, SEC_DEF_TYPE.APIKEY):
                    continue
                elif transport == URL_TYPE.SOAP and def_item.sec_type not in (
                    SEC_DEF_TYPE.BASIC_AUTH, SEC_DEF_TYPE.NTLM, SEC_DEF_TYPE.WSS):
                    continue

            _security.append(def_item)

        _soap_versions = SOAP_CHANNEL_VERSIONS if connection == 'channel' else SOAP_VERSIONS

        tls_ca_cert_list = get_tls_ca_cert_list(req.zato.client, req.zato.cluster)

        cache_list = []

        for cache_type in (CACHE.TYPE.BUILTIN, CACHE.TYPE.MEMCACHED):
            service_name = 'zato.cache.{}.get-list'.format(cache_type)
            response = req.zato.client.invoke(service_name, {'cluster_id': req.zato.cluster.id})

            for item in sorted(response, key=itemgetter('name')):
                cache_list.append({'id':item.id, 'name':'{}/{}'.format(CACHE_TYPE[cache_type], item.name)})

        create_form = CreateForm(_security, tls_ca_cert_list, cache_list, _soap_versions, req=req)
        edit_form = EditForm(_security, tls_ca_cert_list, cache_list, _soap_versions, prefix='edit', req=req)

        input_dict = {
            'cluster_id': req.zato.cluster_id,
            'connection': connection,
            'transport': transport,
            'paginate': True,
            'cur_page': req.GET.get('cur_page', 1),
            'query': req.GET.get('query', ''),
        }

        data, meta = parse_response_data(req.zato.client.invoke('zato.http-soap.get-list', input_dict))

        for item in data:
            if query not in item.name:
                continue

            _security_name = item.security_name
            if _security_name:
                security_name = '{0}<br/>{1}'.format(SEC_DEF_TYPE_NAME[item.sec_type], _security_name)
            else:
                if item.sec_use_rbac:
                    security_name = DELEGATED_TO_RBAC
                else:
                    security_name = '<span class="form_hint">---</span>'

            security_id = get_http_channel_security_id(item)

            if item.cache_id:
                cache_name = '{}/{}'.format(CACHE_TYPE[item.cache_type], item.cache_name)
            else:
                cache_name = None

            # New in 3.0, hence optional
            match_slash = item.get('match_slash')
            if match_slash == '':
                match_slash = True

            # New in 3.1
            http_accept = item.get('http_accept') or ''

            http_soap = HTTPSOAP(item.id, item.name, item.is_active, item.is_internal, connection,
                    transport, item.host, item.url_path, item.method, item.soap_action,
                    item.soap_version, item.data_format, item.ping_method,
                    item.pool_size, item.merge_url_params_req, item.url_params_pri, item.params_pri,
                    item.serialization_type, item.timeout, item.sec_tls_ca_cert_id, service_id=item.service_id,
                    service_name=item.service_name, security_id=security_id, has_rbac=item.has_rbac,
                    security_name=security_name, content_type=item.content_type,
                    cache_id=item.cache_id, cache_name=cache_name, cache_type=item.cache_type, cache_expiry=item.cache_expiry,
                    content_encoding=item.content_encoding, match_slash=match_slash, http_accept=http_accept)

            for name in 'is_rate_limit_active', 'rate_limit_type', 'rate_limit_def', 'rate_limit_check_parent_def':
                setattr(http_soap, name, item.get(name))

            items.append(http_soap)

    return_data = {'zato_clusters':req.zato.clusters,
        'cluster_id':req.zato.cluster_id,
        'search_form':SearchForm(req.zato.clusters, req.GET),
        'items':items,
        'create_form':create_form,
        'edit_form':edit_form,
        'connection':connection,
        'transport':transport,
        'connection_label':CONNECTION[connection],
        'connection_label_plural':CONNECTION_PLURAL[connection],
        'transport_label':TRANSPORT[transport],
        'colspan': colspan,
        'default_http_ping_method':DEFAULT_HTTP_PING_METHOD,
        'default_http_pool_size':DEFAULT_HTTP_POOL_SIZE,
        'default_http_timeout':MISC.DEFAULT_HTTP_TIMEOUT,
        'paginate':True,
        'meta': meta,
        'req':req
        }

    return TemplateResponse(req, 'zato/http_soap/index.html', return_data)
Exemple #20
0
    def handle(self):
        input = self.request.input
        input.security_id = input.security_id if input.security_id != ZATO_NONE else None
        input.soap_action = input.soap_action if input.soap_action else ''

        if not input.url_path.startswith('/'):
            msg = 'URL path:[{}] must start with a slash /'.format(
                input.url_path)
            self.logger.error(msg)
            raise Exception(msg)

        with closing(self.odb.session()) as session:
            existing_one = session.query(HTTPSOAP.id).\
                filter(HTTPSOAP.cluster_id==input.cluster_id).\
                filter(HTTPSOAP.name==input.name).\
                filter(HTTPSOAP.connection==input.connection).\
                filter(HTTPSOAP.transport==input.transport).\
                first()

            if existing_one:
                raise Exception(
                    'An object of that name [{0}] already exists on this cluster'
                    .format(input.name))

            # Is the service's name correct?
            service = session.query(Service).\
                filter(Cluster.id==input.cluster_id).\
                filter(Service.name==input.service).first()

            if input.connection == 'channel' and not service:
                msg = 'Service [{0}] does not exist on this cluster'.format(
                    input.service)
                self.logger.error(msg)
                raise Exception(msg)

            # Will raise exception if the security type doesn't match connection
            # type and transport
            sec_info = self._handle_security_info(session, input.security_id,
                                                  input.connection,
                                                  input.transport)

            try:

                item = HTTPSOAP()
                item.connection = input.connection
                item.transport = input.transport
                item.cluster_id = input.cluster_id
                item.is_internal = input.is_internal
                item.name = input.name
                item.is_active = input.is_active
                item.host = input.host
                item.url_path = input.url_path
                item.security_id = input.security_id or None  # So SQLite doesn't reject ''
                item.method = input.method
                item.soap_action = input.soap_action
                item.soap_version = input.soap_version
                item.data_format = input.data_format
                item.service = service
                item.ping_method = input.get(
                    'ping_method') or DEFAULT_HTTP_PING_METHOD
                item.pool_size = input.get(
                    'pool_size') or DEFAULT_HTTP_POOL_SIZE
                item.merge_url_params_req = input.get(
                    'merge_url_params_req') or True
                item.url_params_pri = input.get(
                    'url_params_pri') or URL_PARAMS_PRIORITY.DEFAULT
                item.params_pri = input.get(
                    'params_pri') or PARAMS_PRIORITY.DEFAULT
                item.serialization_type = input.get(
                    'serialization_type'
                ) or HTTP_SOAP_SERIALIZATION_TYPE.DEFAULT.id
                item.timeout = input.get(
                    'timeout') or MISC.DEFAULT_HTTP_TIMEOUT
                item.has_rbac = input.get('has_rbac') or False
                item.content_type = input.get('content_type')

                sec_tls_ca_cert_id = input.get('sec_tls_ca_cert_id')
                item.sec_tls_ca_cert_id = sec_tls_ca_cert_id if sec_tls_ca_cert_id and sec_tls_ca_cert_id != ZATO_NONE else None

                session.add(item)
                session.commit()

                if input.connection == 'channel':
                    input.impl_name = service.impl_name
                    input.service_id = service.id
                    input.service_name = service.name

                if item.sec_tls_ca_cert_id and item.sec_tls_ca_cert_id != ZATO_NONE:
                    self.add_tls_ca_cert(input, item.sec_tls_ca_cert_id)

                input.id = item.id
                input.update(sec_info)

                if input.connection == 'channel':
                    action = CHANNEL.HTTP_SOAP_CREATE_EDIT.value
                else:
                    action = OUTGOING.HTTP_SOAP_CREATE_EDIT.value
                self.notify_worker_threads(input, action)

                self.response.payload.id = item.id
                self.response.payload.name = item.name

            except Exception, e:
                msg = 'Could not create the object, e:[{e}]'.format(
                    e=format_exc(e))
                self.logger.error(msg)
                session.rollback()

                raise
Exemple #21
0
    def add_cache_endpoints(self, session, cluster):

        # Python 2/3 compatibility
        from future.utils import iteritems

        # Zato
        from zato.common.api import DATA_FORMAT
        from zato.common.odb.model import HTTPBasicAuth, HTTPSOAP, Service

        service_to_endpoint = {

            # For single keys
            'zato.cache.builtin.pubapi.single-key-service':  '/zato/cache/{key}',

            # Multi-key get
            'zato.cache.builtin.pubapi.get-by-prefix':       '/zato/cache/get/by-prefix/{key}',
            'zato.cache.builtin.pubapi.get-by-regex':        '/zato/cache/get/by-regex/{key}',
            'zato.cache.builtin.pubapi.get-by-suffix':       '/zato/cache/get/by-suffix/{key}',
            'zato.cache.builtin.pubapi.get-contains':        '/zato/cache/get/contains/{key}',
            'zato.cache.builtin.pubapi.get-not-contains':    '/zato/cache/get/not-contains/{key}',
            'zato.cache.builtin.pubapi.get-contains-all':    '/zato/cache/get/contains-all',
            'zato.cache.builtin.pubapi.get-contains-any':    '/zato/cache/get/contains-any',

            # Multi-key set
            'zato.cache.builtin.pubapi.set-by-prefix':       '/zato/cache/set/by-prefix/{key}',
            'zato.cache.builtin.pubapi.set-by-regex':        '/zato/cache/set/by-regex/{key}',
            'zato.cache.builtin.pubapi.set-by-suffix':       '/zato/cache/set/by-suffix/{key}',
            'zato.cache.builtin.pubapi.set-contains':        '/zato/cache/set/contains/{key}',
            'zato.cache.builtin.pubapi.set-not-contains':    '/zato/cache/set/not-contains/{key}',
            'zato.cache.builtin.pubapi.set-contains-all':    '/zato/cache/set/contains-all',
            'zato.cache.builtin.pubapi.set-contains-any':    '/zato/cache/set/contains-any',

            # Multi-key delete
            'zato.cache.builtin.pubapi.delete-by-prefix':    '/zato/cache/delete/by-prefix/{key}',
            'zato.cache.builtin.pubapi.delete-by-regex':     '/zato/cache/delete/by-regex/{key}',
            'zato.cache.builtin.pubapi.delete-by-suffix':    '/zato/cache/delete/by-suffix/{key}',
            'zato.cache.builtin.pubapi.delete-contains':     '/zato/cache/delete/contains/{key}',
            'zato.cache.builtin.pubapi.delete-not-contains': '/zato/cache/delete/not-contains/{key}',
            'zato.cache.builtin.pubapi.delete-contains-all': '/zato/cache/delete/contains-all',
            'zato.cache.builtin.pubapi.delete-contains-any': '/zato/cache/delete/contains-any',

            # Multi-key expire
            'zato.cache.builtin.pubapi.expire-by-prefix':    '/zato/cache/expire/by-prefix/{key}',
            'zato.cache.builtin.pubapi.expire-by-regex':     '/zato/cache/expire/by-regex/{key}',
            'zato.cache.builtin.pubapi.expire-by-suffix':    '/zato/cache/expire/by-suffix/{key}',
            'zato.cache.builtin.pubapi.expire-contains':     '/zato/cache/expire/contains/{key}',
            'zato.cache.builtin.pubapi.expire-not-contains': '/zato/cache/expire/not-contains/{key}',
            'zato.cache.builtin.pubapi.expire-contains-all': '/zato/cache/expire/contains-all',
            'zato.cache.builtin.pubapi.expire-contains-any': '/zato/cache/expire/contains-any',

        }

        service_to_impl = {

            # For single keys
            'zato.cache.builtin.pubapi.single-key-service':  'zato.server.service.internal.cache.builtin.pubapi.SingleKeyService',

            # Multi-key get
            'zato.cache.builtin.pubapi.get-by-prefix':       'zato.server.service.internal.cache.builtin.pubapi.GetByPrefix',
            'zato.cache.builtin.pubapi.get-by-regex':        'zato.server.service.internal.cache.builtin.pubapi.GetByRegex',
            'zato.cache.builtin.pubapi.get-by-suffix':       'zato.server.service.internal.cache.builtin.pubapi.GetBySuffix',
            'zato.cache.builtin.pubapi.get-contains':        'zato.server.service.internal.cache.builtin.pubapi.GetContains',
            'zato.cache.builtin.pubapi.get-not-contains':    'zato.server.service.internal.cache.builtin.pubapi.GetNotContains',
            'zato.cache.builtin.pubapi.get-contains-all':    'zato.server.service.internal.cache.builtin.pubapi.GetContainsAll',
            'zato.cache.builtin.pubapi.get-contains-any':    'zato.server.service.internal.cache.builtin.pubapi.GetContainsAny',

            # Multi-key set
            'zato.cache.builtin.pubapi.set-by-prefix':       'zato.server.service.internal.cache.builtin.pubapi.SetByPrefix',
            'zato.cache.builtin.pubapi.set-by-regex':        'zato.server.service.internal.cache.builtin.pubapi.SetByRegex',
            'zato.cache.builtin.pubapi.set-by-suffix':       'zato.server.service.internal.cache.builtin.pubapi.SetBySuffix',
            'zato.cache.builtin.pubapi.set-contains':        'zato.server.service.internal.cache.builtin.pubapi.SetContains',
            'zato.cache.builtin.pubapi.set-not-contains':    'zato.server.service.internal.cache.builtin.pubapi.SetNotContains',
            'zato.cache.builtin.pubapi.set-contains-all':    'zato.server.service.internal.cache.builtin.pubapi.SetContainsAll',
            'zato.cache.builtin.pubapi.set-contains-any':    'zato.server.service.internal.cache.builtin.pubapi.SetContainsAny',

            # Multi-key delete
            'zato.cache.builtin.pubapi.delete-by-prefix':    'zato.server.service.internal.cache.builtin.pubapi.DeleteByPrefix',
            'zato.cache.builtin.pubapi.delete-by-regex':     'zato.server.service.internal.cache.builtin.pubapi.DeleteByRegex',
            'zato.cache.builtin.pubapi.delete-by-suffix':    'zato.server.service.internal.cache.builtin.pubapi.DeleteBySuffix',
            'zato.cache.builtin.pubapi.delete-contains':     'zato.server.service.internal.cache.builtin.pubapi.DeleteContains',
            'zato.cache.builtin.pubapi.delete-not-contains': 'zato.server.service.internal.cache.builtin.pubapi.DeleteNotContains',
            'zato.cache.builtin.pubapi.delete-contains-all': 'zato.server.service.internal.cache.builtin.pubapi.DeleteContainsAll',
            'zato.cache.builtin.pubapi.delete-contains-any': 'zato.server.service.internal.cache.builtin.pubapi.DeleteContainsAny',

            # Multi-key expire
            'zato.cache.builtin.pubapi.expire-by-prefix':    'zato.server.service.internal.cache.builtin.pubapi.ExpireByPrefix',
            'zato.cache.builtin.pubapi.expire-by-regex':     'zato.server.service.internal.cache.builtin.pubapi.ExpireByRegex',
            'zato.cache.builtin.pubapi.expire-by-suffix':    'zato.server.service.internal.cache.builtin.pubapi.ExpireBySuffix',
            'zato.cache.builtin.pubapi.expire-contains':     'zato.server.service.internal.cache.builtin.pubapi.ExpireContains',
            'zato.cache.builtin.pubapi.expire-not-contains': 'zato.server.service.internal.cache.builtin.pubapi.ExpireNotContains',
            'zato.cache.builtin.pubapi.expire-contains-all': 'zato.server.service.internal.cache.builtin.pubapi.ExpireContainsAll',
            'zato.cache.builtin.pubapi.expire-contains-any': 'zato.server.service.internal.cache.builtin.pubapi.ExpireContainsAny',

        }

        sec = HTTPBasicAuth(None, 'zato.default.cache.client', True, 'zato.cache', 'Zato cache', new_password(), cluster)
        session.add(sec)

        for name, impl_name in iteritems(service_to_impl):

            service = Service(None, name, True, impl_name, True, cluster)
            session.add(service)

            url_path = service_to_endpoint[name]

            http_soap = HTTPSOAP(None, name, True, True, 'channel', 'plain_http', None, url_path, None, '',
                None, DATA_FORMAT.JSON, security=None, service=service, cluster=cluster)

            session.add(http_soap)
Exemple #22
0
    def add_pubsub_sec_endpoints(self, session, cluster):

        from zato.common.api import CONNECTION, DATA_FORMAT, PUBSUB, URL_TYPE
        from zato.common.json_internal import dumps
        from zato.common.odb.model import HTTPBasicAuth, HTTPSOAP, PubSubEndpoint, PubSubSubscription, PubSubTopic, \
             Service
        from zato.common.pubsub import new_sub_key
        from zato.common.util.time_ import utcnow_as_ms

        sec_demo = HTTPBasicAuth(
            None, 'zato.pubsub.demo.secdef', True, 'zato.pubsub.demo', 'Zato pub/sub demo', new_password(), cluster)
        session.add(sec_demo)

        sec_default_internal = HTTPBasicAuth(None, 'zato.pubsub.internal.secdef', True, 'zato.pubsub.internal',
            'Zato pub/sub internal', new_password(), cluster)
        session.add(sec_default_internal)

        impl_name1 = 'zato.server.service.internal.pubsub.pubapi.TopicService'
        impl_name2 = 'zato.server.service.internal.pubsub.pubapi.SubscribeService'
        impl_name3 = 'zato.server.service.internal.pubsub.pubapi.MessageService'
        impl_demo = 'zato.server.service.internal.helpers.JSONRawRequestLogger'

        service_topic = Service(None, 'zato.pubsub.pubapi.topic-service', True, impl_name1, True, cluster)
        service_sub = Service(None, 'zato.pubsub.pubapi.subscribe-service', True, impl_name2, True, cluster)
        service_msg = Service(None, 'zato.pubsub.pubapi.message-service', True, impl_name3, True, cluster)
        service_demo = Service(None, 'zato.pubsub.helpers.json-raw-request-logger', True, impl_demo, True, cluster)

        # Opaque data that lets clients use topic contain slash characters
        opaque = dumps({'match_slash':True})

        chan_topic = HTTPSOAP(None, 'zato.pubsub.topic.topic_name', True, True, CONNECTION.CHANNEL,
            URL_TYPE.PLAIN_HTTP, None, '/zato/pubsub/topic/{topic_name}',
            None, '', None, DATA_FORMAT.JSON, security=None, service=service_topic, opaque=opaque,
            cluster=cluster)

        chan_sub = HTTPSOAP(None, 'zato.pubsub.subscribe.topic.topic_name', True, True, CONNECTION.CHANNEL,
            URL_TYPE.PLAIN_HTTP, None, '/zato/pubsub/subscribe/topic/{topic_name}',
            None, '', None, DATA_FORMAT.JSON, security=None, service=service_sub, opaque=opaque,
            cluster=cluster)

        chan_msg = HTTPSOAP(None, 'zato.pubsub.msg.msg_id', True, True, CONNECTION.CHANNEL,
            URL_TYPE.PLAIN_HTTP, None, '/zato/pubsub/msg/{msg_id}',
            None, '', None, DATA_FORMAT.JSON, security=None, service=service_msg, opaque=opaque,
            cluster=cluster)

        chan_demo = HTTPSOAP(None, 'pubsub.demo.sample.channel', True, True, CONNECTION.CHANNEL,
            URL_TYPE.PLAIN_HTTP, None, '/zato/pubsub/zato.demo.sample',
            None, '', None, DATA_FORMAT.JSON, security=sec_demo, service=service_demo, opaque=opaque,
            cluster=cluster)

        outconn_demo = HTTPSOAP(None, 'pubsub.demo.sample.outconn', True, True, CONNECTION.OUTGOING,
            URL_TYPE.PLAIN_HTTP, 'http://localhost:11223', '/zato/pubsub/zato.demo.sample',
            None, '', None, DATA_FORMAT.JSON, security=sec_demo, opaque=opaque,
            cluster=cluster)

        endpoint_default_internal = PubSubEndpoint()
        endpoint_default_internal.name = PUBSUB.DEFAULT.INTERNAL_ENDPOINT_NAME
        endpoint_default_internal.is_internal = True
        endpoint_default_internal.role = PUBSUB.ROLE.PUBLISHER_SUBSCRIBER.id
        endpoint_default_internal.topic_patterns = 'pub=/*\nsub=/*'
        endpoint_default_internal.security = sec_default_internal
        endpoint_default_internal.cluster = cluster
        endpoint_default_internal.endpoint_type = PUBSUB.ENDPOINT_TYPE.INTERNAL.id

        endpoint_demo = PubSubEndpoint()
        endpoint_demo.name = 'zato.pubsub.demo.endpoint'
        endpoint_demo.is_internal = True
        endpoint_demo.role = PUBSUB.ROLE.PUBLISHER_SUBSCRIBER.id
        endpoint_demo.topic_patterns = 'pub=/zato/demo/*\nsub=/zato/demo/*'
        endpoint_demo.security = sec_demo
        endpoint_demo.cluster = cluster
        endpoint_demo.endpoint_type = PUBSUB.ENDPOINT_TYPE.REST.id

        topic = PubSubTopic()
        topic.name = '/zato/demo/sample'
        topic.is_active = True
        topic.is_api_sub_allowed = True
        topic.is_internal = True
        topic.max_depth = 100
        topic.has_gd = False
        topic.cluster = cluster

        sub = PubSubSubscription()
        sub.creation_time = utcnow_as_ms()
        sub.topic = topic
        sub.endpoint = endpoint_demo
        sub.sub_key = new_sub_key(endpoint_demo.endpoint_type)
        sub.has_gd = False
        sub.sub_pattern_matched = 'sub=/zato/demo/*'
        sub.active_status = PUBSUB.QUEUE_ACTIVE_STATUS.FULLY_ENABLED.id
        sub.cluster = cluster
        sub.wrap_one_msg_in_list = False
        sub.delivery_err_should_block = False
        sub.out_http_soap = outconn_demo

        session.add(endpoint_default_internal)
        session.add(endpoint_demo)
        session.add(topic)
        session.add(sub)

        session.add(service_topic)
        session.add(service_sub)
        session.add(service_msg)

        session.add(chan_topic)
        session.add(chan_sub)
        session.add(chan_msg)

        session.add(chan_demo)
        session.add(outconn_demo)
Exemple #23
0
    def handle(self):
        input = self.request.input
        input.security_id = input.security_id if input.security_id != ZATO_NONE else None
        input.soap_action = input.soap_action if input.soap_action else ''

        if not input.url_path.startswith('/'):
            msg = 'URL path:[{}] must start with a slash /'.format(
                input.url_path)
            self.logger.error(msg)
            raise Exception(msg)

        with closing(self.odb.session()) as session:
            existing_one = session.query(HTTPSOAP.id).\
                filter(HTTPSOAP.cluster_id==input.cluster_id).\
                filter(HTTPSOAP.name==input.name).\
                filter(HTTPSOAP.connection==input.connection).\
                filter(HTTPSOAP.transport==input.transport).\
                first()

            if existing_one:
                raise Exception(
                    'An object of that name [{0}] already exists on this cluster'
                    .format(input.name))

            # Is the service's name correct?
            service = session.query(Service).\
                filter(Cluster.id==input.cluster_id).\
                filter(Service.name==input.service).first()

            if input.connection == 'channel' and not service:
                msg = 'Service [{0}] does not exist on this cluster'.format(
                    input.service)
                self.logger.error(msg)
                raise Exception(msg)

            # Will raise exception if the security type doesn't match connection
            # type and transport
            sec_info = self._handle_security_info(session, input.security_id,
                                                  input.connection,
                                                  input.transport)

            try:

                item = HTTPSOAP()
                item.connection = input.connection
                item.transport = input.transport
                item.cluster_id = input.cluster_id
                item.is_internal = input.is_internal
                item.name = input.name
                item.is_active = input.is_active
                item.host = input.host
                item.url_path = input.url_path
                item.security_id = input.security_id
                item.method = input.method
                item.soap_action = input.soap_action
                item.soap_version = input.soap_version
                item.data_format = input.data_format
                item.service = service

                session.add(item)
                session.commit()

                if input.connection == 'channel':
                    input.impl_name = service.impl_name
                    input.service_id = service.id
                    input.service_name = service.name

                input.id = item.id
                input.update(sec_info)

                if input.connection == 'channel':
                    action = CHANNEL.HTTP_SOAP_CREATE_EDIT
                else:
                    action = OUTGOING.HTTP_SOAP_CREATE_EDIT
                self.notify_worker_threads(input, action)

                self.response.payload.id = item.id
                self.response.payload.name = item.name

            except Exception, e:
                msg = 'Could not create the object, e:[{e}]'.format(
                    e=format_exc(e))
                self.logger.error(msg)
                session.rollback()

                raise
Exemple #24
0
    def handle(self):
        input = self.request.input
        input.security_id = input.security_id if input.security_id != ZATO_NONE else None
        input.soap_action = input.soap_action if input.soap_action else ''

        if not input.url_path.startswith('/'):
            msg = 'URL path:[{}] must start with a slash /'.format(input.url_path)
            self.logger.error(msg)
            raise Exception(msg)

        with closing(self.odb.session()) as session:
            existing_one = session.query(HTTPSOAP.id).\
                filter(HTTPSOAP.cluster_id==input.cluster_id).\
                filter(HTTPSOAP.name==input.name).\
                filter(HTTPSOAP.connection==input.connection).\
                filter(HTTPSOAP.transport==input.transport).\
                first()

            if existing_one:
                raise Exception('An object of that name [{0}] already exists on this cluster'.format(input.name))

            # Is the service's name correct?
            service = session.query(Service).\
                filter(Cluster.id==input.cluster_id).\
                filter(Service.name==input.service).first()

            if input.connection == 'channel' and not service:
                msg = 'Service [{0}] does not exist on this cluster'.format(input.service)
                self.logger.error(msg)
                raise Exception(msg)

            # Will raise exception if the security type doesn't match connection
            # type and transport
            sec_info = self._handle_security_info(session, input.security_id, 
                input.connection, input.transport)

            try:

                item = HTTPSOAP()
                item.connection = input.connection
                item.transport = input.transport
                item.cluster_id = input.cluster_id
                item.is_internal = input.is_internal
                item.name = input.name
                item.is_active = input.is_active
                item.host = input.host
                item.url_path = input.url_path
                item.security_id = input.security_id
                item.method = input.method
                item.soap_action = input.soap_action
                item.soap_version = input.soap_version
                item.data_format = input.data_format
                item.service = service
                item.ping_method = input.get('ping_method') or DEFAULT_HTTP_PING_METHOD
                item.pool_size = input.get('pool_size') or DEFAULT_HTTP_POOL_SIZE
                item.merge_url_params_req = input.get('merge_url_params_req') or True
                item.url_params_pri = input.get('url_params_pri') or URL_PARAMS_PRIORITY.DEFAULT
                item.params_pri = input.get('params_pri') or PARAMS_PRIORITY.DEFAULT
                item.serialization_type = input.get('serialization_type') or HTTP_SOAP_SERIALIZATION_TYPE.DEFAULT.id
                item.timeout = input.get('timeout') or MISC.DEFAULT_HTTP_TIMEOUT
                item.has_rbac = input.get('has_rbac', False)

                session.add(item)
                session.commit()

                if input.connection == 'channel':
                    input.impl_name = service.impl_name
                    input.service_id = service.id
                    input.service_name = service.name

                input.id = item.id
                input.update(sec_info)

                if input.connection == 'channel':
                    action = CHANNEL.HTTP_SOAP_CREATE_EDIT.value
                else:
                    action = OUTGOING.HTTP_SOAP_CREATE_EDIT.value
                self.notify_worker_threads(input, action)

                self.response.payload.id = item.id
                self.response.payload.name = item.name

            except Exception, e:
                msg = 'Could not create the object, e:[{e}]'.format(e=format_exc(e))
                self.logger.error(msg)
                session.rollback()

                raise
Exemple #25
0
    def handle(self, *args, **kwargs):

        with closing(self.server.odb.session()) as session:
            payload = kwargs.get('payload')

            core_params = ['connection', 'transport', 'cluster_id', 'name', 
                           'is_active', 'is_internal', 'url_path', 'service', 
                           'sec_def_id']
            core_params = _get_params(payload, core_params, 'data.')

            optional_params = ['method', 'soap_action', 'soap_version']
            optional_params = _get_params(payload, optional_params, 'data.', default_value=None)

            name = core_params['name']
            cluster_id = core_params['cluster_id']
            service_name = core_params['service']
            sec_def_id = core_params['sec_def_id']

            existing_one = session.query(HTTPSOAP.id).\
                filter(HTTPSOAP.cluster_id==cluster_id).\
                filter(HTTPSOAP.name==name).\
                first()

            if existing_one:
                raise Exception('An object of that name [{0}] already exists on this cluster'.format(name))
            
            # Is the service's name correct?
            service = session.query(Service).\
                filter(Cluster.id==cluster_id).\
                filter(Service.name==service_name).first()
            
            if not service:
                msg = 'Service [{0}] does not exist on this cluster'.format(service_name)
                self.logger.error(msg)
                raise Exception(msg)
            
            # Now onto assigning the security-related attributes.

            if sec_def_id != ZATO_NONE:
                sec_def = session.query(SecurityDefinition).\
                filter(SecurityDefinition.id==sec_def_id).\
                one()
                
                #sec_def = SecurityDefinition(None, security_def_type)
                #session.add(sec_def)

            created_elem = Element('http_soap')
            
            try:

                core_params['is_active'] = is_boolean(core_params['is_active'])

                item = HTTPSOAP()
                item.connection = core_params['connection']
                item.transport = core_params['transport']
                item.cluster_id = core_params['cluster_id']
                item.is_internal = core_params['is_internal']
                item.name = core_params['name']
                item.is_active = core_params['is_active']
                item.url_path = core_params['url_path']
                item.method = optional_params.get('method')
                item.soap_action = optional_params.get('soap_action')
                item.soap_version = optional_params.get('soap_version')
                item.service = service
                
                if sec_def_id != ZATO_NONE:
                    
                    channel_sec = HTTPSOAPSecurity(item, sec_def)
                    session.add(channel_sec)

                session.add(item)
                session.commit()

                created_elem.id = item.id

                return ZATO_OK, etree.tostring(created_elem)

            except Exception, e:
                msg = 'Could not create the object, e=[{e}]'.format(e=format_exc(e))
                self.logger.error(msg)
                session.rollback()

                raise
Exemple #26
0
def index(req):
    connection = req.GET.get('connection')
    transport = req.GET.get('transport')
    items = []
    _security = SecurityList()

    if not all((connection, transport)):
        log_msg = "Redirecting to / because at least one of ('connection', 'transport') GET parameters was missing"
        logger.debug(log_msg)
        return HttpResponseRedirect('/')

    create_form = None
    edit_form = None

    colspan = 17

    if transport == 'soap':
        colspan += 2

    if req.zato.cluster_id:
        for def_item in req.zato.client.invoke(
                'zato.security.get-list', {'cluster_id': req.zato.cluster.id}):
            if connection == 'outgoing':
                if transport == URL_TYPE.PLAIN_HTTP and def_item.sec_type not in (
                        SEC_DEF_TYPE.BASIC_AUTH, SEC_DEF_TYPE.TLS_KEY_CERT):
                    continue
                elif transport == URL_TYPE.SOAP and def_item.sec_type not in (
                        SEC_DEF_TYPE.BASIC_AUTH, SEC_DEF_TYPE.NTLM,
                        SEC_DEF_TYPE.WSS):
                    continue

            _security.append(def_item)

        _soap_versions = SOAP_CHANNEL_VERSIONS if connection == 'channel' else SOAP_VERSIONS

        create_form = CreateForm(
            _security, get_tls_ca_cert_list(req.zato.client, req.zato.cluster),
            _soap_versions)
        edit_form = EditForm(_security,
                             get_tls_ca_cert_list(req.zato.client,
                                                  req.zato.cluster),
                             _soap_versions,
                             prefix='edit')

        input_dict = {
            'cluster_id': req.zato.cluster_id,
            'connection': connection,
            'transport': transport,
        }

        for item in req.zato.client.invoke('zato.http-soap.get-list',
                                           input_dict):

            _security_name = item.security_name
            if _security_name:
                security_name = '{0}<br/>{1}'.format(
                    SEC_DEF_TYPE_NAME[item.sec_type], _security_name)
            else:
                security_name = 'No security definition'

            _security_id = item.security_id
            if _security_id:
                security_id = '{0}/{1}'.format(item.sec_type, _security_id)
            else:
                security_id = ZATO_NONE

            item = HTTPSOAP(item.id,
                            item.name,
                            item.is_active,
                            item.is_internal,
                            connection,
                            transport,
                            item.host,
                            item.url_path,
                            item.method,
                            item.soap_action,
                            item.soap_version,
                            item.data_format,
                            item.ping_method,
                            item.pool_size,
                            item.merge_url_params_req,
                            item.url_params_pri,
                            item.params_pri,
                            item.serialization_type,
                            item.timeout,
                            item.sec_tls_ca_cert_id,
                            service_id=item.service_id,
                            service_name=item.service_name,
                            security_id=security_id,
                            has_rbac=item.has_rbac,
                            security_name=security_name)
            items.append(item)

    return_data = {
        'zato_clusters': req.zato.clusters,
        'cluster_id': req.zato.cluster_id,
        'choose_cluster_form': ChooseClusterForm(req.zato.clusters, req.GET),
        'items': items,
        'create_form': create_form,
        'edit_form': edit_form,
        'connection': connection,
        'transport': transport,
        'connection_label': CONNECTION[connection],
        'connection_label_plural': CONNECTION_PLURAL[connection],
        'transport_label': TRANSPORT[transport],
        'colspan': colspan,
        'default_http_ping_method': DEFAULT_HTTP_PING_METHOD,
        'default_http_pool_size': DEFAULT_HTTP_POOL_SIZE,
        'default_http_timeout': MISC.DEFAULT_HTTP_TIMEOUT,
    }

    return TemplateResponse(req, 'zato/http_soap/index.html', return_data)
Exemple #27
0
    def handle(self):
        input = self.request.input
        input.security_id = input.security_id if input.security_id != ZATO_NONE else None
        input.soap_action = input.soap_action if input.soap_action else ''
        
        if not input.url_path.startswith('/'):
            msg = 'URL path:[{}] must start with a slash /'.format(input.url_path)
            self.logger.error(msg)
            raise Exception(msg)
        
        with closing(self.odb.session()) as session:
            existing_one = session.query(HTTPSOAP.id).\
                filter(HTTPSOAP.cluster_id==input.cluster_id).\
                filter(HTTPSOAP.name==input.name).\
                filter(HTTPSOAP.connection==input.connection).\
                filter(HTTPSOAP.transport==input.transport).\
                first()

            if existing_one:
                raise Exception('An object of that name [{0}] already exists on this cluster'.format(input.name))
            
            # Is the service's name correct?
            service = session.query(Service).\
                filter(Cluster.id==input.cluster_id).\
                filter(Service.name==input.service).first()
            
            if input.connection == 'channel' and not service:
                msg = 'Service [{0}] does not exist on this cluster'.format(input.service)
                self.logger.error(msg)
                raise Exception(msg)
            
            # Will raise exception if the security type doesn't match connection
            # type and transport
            sec_info = self._handle_security_info(session, input.security_id, 
                input.connection, input.transport)
            
            try:

                item = HTTPSOAP()
                item.connection = input.connection
                item.transport = input.transport
                item.cluster_id = input.cluster_id
                item.is_internal = input.is_internal
                item.name = input.name
                item.is_active = input.is_active
                item.host = input.host
                item.url_path = input.url_path
                item.security_id = input.security_id
                item.method = input.method
                item.soap_action = input.soap_action
                item.soap_version = input.soap_version
                item.data_format = input.data_format
                item.service = service

                session.add(item)
                session.commit()
                
                if input.connection == 'channel':
                    input.impl_name = service.impl_name
                    input.service_id = service.id
                    input.service_name = service.name

                input.id = item.id
                input.update(sec_info)
                
                if input.connection == 'channel':
                    action = CHANNEL.HTTP_SOAP_CREATE_EDIT
                else:
                    action = OUTGOING.HTTP_SOAP_CREATE_EDIT
                self.notify_worker_threads(input, action)

                self.response.payload.id = item.id

            except Exception, e:
                msg = 'Could not create the object, e:[{e}]'.format(e=format_exc(e))
                self.logger.error(msg)
                session.rollback()

                raise
Exemple #28
0
    def add_ping_services(self, session, cluster):
        """ Adds a ping service and channels, with and without security checks.
        """
        passwords = {
            'ping.plain_http.basic_auth': None,
            'ping.soap.basic_auth': None,
            'ping.soap.wss.clear_text': None,
        }

        for password in passwords:
            passwords[password] = uuid4().hex

        ping_impl_name = 'zato.server.service.internal.Ping'
        ping_service_name = 'zato.ping'
        ping_service = Service(None, ping_service_name, True, ping_impl_name, True, cluster)
        session.add(ping_service)

        #
        # .. no security ..
        #
        # TODO
        # Change it to /zato/json/ping
        # and add an actual /zato/ping with no data format specified.
        ping_no_sec_channel = HTTPSOAP(
            None, 'zato.ping', True, True, 'channel',
            'plain_http', None, '/zato/ping', None, '', None, SIMPLE_IO.FORMAT.JSON, service=ping_service, cluster=cluster)
        session.add(ping_no_sec_channel)

        #
        # All the possible options
        #
        # Plain HTTP / Basic auth
        # SOAP / Basic auth
        # SOAP / WSS / Clear text
        #

        transports = ['plain_http', 'soap']
        wss_types = ['clear_text']

        for transport in transports:

            if transport == 'plain_http':
                data_format = SIMPLE_IO.FORMAT.JSON
            else:
                data_format = SIMPLE_IO.FORMAT.XML

            base_name = 'ping.{0}.basic_auth'.format(transport)
            zato_name = 'zato.{0}'.format(base_name)
            url = '/zato/{0}'.format(base_name)
            soap_action, soap_version = (zato_name, '1.1') if transport == 'soap' else ('', None)
            password = passwords[base_name]

            sec = HTTPBasicAuth(None, zato_name, True, zato_name, 'Zato ping', password, cluster)
            session.add(sec)

            channel = HTTPSOAP(
                None, zato_name, True, True, 'channel', transport, None, url, None, soap_action,
                soap_version, data_format, service=ping_service, security=sec, cluster=cluster)
            session.add(channel)

            if transport == 'soap':
                for wss_type in wss_types:
                    base_name = 'ping.{0}.wss.{1}'.format(transport, wss_type)
                    zato_name = 'zato.{0}'.format(base_name)
                    url = '/zato/{0}'.format(base_name)
                    password = passwords[base_name]

                    sec = WSSDefinition(None, zato_name, True, zato_name, password, wss_type, False, True, 3600, 3600, cluster)
                    session.add(sec)

                    channel = HTTPSOAP(
                        None, zato_name, True, True, 'channel', transport, None, url, None, soap_action,
                        soap_version, data_format, service=ping_service, security=sec, cluster=cluster)
                    session.add(channel)
Exemple #29
0
def index(req):
    connection = req.GET.get('connection')
    transport = req.GET.get('transport')
    items = []
    _security = []

    if not all((connection, transport)):
        log_msg = "Redirecting to / because at least one of ('connection', 'transport') GET parameters was missing"
        logger.debug(log_msg)
        return HttpResponseRedirect('/')

    create_form = None
    edit_form = None

    colspan = 14

    if transport == 'soap':
        colspan += 2

    if req.zato.cluster_id:
        for def_item in req.zato.client.invoke(
                'zato.security.get-list', {'cluster_id': req.zato.cluster.id}):
            # Outgoing plain HTTP connections may use HTTP Basic Auth only,
            # outgoing SOAP connections may use either WSS or HTTP Basic Auth.
            if connection == 'outgoing':
                if transport == URL_TYPE.PLAIN_HTTP and def_item.sec_type != _security_def_type.basic_auth:
                    continue
                elif transport == URL_TYPE.SOAP and def_item.sec_type \
                     not in(_security_def_type.basic_auth, _security_def_type.wss):
                    continue

            value = '{0}/{1}'.format(def_item.sec_type, def_item.id)
            label = '{0}/{1}'.format(SECURITY_TYPES[def_item.sec_type],
                                     def_item.name)
            _security.append((value, label))

        _soap_versions = SOAP_CHANNEL_VERSIONS if connection == 'channel' else SOAP_VERSIONS

        create_form = CreateForm(_security, _soap_versions)
        edit_form = EditForm(_security, _soap_versions, prefix='edit')

        input_dict = {
            'cluster_id': req.zato.cluster_id,
            'connection': connection,
            'transport': transport,
        }
        for item in req.zato.client.invoke('zato.http-soap.get-list',
                                           input_dict):

            _security_name = item.security_name
            if _security_name:
                security_name = '{0}<br/>{1}'.format(
                    SECURITY_TYPES[item.sec_type], _security_name)
            else:
                security_name = 'No security'

            _security_id = item.security_id
            if _security_id:
                security_id = '{0}/{1}'.format(item.sec_type, _security_id)
            else:
                security_id = ZATO_NONE

            item = HTTPSOAP(item.id,
                            item.name,
                            item.is_active,
                            item.is_internal,
                            connection,
                            transport,
                            item.host,
                            item.url_path,
                            item.method,
                            item.soap_action,
                            item.soap_version,
                            item.data_format,
                            item.ping_method,
                            item.pool_size,
                            service_id=item.service_id,
                            service_name=item.service_name,
                            security_id=security_id,
                            security_name=security_name)
            items.append(item)

    return_data = {
        'zato_clusters': req.zato.clusters,
        'cluster_id': req.zato.cluster_id,
        'choose_cluster_form': ChooseClusterForm(req.zato.clusters, req.GET),
        'items': items,
        'create_form': create_form,
        'edit_form': edit_form,
        'connection': connection,
        'transport': transport,
        'connection_label': CONNECTION[connection],
        'connection_label_plural': CONNECTION_PLURAL[connection],
        'transport_label': TRANSPORT[transport],
        'colspan': colspan,
        'default_http_ping_method': DEFAULT_HTTP_PING_METHOD,
        'default_http_pool_size': DEFAULT_HTTP_POOL_SIZE,
    }

    return TemplateResponse(req, 'zato/http_soap.html', return_data)