def setup_app(config=None): config = config or {} LOG.info("Creating st2api: %s as OpenAPI app.", VERSION_STRING) is_gunicorn = config.get("is_gunicorn", False) if is_gunicorn: # NOTE: We only want to perform this logic in the WSGI worker st2api_config.register_opts(ignore_errors=True) capabilities = { "name": "api", "listen_host": cfg.CONF.api.host, "listen_port": cfg.CONF.api.port, "type": "active", } # This should be called in gunicorn case because we only want # workers to connect to db, rabbbitmq etc. In standalone HTTP # server case, this setup would have already occurred. common_setup( service="api", config=st2api_config, setup_db=True, register_mq_exchanges=True, register_signal_handlers=True, register_internal_trigger_types=True, run_migrations=True, service_registry=True, capabilities=capabilities, config_args=config.get("config_args", None), ) # Additional pre-run time checks validate_rbac_is_correctly_configured() router = Router(debug=cfg.CONF.api.debug, auth=cfg.CONF.auth.enable, is_gunicorn=is_gunicorn) spec = spec_loader.load_spec("st2common", "openapi.yaml.j2") transforms = { "^/api/v1/$": ["/v1"], "^/api/v1/": ["/", "/v1/"], "^/api/v1/executions": ["/actionexecutions", "/v1/actionexecutions"], "^/api/exp/": ["/exp/"], } router.add_spec(spec, transforms=transforms) app = router.as_wsgi # Order is important. Check middleware for detailed explanation. app = StreamingMiddleware(app, path_whitelist=["/v1/executions/*/output*"]) app = ErrorHandlingMiddleware(app) app = CorsMiddleware(app) app = LoggingMiddleware(app, router) app = ResponseInstrumentationMiddleware(app, router, service_name="api") app = RequestIDMiddleware(app) app = RequestInstrumentationMiddleware(app, router, service_name="api") return app
def setup_app(config={}): LOG.info('Creating st2api: %s as OpenAPI app.', VERSION_STRING) is_gunicorn = config.get('is_gunicorn', False) if is_gunicorn: # Note: We need to perform monkey patching in the worker. If we do it in # the master process (gunicorn_config.py), it breaks tons of things # including shutdown monkey_patch() st2api_config.register_opts() capabilities = { 'name': 'api', 'listen_host': cfg.CONF.api.host, 'listen_port': cfg.CONF.api.port, 'type': 'active' } # This should be called in gunicorn case because we only want # workers to connect to db, rabbbitmq etc. In standalone HTTP # server case, this setup would have already occurred. common_setup(service='api', config=st2api_config, setup_db=True, register_mq_exchanges=True, register_signal_handlers=True, register_internal_trigger_types=True, run_migrations=True, service_registry=True, capabilities=capabilities, config_args=config.get('config_args', None)) # Additional pre-run time checks validate_rbac_is_correctly_configured() router = Router(debug=cfg.CONF.api.debug, auth=cfg.CONF.auth.enable, is_gunicorn=is_gunicorn) spec = spec_loader.load_spec('st2common', 'openapi.yaml.j2') transforms = { '^/api/v1/$': ['/v1'], '^/api/v1/': ['/', '/v1/'], '^/api/v1/executions': ['/actionexecutions', '/v1/actionexecutions'], '^/api/exp/': ['/exp/'] } router.add_spec(spec, transforms=transforms) app = router.as_wsgi # Order is important. Check middleware for detailed explanation. app = StreamingMiddleware(app, path_whitelist=['/v1/executions/*/output*']) app = ErrorHandlingMiddleware(app) app = CorsMiddleware(app) app = LoggingMiddleware(app, router) app = ResponseInstrumentationMiddleware(app, router, service_name='api') app = RequestIDMiddleware(app) app = RequestInstrumentationMiddleware(app, router, service_name='api') return app
def setup_app(config=None): config = config or {} LOG.info("Creating st2auth: %s as OpenAPI app.", VERSION_STRING) is_gunicorn = config.get("is_gunicorn", False) if is_gunicorn: # NOTE: We only want to perform this logic in the WSGI worker st2auth_config.register_opts(ignore_errors=True) capabilities = { "name": "auth", "listen_host": cfg.CONF.auth.host, "listen_port": cfg.CONF.auth.port, "listen_ssl": cfg.CONF.auth.use_ssl, "type": "active", } # This should be called in gunicorn case because we only want # workers to connect to db, rabbbitmq etc. In standalone HTTP # server case, this setup would have already occurred. common_setup( service="auth", config=st2auth_config, setup_db=True, register_mq_exchanges=False, register_signal_handlers=True, register_internal_trigger_types=False, run_migrations=False, service_registry=True, capabilities=capabilities, config_args=config.get("config_args", None), ) # pysaml2 uses subprocess communicate which calls communicate_with_poll if cfg.CONF.auth.sso and cfg.CONF.auth.sso_backend == "saml2": use_select_poll_workaround(nose_only=False) # Additional pre-run time checks validate_auth_backend_is_correctly_configured() router = Router(debug=cfg.CONF.auth.debug, is_gunicorn=is_gunicorn) spec = spec_loader.load_spec("st2common", "openapi.yaml.j2") transforms = {"^/auth/v1/": ["/", "/v1/"]} router.add_spec(spec, transforms=transforms) app = router.as_wsgi # Order is important. Check middleware for detailed explanation. app = ErrorHandlingMiddleware(app) app = CorsMiddleware(app) app = LoggingMiddleware(app, router) app = ResponseInstrumentationMiddleware(app, router, service_name="auth") app = RequestIDMiddleware(app) app = RequestInstrumentationMiddleware(app, router, service_name="auth") return app
def setup_app(config={}): LOG.info("Creating st2stream: %s as OpenAPI app.", VERSION_STRING) is_gunicorn = config.get("is_gunicorn", False) if is_gunicorn: # Note: We need to perform monkey patching in the worker. If we do it in # the master process (gunicorn_config.py), it breaks tons of things # including shutdown monkey_patch() st2stream_config.register_opts() capabilities = { "name": "stream", "listen_host": cfg.CONF.stream.host, "listen_port": cfg.CONF.stream.port, "type": "active", } # This should be called in gunicorn case because we only want # workers to connect to db, rabbbitmq etc. In standalone HTTP # server case, this setup would have already occurred. common_setup( service="stream", config=st2stream_config, setup_db=True, register_mq_exchanges=True, register_signal_handlers=True, register_internal_trigger_types=False, run_migrations=False, service_registry=True, capabilities=capabilities, config_args=config.get("config_args", None), ) router = Router(debug=cfg.CONF.stream.debug, auth=cfg.CONF.auth.enable, is_gunicorn=is_gunicorn) spec = spec_loader.load_spec("st2common", "openapi.yaml.j2") transforms = {"^/stream/v1/": ["/", "/v1/"]} router.add_spec(spec, transforms=transforms) app = router.as_wsgi # Order is important. Check middleware for detailed explanation. app = StreamingMiddleware(app) app = ErrorHandlingMiddleware(app) app = CorsMiddleware(app) app = LoggingMiddleware(app, router) app = ResponseInstrumentationMiddleware(app, router, service_name="stream") app = RequestIDMiddleware(app) app = RequestInstrumentationMiddleware(app, router, service_name="stream") return app
def setup_app(config=None): config = config or {} LOG.info('Creating st2auth: %s as OpenAPI app.', VERSION_STRING) is_gunicorn = config.get('is_gunicorn', False) if is_gunicorn: # NOTE: We only want to perform this logic in the WSGI worker st2auth_config.register_opts() capabilities = { 'name': 'auth', 'listen_host': cfg.CONF.auth.host, 'listen_port': cfg.CONF.auth.port, 'listen_ssl': cfg.CONF.auth.use_ssl, 'type': 'active' } # This should be called in gunicorn case because we only want # workers to connect to db, rabbbitmq etc. In standalone HTTP # server case, this setup would have already occurred. common_setup(service='auth', config=st2auth_config, setup_db=True, register_mq_exchanges=False, register_signal_handlers=True, register_internal_trigger_types=False, run_migrations=False, service_registry=True, capabilities=capabilities, config_args=config.get('config_args', None)) # Additional pre-run time checks validate_auth_backend_is_correctly_configured() router = Router(debug=cfg.CONF.auth.debug, is_gunicorn=is_gunicorn) spec = spec_loader.load_spec('st2common', 'openapi.yaml.j2') transforms = {'^/auth/v1/': ['/', '/v1/']} router.add_spec(spec, transforms=transforms) app = router.as_wsgi # Order is important. Check middleware for detailed explanation. app = ErrorHandlingMiddleware(app) app = CorsMiddleware(app) app = LoggingMiddleware(app, router) app = ResponseInstrumentationMiddleware(app, router, service_name='auth') app = RequestIDMiddleware(app) app = RequestInstrumentationMiddleware(app, router, service_name='auth') return app
def test_secret_parameters_are_masked_in_log_message( self, mock_request, mock_log): def app(environ, custom_start_response): custom_start_response(status="200 OK", headers=[("Content-Length", 100)]) return [None] router = mock.Mock() endpoint = mock.Mock() router.match.return_value = (endpoint, None) middleware = LoggingMiddleware(app=app, router=router) cfg.CONF.set_override( group="log", name="mask_secrets_blacklist", override=["blacklisted_4", "blacklisted_5"], ) environ = {} mock_request.return_value.GET.dict_of_lists.return_value = { "foo": "bar", "bar": "baz", "x-auth-token": "secret", "st2-api-key": "secret", "password": "******", "st2_auth_token": "secret", "token": "secret", "blacklisted_4": "super secret", "blacklisted_5": "super secret", } middleware(environ=environ, start_response=mock.Mock()) expected_query = { "foo": "bar", "bar": "baz", "x-auth-token": MASKED_ATTRIBUTE_VALUE, "st2-api-key": MASKED_ATTRIBUTE_VALUE, "password": MASKED_ATTRIBUTE_VALUE, "token": MASKED_ATTRIBUTE_VALUE, "st2_auth_token": MASKED_ATTRIBUTE_VALUE, "blacklisted_4": MASKED_ATTRIBUTE_VALUE, "blacklisted_5": MASKED_ATTRIBUTE_VALUE, } call_kwargs = mock_log.info.call_args_list[0][1] query = call_kwargs["extra"]["query"] self.assertEqual(query, expected_query)
def test_secret_parameters_are_masked_in_log_message( self, mock_request, mock_log): def app(environ, custom_start_response): custom_start_response(status='200 OK', headers=[('Content-Length', 100)]) return [None] router = mock.Mock() endpoint = mock.Mock() router.match.return_value = (endpoint, None) middleware = LoggingMiddleware(app=app, router=router) cfg.CONF.set_override(group='log', name='mask_secrets_blacklist', override=['blacklisted_4', 'blacklisted_5']) environ = {} mock_request.return_value.GET.dict_of_lists.return_value = { 'foo': 'bar', 'bar': 'baz', 'x-auth-token': 'secret', 'st2-api-key': 'secret', 'password': '******', 'st2_auth_token': 'secret', 'token': 'secret', 'blacklisted_4': 'super secret', 'blacklisted_5': 'super secret', } middleware(environ=environ, start_response=mock.Mock()) expected_query = { 'foo': 'bar', 'bar': 'baz', 'x-auth-token': MASKED_ATTRIBUTE_VALUE, 'st2-api-key': MASKED_ATTRIBUTE_VALUE, 'password': MASKED_ATTRIBUTE_VALUE, 'token': MASKED_ATTRIBUTE_VALUE, 'st2_auth_token': MASKED_ATTRIBUTE_VALUE, 'blacklisted_4': MASKED_ATTRIBUTE_VALUE, 'blacklisted_5': MASKED_ATTRIBUTE_VALUE, } call_kwargs = mock_log.info.call_args_list[0][1] query = call_kwargs['extra']['query'] self.assertEqual(query, expected_query)
def setup_app(config={}): LOG.info('Creating st2api: %s as OpenAPI app.', VERSION_STRING) is_gunicorn = config.get('is_gunicorn', False) if is_gunicorn: # Note: We need to perform monkey patching in the worker. If we do it in # the master process (gunicorn_config.py), it breaks tons of things # including shutdown monkey_patch() st2api_config.register_opts() # This should be called in gunicorn case because we only want # workers to connect to db, rabbbitmq etc. In standalone HTTP # server case, this setup would have already occurred. common_setup(service='api', config=st2api_config, setup_db=True, register_mq_exchanges=True, register_signal_handlers=True, register_internal_trigger_types=True, run_migrations=True, config_args=config.get('config_args', None)) # Additional pre-run time checks validate_rbac_is_correctly_configured() router = Router(debug=cfg.CONF.api.debug, auth=cfg.CONF.auth.enable) spec = spec_loader.load_spec('st2common', 'openapi.yaml') transforms = { '^/api/v1/': ['/', '/v1/'], '^/api/v1/executions': ['/actionexecutions', '/v1/actionexecutions'], '^/api/exp/': ['/exp/'] } router.add_spec(spec, transforms=transforms) app = router.as_wsgi app = CorsMiddleware(app) app = LoggingMiddleware(app, router) app = ErrorHandlingMiddleware(app) app = RequestIDMiddleware(app) return app
def setup_app(config={}): LOG.info('Creating st2stream: %s as OpenAPI app.', VERSION_STRING) is_gunicorn = config.get('is_gunicorn', False) if is_gunicorn: # Note: We need to perform monkey patching in the worker. If we do it in # the master process (gunicorn_config.py), it breaks tons of things # including shutdown monkey_patch() st2stream_config.register_opts() # This should be called in gunicorn case because we only want # workers to connect to db, rabbbitmq etc. In standalone HTTP # server case, this setup would have already occurred. common_setup(service='stream', config=st2stream_config, setup_db=True, register_mq_exchanges=True, register_signal_handlers=True, register_internal_trigger_types=False, run_migrations=False, config_args=config.get('config_args', None)) router = Router(debug=cfg.CONF.stream.debug, auth=cfg.CONF.auth.enable, is_gunicorn=is_gunicorn) spec = spec_loader.load_spec('st2common', 'openapi.yaml.j2') transforms = {'^/stream/v1/': ['/', '/v1/']} router.add_spec(spec, transforms=transforms) app = router.as_wsgi # Order is important. Check middleware for detailed explanation. app = StreamingMiddleware(app) app = ErrorHandlingMiddleware(app) app = CorsMiddleware(app) app = LoggingMiddleware(app, router) app = RequestIDMiddleware(app) return app