def post(self):
node_id = self.request.POST.get('node_id')
if node_id is None:
return {'ok': False, 'message': 'Missing node ID'}
settings = get_current_registry().settings
api = get_chef_api(settings, self.request.user)
# create chef client
chef_client = ChefClient(node_id, api)
if chef_client.exists:
return {'ok': False, 'message': 'This client already exists'}
chef_client = ChefClient.create(node_id, api)
# Prepare the API for this client
chef_url = settings.get('chef.url')
chef_version = settings.get('chef.version')
chef_ssl_verify = settings.get('chef.ssl.verify')
if chef_ssl_verify == 'False' or chef_ssl_verify == 'True':
chef_ssl_verify = bool(chef_ssl_verify)
api = ChefAPI(chef_url, chef_client.private_key.encode(), node_id, chef_version, ssl_verify = False)
# create chef node
chef_node = ChefNode(node_id, api)
if chef_node.exists:
return {'ok': False, 'message': 'This node already exists'}
chef_node.save()
return {'ok': True, 'message': 'Node and client have been added',
'client_private_key': chef_client.private_key}
def put(self):
# implements "knife client reregister"
node_id = self.request.POST.get('node_id')
if node_id is None:
return {'ok': False, 'message': 'Missing node ID'}
settings = get_current_registry().settings
api = get_chef_api(settings, self.request.user)
# remove current node's client
chef_client = ChefClient(node_id, api)
if not chef_client.exists:
return {'ok': False, 'message': 'This client does not exists'}
chef_client.rekey(api)
return {'ok': True, 'message': "Chef node's client has been update",
'client_private_key': chef_client.private_key}
def delete(self):
node_id = self.request.GET.get('node_id')
if node_id is None:
return {'ok': False, 'message': 'Missing node ID'}
settings = get_current_registry().settings
api = get_chef_api(settings, self.request.user)
chef_node = ChefNode(node_id, api)
if not chef_node.exists:
return {'ok': False, 'message': 'This node does not exists'}
chef_node.delete()
chef_client = ChefClient(node_id, api)
if not chef_client.exists:
return {'ok': False, 'message': 'This client does not exists'}
chef_client.delete()
return {'ok': True, 'message': 'Node and client have been deleted'}
def post(self):
logger.debug('/help-channel-client/login START')
# Default known message
known_message = 'En un lugar de la Mancha, de cuyo nombre no quiero'\
' acordarme, no ha mucho tiempo que vivía un hidalgo de los de'\
' lanza en astillero, adarga antigua, rocín flaco y galgo corredor.'
# Check the parameters
node_id = self.request.POST.get('node_id')
if not node_id:
logger.error('/help-channel-client/login - No node ID')
return {'ok': False, 'message': 'Please set a node id'}
username = self.request.POST.get('username')
if not username:
logger.error('/help-channel-client/login - No username')
return {'ok': False, 'message': 'Please set a username'}
secret = self.request.POST.get('secret')
if not secret:
logger.error('/help-channel-client/login - No secret')
return {'ok': False, 'message': 'Please set a secret'}
hc_server = self.request.POST.get('hc_server')
if not hc_server:
logger.error('/help-channel-client/login - No server')
return {'ok': False, 'message': 'Please set a Help Channel Server'}
gcc_username = self.request.POST.get('gcc_username')
if not gcc_username:
logger.error('/help-channel-client/login - No admin username')
return {
'ok': False,
'message': 'Please set a GCC administrator username'
}
self.request.user = self.request.db.adminusers.find_one(
{'username': gcc_username})
if not self.request.user:
return {
'ok': False,
'message': 'The admin user %s does not exists' % gcc_username
}
logger.debug('/help-channel-client/login node_id=%s' % (node_id))
logger.debug('/help-channel-client/login username=%s' % (username))
logger.debug('/help-channel-client/login secret=%s' % (secret))
logger.debug('/help-channel-client/login hc_server=%s' % (hc_server))
logger.debug('/help-channel-client/login gccusername=%s' %
(gcc_username))
gcc_node = self.request.db.nodes.find_one({'node_chef_id': node_id})
if not gcc_node:
logger.error('/help-channel-client/login - Node not found')
return {'ok': False, 'message': 'Node not found in database'}
can_access_to_this_path(self.request,
self.request.db.nodes,
gcc_node,
ou_type='ou_remote') # Remote OUs
gcc_user = self.request.db.nodes.find_one({
'type': 'user',
'name': username
})
if not gcc_user:
logger.error('/help-channel-client/login - User not found')
return {'ok': False, 'message': 'User not found in database'}
try:
# Check the secret message
api = get_chef_api(self.request.registry.settings,
self.request.user)
chef_client = ChefClient(node_id, api)
if not chef_client.exists:
logger.error('/help-channel-client/login - Client not found')
return {'ok': False, 'message': 'This client does not exists'}
chef_node = ChefNode(node_id, api)
if not chef_node.exists:
logger.error(
'/help-channel-client/login - Chef node not found')
return {
'ok': False,
'message': 'This chef node does not exists'
}
client_certificate = chef_client.certificate
public_key = RSA.importKey(client_certificate)
decrypted = public_key.encrypt(bytes.fromhex(secret), 0)[0]
decrypted = decrypted.decode("utf-8")
known_message_setting = self.request.registry.settings.get(
'helpchannel.known_message')
if known_message_setting is not None:
known_message = known_message_setting
if decrypted != known_message:
logger.error('/help-channel-client/login - Bad secret')
return {'ok': False, 'message': 'Bad secret'}
# Login successful, generate the token!
server_address = self.request.registry.settings.get(
'server_address', 'UNKNOWN')
if server_address == 'UNKNOWN':
server_address = os.getenv('HOSTNAME', 'UNKNOWN')
# - Token generation
min_char = 8
max_char = 12
allchar = string.ascii_letters + string.digits
token = ''.join(
choice(allchar) for _ in range(randint(min_char, max_char)))
self.request.db.helpchannel.insert_one({
'last_modified':
datetime.datetime.utcnow(),
'action':
'request',
'computer_node_id':
node_id,
'computer_node_path':
gcc_node['path'],
'user_node_id':
str(gcc_user['_id']),
'user_node_path':
gcc_user['path'],
'adminuser_id':
False,
'adminuser_ou_managed':
False,
'adminuser_is_superuser':
False,
'gecos_cc_server':
server_address,
'helpchannel_server':
hc_server,
'token':
token
})
logger.info('/help-channel-client/login - token: %s' % (token))
return {'ok': True, 'token': token}
except (urllib.error.URLError, ChefError, ChefServerError):
pass
logger.error('/help-channel-client/login - UNKNOWN')
return {'ok': False, 'message': 'Unknown error'}