def auth_common(identity, x_rh_identity): # pylint: disable=unused-argument
"""
Check account number and entitlements
"""
if 'identity' not in identity:
return None
id_details = identity['identity']
if 'account_number' not in id_details:
return None
rh_account_number = id_details['account_number']
if not is_entitled_smart_management(identity):
raise MissingEntitlementException
if RBAC_URL:
try:
response = requests.get(RBAC_URL,
headers={'x-rh-identity': x_rh_identity})
except requests.exceptions.RequestException:
LOGGER.exception("Error calling RBAC: ")
raise RbacException
if response.status_code != 200 or 'vulnerability:*:*' not in [
x['permission'] for x in response.json()['data']
]:
raise RbacException
ACCOUNT_REQUESTS.labels(rh_account_number).inc()
return {'uid': rh_account_number}
def process_message(msg):
"""Message processing logic"""
PROCESS_MESSAGES.inc()
LOGGER.info('Received message from topic %s: %s', msg.topic, msg.value)
try:
msg_dict = json.loads(msg.value.decode("utf8"))
except json.decoder.JSONDecodeError:
MESSAGE_PARSE_ERROR.inc()
LOGGER.exception("Unable to parse message: ")
return
if msg.topic == mqueue.UPLOAD_TOPIC:
# proces only archives from smart_management accounts
identity = get_identity(msg_dict.get("b64_identity", ""))
if identity is None:
INVALID_IDENTITY.inc()
LOGGER.warning(
"Skipped upload due to invalid identity header.")
return
if not is_entitled_smart_management(identity,
allow_missing_section=True):
MISSING_SMART_MANAGEMENT.inc()
LOGGER.debug(
"Skipped upload due to missing smart_management entitlement."
)
return
process_func = process_upload
elif msg.topic == mqueue.EVENTS_TOPIC:
if msg_dict['type'] == 'delete':
process_func = process_delete
else:
UNKNOWN_EVENT_TYPE.inc()
LOGGER.error("Received unknown event type: %s",
msg_dict['type'])
return
else:
UNKNOWN_TOPIC.inc()
LOGGER.error("Received message on unsupported topic: %s",
msg.topic)
return
if 'id' not in msg_dict or msg_dict["id"] is None:
MISSING_ID.inc()
LOGGER.warning(
"Unable to process message, inventory ID is missing.")
return
future = executor.submit(process_func, msg_dict, loop=loop)
future.add_done_callback(on_thread_done)
def process_message(msg):
"""Message processing logic"""
PROCESS_MESSAGES.inc()
LOGGER.info('Received message on topic %s', msg.topic)
LOGGER.debug('Message body: %s', msg.value)
try:
msg_dict = json.loads(msg.value.decode('utf8'))
except json.decoder.JSONDecodeError:
MESSAGE_PARSE_ERROR.inc()
LOGGER.exception('Unable to parse message: ')
return
identity = get_identity(msg_dict['input']['platform_metadata']['b64_identity'])
if identity is None:
INVALID_IDENTITY.inc()
LOGGER.warning('Skipped advisor result due to invalid identity header.')
return
if not is_entitled_smart_management(identity, allow_missing_section=True):
# TODO: remove with together with SM removal
MISSING_SMART_MANAGEMENT.inc()
LOGGER.debug('Skipped advisor result due to missing smart_management entitlement.')
return
# TODO: insert system into database if it's 1st upload, shall we update last seen?
system_data = {
'rh_account': msg_dict['input']['host']['account'],
'display_name': msg_dict['input']['host']['display_name'],
'inventory_id': msg_dict['input']['host']['id']
}
rule_hits = {}
reports = msg_dict['results']['reports']
for report in reports:
failed_cves = report['details'].get('cves_fail', [])
if failed_cves:
rule = report['rule_id']
if rule in RULE_BLACKLIST:
# TODO: remove this once CVE_2017_5753_4_cpu_kernel and CVE_2017_5715_cpu_virt are merged
continue
if rule not in RULES_CACHE:
db_import_rule(rule)
for cve in failed_cves:
if cve not in CVES_CACHE:
db_import_cve(cve)
rule_hits[CVES_CACHE[cve]] = RULES_CACHE[rule]
db_import_system(system_data, rule_hits)
def auth_common(identity): # pylint: disable=unused-argument
"""
Check account number and entitlements
"""
if 'identity' not in identity:
return None
id_details = identity['identity']
if 'account_number' not in id_details:
return None
rh_account_number = id_details['account_number']
if not is_entitled_smart_management(identity):
raise MissingEntitlementException
ACCOUNT_REQUESTS.labels(rh_account_number).inc()
return {'uid': rh_account_number}
def process_message(msg): # pylint: disable=too-many-return-statements,too-many-branches
"""Message processing logic"""
PROCESS_MESSAGES.inc()
LOGGER.info('Received message from topic %s: %s', msg.topic, msg.value)
try:
msg_dict = json.loads(msg.value.decode("utf8"))
except json.decoder.JSONDecodeError:
MESSAGE_PARSE_ERROR.inc()
LOGGER.exception("Unable to parse message: ")
return
FailedCache.process_failed_cache(FailedCache.upload_cache, executor,
process_upload, loop)
FailedCache.process_failed_cache(FailedCache.delete_cache, executor,
process_delete, loop)
if msg.topic == mqueue.UPLOAD_TOPIC:
if not validate_msg(msg_dict, "upload",
REQUIRED_UPLOAD_MESSAGE_FIELDS):
return
# send message to payload tracker
send_msg_to_payload_tracker(PAYLOAD_TRACKER_PRODUCER,
msg_dict,
'received',
loop=loop)
# proces only archives from smart_management accounts
identity = get_identity(
msg_dict["platform_metadata"]["b64_identity"])
if identity is None:
INVALID_IDENTITY.inc()
error_msg = "Skipped upload due to invalid identity header."
LOGGER.warning(error_msg)
send_msg_to_payload_tracker(PAYLOAD_TRACKER_PRODUCER,
msg_dict,
'error',
status_msg=error_msg,
loop=loop)
return
if not is_entitled_smart_management(identity,
allow_missing_section=True):
MISSING_SMART_MANAGEMENT.inc()
error_msg = "Skipped upload due to missing smart_management entitlement."
LOGGER.debug(error_msg)
send_msg_to_payload_tracker(PAYLOAD_TRACKER_PRODUCER,
msg_dict,
'error',
status_msg=error_msg,
loop=loop)
return
process_func = process_upload
elif msg.topic == mqueue.EVENTS_TOPIC:
if not validate_msg(msg_dict, "event",
REQUIRED_EVENT_MESSAGE_FIELDS):
return
if msg_dict['type'] == 'delete':
process_func = process_delete
else:
UNKNOWN_EVENT_TYPE.inc()
LOGGER.error("Received unknown event type: %s",
msg_dict['type'])
return
else:
UNKNOWN_TOPIC.inc()
LOGGER.error("Received message on unsupported topic: %s",
msg.topic)
return
future = executor.submit(process_func, msg_dict, loop=loop)
future.add_done_callback(on_thread_done)