def api_introspection(uuid):
utils.check_auth(flask.request)
if not uuidutils.is_uuid_like(uuid):
raise utils.Error(_('Invalid UUID value'), code=400)
if flask.request.method == 'POST':
new_ipmi_password = flask.request.args.get('new_ipmi_password',
type=str,
default=None)
if new_ipmi_password:
new_ipmi_username = flask.request.args.get('new_ipmi_username',
type=str,
default=None)
new_ipmi_credentials = (new_ipmi_username, new_ipmi_password)
else:
new_ipmi_credentials = None
introspect.introspect(uuid,
new_ipmi_credentials=new_ipmi_credentials,
token=flask.request.headers.get('X-Auth-Token'))
return '', 202
else:
node_info = node_cache.get_node(uuid)
return flask.json.jsonify(finished=bool(node_info.finished_at),
error=node_info.error or None)
def api_introspection(uuid):
utils.check_auth(flask.request)
if not uuidutils.is_uuid_like(uuid):
raise utils.Error(_('Invalid UUID value'), code=400)
if flask.request.method == 'POST':
new_ipmi_password = flask.request.args.get('new_ipmi_password',
type=str,
default=None)
if new_ipmi_password:
new_ipmi_username = flask.request.args.get('new_ipmi_username',
type=str,
default=None)
new_ipmi_credentials = (new_ipmi_username, new_ipmi_password)
else:
new_ipmi_credentials = None
introspect.introspect(uuid,
new_ipmi_credentials=new_ipmi_credentials,
token=flask.request.headers.get('X-Auth-Token'))
return '', 202
else:
node_info = node_cache.get_node(uuid)
return flask.json.jsonify(finished=bool(node_info.finished_at),
error=node_info.error or None)
def api_introspection(node_id):
utils.check_auth(flask.request)
if flask.request.method == 'POST':
new_ipmi_password = flask.request.args.get('new_ipmi_password',
type=str,
default=None)
if new_ipmi_password:
new_ipmi_username = flask.request.args.get('new_ipmi_username',
type=str,
default=None)
new_ipmi_credentials = (new_ipmi_username, new_ipmi_password)
else:
new_ipmi_credentials = None
if new_ipmi_credentials and _get_version() >= (1, 9):
return _('Setting IPMI credentials is deprecated and not allowed '
'starting with API version 1.9'), 400
introspect.introspect(node_id,
new_ipmi_credentials=new_ipmi_credentials,
token=flask.request.headers.get('X-Auth-Token'))
return '', 202
else:
node_info = node_cache.get_node(node_id)
return flask.json.jsonify(generate_introspection_status(node_info))
def api_introspection(node_id):
utils.check_auth(flask.request)
if flask.request.method == 'POST':
new_ipmi_password = flask.request.args.get('new_ipmi_password',
type=str,
default=None)
if new_ipmi_password:
new_ipmi_username = flask.request.args.get('new_ipmi_username',
type=str,
default=None)
new_ipmi_credentials = (new_ipmi_username, new_ipmi_password)
else:
new_ipmi_credentials = None
if new_ipmi_credentials and _get_version() >= (1, 9):
return _('Setting IPMI credentials is deprecated and not allowed '
'starting with API version 1.9'), 400
introspect.introspect(node_id,
new_ipmi_credentials=new_ipmi_credentials,
token=flask.request.headers.get('X-Auth-Token'))
return '', 202
else:
node_info = node_cache.get_node(node_id)
return flask.json.jsonify(generate_introspection_status(node_info))
def api_introspection_abort(uuid):
utils.check_auth(flask.request)
if not uuidutils.is_uuid_like(uuid):
raise utils.Error(_('Invalid UUID value'), code=400)
introspect.abort(uuid, token=flask.request.headers.get('X-Auth-Token'))
return '', 202
def api_introspection_abort(uuid):
utils.check_auth(flask.request)
if not uuidutils.is_uuid_like(uuid):
raise utils.Error(_('Invalid UUID value'), code=400)
introspect.abort(uuid, token=flask.request.headers.get('X-Auth-Token'))
return '', 202
def api_rule(uuid):
utils.check_auth(flask.request)
if flask.request.method == 'GET':
rule = rules.get(uuid)
return flask.jsonify(rule_repr(rule, short=False))
else:
rules.delete(uuid)
return '', 204
def api_rule(uuid):
utils.check_auth(flask.request)
if flask.request.method == 'GET':
rule = rules.get(uuid)
return flask.jsonify(rule_repr(rule, short=False))
else:
rules.delete(uuid)
return '', 204
def wrapper(*args, **kwargs):
flask.request.context = context.RequestContext.from_environ(
flask.request.environ, is_public_api=is_public_api)
if verb_to_rule_map and rule:
policy_rule = rule.format(
verb_to_rule_map[flask.request.method.upper()])
else:
policy_rule = rule
utils.check_auth(flask.request, rule=policy_rule)
return func(*args, **kwargs)
def api_introspection_data(uuid):
utils.check_auth(flask.request)
if CONF.processing.store_data == 'swift':
res = swift.get_introspection_data(uuid)
return res, 200, {'Content-Type': 'application/json'}
else:
return error_response(_('Inspector is not configured to store data. '
'Set the [processing] store_data '
'configuration option to change this.'),
code=404)
def api_introspection_data(uuid):
utils.check_auth(flask.request)
if CONF.processing.store_data == 'swift':
res = swift.get_introspection_data(uuid)
return res, 200, {'Content-Type': 'application/json'}
else:
return error_response(_('Inspector is not configured to store data. '
'Set the [processing] store_data '
'configuration option to change this.'),
code=404)
def api_introspection(node_id):
utils.check_auth(flask.request)
if flask.request.method == 'POST':
introspect.introspect(node_id,
token=flask.request.headers.get('X-Auth-Token'))
return '', 202
else:
node_info = node_cache.get_node(node_id)
return flask.json.jsonify(generate_introspection_status(node_info))
def api_introspection_statuses():
utils.check_auth(flask.request)
nodes = node_cache.get_node_list(
marker=api_tools.marker_field(),
limit=api_tools.limit_field(default=CONF.api_max_limit))
data = {
'introspection':
[generate_introspection_status(node) for node in nodes]
}
return flask.json.jsonify(data)
def api_introspection_statuses():
utils.check_auth(flask.request)
nodes = node_cache.get_node_list(
marker=api_tools.marker_field(),
limit=api_tools.limit_field(default=CONF.api_max_limit)
)
data = {
'introspection': [generate_introspection_status(node)
for node in nodes]
}
return flask.json.jsonify(data)
def api_introspection_data(node_id):
utils.check_auth(flask.request)
if CONF.processing.store_data == 'swift':
if not uuidutils.is_uuid_like(node_id):
node = ir_utils.get_node(node_id, fields=['uuid'])
node_id = node.uuid
res = swift.get_introspection_data(node_id)
return res, 200, {'Content-Type': 'application/json'}
else:
return error_response(_('Inspector is not configured to store data. '
'Set the [processing] store_data '
'configuration option to change this.'),
code=404)
def api_introspection_data(node_id):
utils.check_auth(flask.request)
if CONF.processing.store_data == 'swift':
if not uuidutils.is_uuid_like(node_id):
node = ir_utils.get_node(node_id, fields=['uuid'])
node_id = node.uuid
res = swift.get_introspection_data(node_id)
return res, 200, {'Content-Type': 'application/json'}
else:
return error_response(_('Inspector is not configured to store data. '
'Set the [processing] store_data '
'configuration option to change this.'),
code=404)
def api_introspection_reapply(node_id):
utils.check_auth(flask.request)
if flask.request.content_length:
return error_response(_('User data processing is not '
'supported yet'), code=400)
if CONF.processing.store_data == 'swift':
process.reapply(node_id)
return '', 202
else:
return error_response(_('Inspector is not configured to store'
' data. Set the [processing] '
'store_data configuration option to '
'change this.'), code=400)
def api_introspection_reapply(uuid):
utils.check_auth(flask.request)
if flask.request.content_length:
return error_response(_('User data processing is not '
'supported yet'), code=400)
if CONF.processing.store_data == 'swift':
process.reapply(uuid)
return '', 202
else:
return error_response(_('Inspector is not configured to store'
' data. Set the [processing] '
'store_data configuration option to '
'change this.'), code=400)
def api_rules():
utils.check_auth(flask.request)
if flask.request.method == 'GET':
res = [rule_repr(rule, short=True) for rule in rules.get_all()]
return flask.jsonify(rules=res)
elif flask.request.method == 'DELETE':
rules.delete_all()
return '', 204
else:
body = flask.request.get_json(force=True)
if body.get('uuid') and not uuidutils.is_uuid_like(body['uuid']):
raise utils.Error(_('Invalid UUID value'), code=400)
rule = rules.create(conditions_json=body.get('conditions', []),
actions_json=body.get('actions', []),
uuid=body.get('uuid'),
description=body.get('description'))
return flask.jsonify(rule_repr(rule, short=False))
def api_rules():
utils.check_auth(flask.request)
if flask.request.method == 'GET':
res = [rule_repr(rule, short=True) for rule in rules.get_all()]
return flask.jsonify(rules=res)
elif flask.request.method == 'DELETE':
rules.delete_all()
return '', 204
else:
body = flask.request.get_json(force=True)
if body.get('uuid') and not uuidutils.is_uuid_like(body['uuid']):
raise utils.Error(_('Invalid UUID value'), code=400)
rule = rules.create(conditions_json=body.get('conditions', []),
actions_json=body.get('actions', []),
uuid=body.get('uuid'),
description=body.get('description'))
return flask.jsonify(rule_repr(rule, short=False))
def api_introspection(node_id):
utils.check_auth(flask.request)
if flask.request.method == 'POST':
new_ipmi_password = flask.request.args.get('new_ipmi_password',
type=str,
default=None)
if new_ipmi_password:
new_ipmi_username = flask.request.args.get('new_ipmi_username',
type=str,
default=None)
new_ipmi_credentials = (new_ipmi_username, new_ipmi_password)
else:
new_ipmi_credentials = None
introspect.introspect(node_id,
new_ipmi_credentials=new_ipmi_credentials,
token=flask.request.headers.get('X-Auth-Token'))
return '', 202
else:
node_info = node_cache.get_node(node_id)
return flask.json.jsonify(generate_introspection_status(node_info))
def test_disabled(self):
self.cfg.config(auth_strategy='noauth')
request = mock.Mock(headers={'X-Identity-Status': 'Invalid'})
utils.check_auth(request)
def test_disabled(self):
self.cfg.config(auth_strategy='noauth')
request = mock.Mock(headers={'X-Identity-Status': 'Invalid'})
utils.check_auth(request)
def test_basic(self):
self.cfg.config(auth_strategy='http_basic')
request = mock.Mock(headers={'X-Identity-Status': 'Invalid'})
utils.check_auth(request)
def test_ok(self):
request = mock.Mock(headers={
'X-Identity-Status': 'Confirmed',
'X-Roles': 'admin,member'
})
utils.check_auth(request)
def test_disabled(self):
CONF.set_override('auth_strategy', 'noauth')
request = mock.Mock(headers={'X-Identity-Status': 'Invalid'})
utils.check_auth(request)
def api_introspection_abort(node_id):
utils.check_auth(flask.request)
introspect.abort(node_id, token=flask.request.headers.get('X-Auth-Token'))
return '', 202
def test_public_api(self):
request = mock.Mock(headers={'X-Identity-Status': 'Invalid'})
request.context = context.RequestContext(is_public_api=True)
utils.check_auth(request, "public_api")
def test_ok(self):
request = mock.Mock(headers={"X-Identity-Status": "Confirmed", "X-Roles": "admin,member"})
utils.check_auth(request)
def test_ok(self):
request = mock.Mock(headers={'X-Identity-Status': 'Confirmed',
'X-Roles': 'admin,member'})
utils.check_auth(request)
def test_disabled(self):
CONF.set_override('auth_strategy', 'noauth')
request = mock.Mock(headers={'X-Identity-Status': 'Invalid'})
utils.check_auth(request)
def test_admin(self):
request = mock.Mock(headers={'X-Identity-Status': 'Confirmed'})
request.context = context.RequestContext(roles=['admin'])
utils.check_auth(request, rule="is_admin")
def api_introspection_abort(node_id):
utils.check_auth(flask.request)
introspect.abort(node_id, token=flask.request.headers.get('X-Auth-Token'))
return '', 202
def test_admin(self):
request = mock.Mock(headers={'X-Identity-Status': 'Confirmed'})
request.context = context.RequestContext(roles=['admin'])
utils.check_auth(request, rule="is_admin")
def test_public_api(self):
request = mock.Mock(headers={'X-Identity-Status': 'Invalid'})
request.context = context.RequestContext(is_public_api=True)
utils.check_auth(request, "public_api")
def test_disabled(self):
CONF.set_override("auth_strategy", "noauth")
request = mock.Mock(headers={"X-Identity-Status": "Invalid"})
utils.check_auth(request)
