def _cs_request(self, *args, **kwargs): kargs = {} kargs.setdefault('headers', kwargs.get('headers', {})) kargs['headers']['User-Agent'] = USER_AGENT if 'body' in kwargs: kargs['body'] = kwargs['body'] if self.log_credentials: log_kargs = kargs else: log_kargs = self._strip_credentials(kargs) utils.http_log_req(_logger, args, log_kargs) try: resp, body = self.request(*args, **kargs) except requests.exceptions.SSLError as e: raise exceptions.SslCertificateValidationError(reason=e) except Exception as e: # Wrap the low-level connection error (socket timeout, redirect # limit, decompression error, etc) into our custom high-level # connection exception (it is excepted in the upper layers of code) _logger.debug("throwing ConnectionFailed : %s", e) raise exceptions.ConnectionFailed(reason=e) utils.http_log_resp(_logger, resp, body) if resp.status_code == 401: raise exceptions.Unauthorized(message=body) return resp, body
def test_strip_credentials_from_log(self): def verify_no_credentials(kwargs): return ("REDACTED" in kwargs["body"]) and (self.client.password not in kwargs["body"]) def verify_credentials(body): return "REDACTED" not in body and self.client.password in body self.mox.StubOutWithMock(self.client, "request") self.mox.StubOutWithMock(utils, "http_log_req") res200 = get_response(200) utils.http_log_req(mox.IgnoreArg(), mox.IgnoreArg(), mox.Func(verify_no_credentials)) self.client.request( mox.IsA(six.string_types), mox.IsA(six.string_types), body=mox.Func(verify_credentials), headers=mox.IgnoreArg(), ).AndReturn((res200, json.dumps(KS_TOKEN_RESULT))) utils.http_log_req(mox.IgnoreArg(), mox.IgnoreArg(), mox.IgnoreArg()) self.client.request(mox.IsA(six.string_types), mox.IsA(six.string_types), headers=mox.IsA(dict)).AndReturn( (res200, "") ) self.mox.ReplayAll() self.client.do_request("/resource", "GET")
def _cs_request(self, *args, **kwargs): kargs = {} kargs.setdefault('headers', kwargs.get('headers', {})) kargs['headers']['User-Agent'] = self.USER_AGENT if 'body' in kwargs: kargs['body'] = kwargs['body'] if self.log_credentials: log_kargs = kargs else: log_kargs = self._strip_credentials(kargs) utils.http_log_req(_logger, args, log_kargs) try: resp, body = self.request(*args, **kargs) except requests.exceptions.SSLError as e: raise exceptions.SslCertificateValidationError(reason=e) except Exception as e: # Wrap the low-level connection error (socket timeout, redirect # limit, decompression error, etc) into our custom high-level # connection exception (it is excepted in the upper layers of code) _logger.debug("throwing ConnectionFailed : %s", e) raise exceptions.ConnectionFailed(reason=e) utils.http_log_resp(_logger, resp, body) if resp.status_code == 401: raise exceptions.Unauthorized(message=body) return resp, body
def test_strip_credentials_from_log(self): def verify_no_credentials(kwargs): return ('REDACTED' in kwargs['body']) and (self.client.password not in kwargs['body']) def verify_credentials(body): return 'REDACTED' not in body and self.client.password in body self.mox.StubOutWithMock(self.client, "request") self.mox.StubOutWithMock(utils, "http_log_req") res200 = self.mox.CreateMock(httplib2.Response) res200.status = 200 utils.http_log_req(mox.IgnoreArg(), mox.IgnoreArg(), mox.Func(verify_no_credentials)) self.client.request(mox.IsA(str), mox.IsA(str), body=mox.Func(verify_credentials), headers=mox.IgnoreArg()).AndReturn( (res200, json.dumps(KS_TOKEN_RESULT))) utils.http_log_req(mox.IgnoreArg(), mox.IgnoreArg(), mox.IgnoreArg()) self.client.request(mox.IsA(str), mox.IsA(str), headers=mox.IsA(dict)).AndReturn((res200, '')) self.mox.ReplayAll() self.client.do_request('/resource', 'GET')
def test_strip_credentials_from_log(self): def verify_no_credentials(kwargs): return ('REDACTED' in kwargs['body']) and ( self.client.password not in kwargs['body']) def verify_credentials(body): return 'REDACTED' not in body and self.client.password in body self.mox.StubOutWithMock(self.client, "request") self.mox.StubOutWithMock(utils, "http_log_req") res200 = self.mox.CreateMock(httplib2.Response) res200.status = 200 utils.http_log_req(mox.IgnoreArg(), mox.IgnoreArg(), mox.Func( verify_no_credentials)) self.client.request( mox.IsA(str), mox.IsA(str), body=mox.Func(verify_credentials), headers=mox.IgnoreArg() ).AndReturn((res200, json.dumps(KS_TOKEN_RESULT))) utils.http_log_req(mox.IgnoreArg(), mox.IgnoreArg(), mox.IgnoreArg()) self.client.request( mox.IsA(str), mox.IsA(str), headers=mox.IsA(dict) ).AndReturn((res200, '')) self.mox.ReplayAll() self.client.do_request('/resource', 'GET')
def _cs_request(self, *args, **kwargs): kargs = {} kargs.setdefault('headers', kwargs.get('headers', {})) kargs['headers']['User-Agent'] = self.USER_AGENT if 'content_type' in kwargs: kargs['headers']['Content-Type'] = kwargs['content_type'] kargs['headers']['Accept'] = kwargs['content_type'] else: kargs['headers']['Content-Type'] = self.content_type kargs['headers']['Accept'] = self.content_type if 'body' in kwargs: kargs['body'] = kwargs['body'] args = utils.safe_encode_list(args) kargs = utils.safe_encode_dict(kargs) utils.http_log_req(_logger, args, kargs) try: resp, body = self.request(*args, **kargs) except Exception as e: # Wrap the low-level connection error (socket timeout, redirect # limit, decompression error, etc) into our custom high-level # connection exception (it is excepted in the upper layers of code) raise exceptions.ConnectionFailed(reason=e) utils.http_log_resp(_logger, resp, body) status_code = self.get_status_code(resp) if status_code == 401: raise exceptions.Unauthorized(message=body) elif status_code == 403: raise exceptions.Forbidden(message=body) return resp, body
def _cs_request(self, *args, **kwargs): kargs = {} kargs.setdefault('headers', kwargs.get('headers', {})) if 'content_type' in kwargs: kargs['headers']['Content-Type'] = kwargs['content_type'] kargs['headers']['Accept'] = kwargs['content_type'] else: kargs['headers']['Content-Type'] = self.content_type kargs['headers']['Accept'] = self.content_type if self.auth_token: kargs['headers']['X-Auth-Token'] = self.auth_token if 'body' in kwargs: kargs['body'] = kwargs['body'] if self.log_credentials: log_kargs = kargs else: log_kargs = self._strip_credentials(kargs) utils.http_log_req(_logger, args, log_kargs) try: resp, body = self.request(*args, **kargs) except Exception as e: # Wrap the low-level connection error (socket timeout, redirect # limit, decompression error, etc) into our custom high-level # connection exception (it is excepted in the upper layers of code) _logger.debug("throwing ConnectionFailed : %s", e) raise exceptions.CommunicationError(e) finally: # Temporary Fix for gate failures. RPC calls and HTTP requests # seem to be stepping on each other resulting in bogus fd's being # picked up for making http requests self.connections.clear() self.http_log_resp(_logger, resp, body) status_code = self.get_status_code(resp) if status_code == 401: raise exceptions.HTTPUnauthorized(body) elif status_code == 403: error_json = self._extract_error_json(body) raise exceptions.Forbidden(error_json.get('faultstring')) elif 400 <= status_code < 600: _logger.warn("Request returned failure status.") error_json = self._extract_error_json(body) raise exceptions.from_response(resp, error_json.get('faultstring'), error_json.get('debuginfo'), *args) elif status_code in (301, 302, 305): # Redirected. Reissue the request to the new location. return self._cs_request(resp['location'], args[1], **kwargs) elif status_code == 300: raise exceptions.from_response(resp, *args) return resp, body
def authenticate(self): if self.auth_strategy != 'keystone': raise exceptions.Unauthorized(message=_('Unknown auth strategy')) if self.tenant_id: body = { 'auth': { 'passwordCredentials': { 'username': self.username, 'password': self.password, }, 'tenantId': self.tenant_id, }, } else: body = { 'auth': { 'passwordCredentials': { 'username': self.username, 'password': self.password, }, 'tenantName': self.tenant_name, }, } token_url = self.auth_url + "/tokens" # Make sure we follow redirects when trying to reach Keystone tmp_follow_all_redirects = self.follow_all_redirects self.follow_all_redirects = True try: resp, resp_body = self._cs_request(token_url, "POST", body=json.dumps(body), content_type="application/json") finally: self.follow_all_redirects = tmp_follow_all_redirects status_code = self.get_status_code(resp) if status_code != 200: if not _logger.isEnabledFor(logging.DEBUG): utils.http_log_req(_logger, ["POST"], { 'body': json.dumps(body), 'content_type': "application/json" }, force_logging=True) raise exceptions.Unauthorized(message=resp_body) if resp_body: try: resp_body = json.loads(resp_body) except ValueError: pass else: resp_body = None self._extract_service_catalog(resp_body)
def _cs_request(self, *args, **kwargs): kargs = {} kargs.setdefault('headers', kwargs.get('headers', {})) kargs['headers']['User-Agent'] = self.USER_AGENT if 'content_type' in kwargs: kargs['headers']['Content-Type'] = kwargs['content_type'] kargs['headers']['Accept'] = kwargs['content_type'] else: kargs['headers']['Content-Type'] = self.content_type kargs['headers']['Accept'] = self.content_type if 'body' in kwargs: kargs['body'] = kwargs['body'] args = utils.safe_encode_list(args) kargs = utils.safe_encode_dict(kargs) if self.log_credentials: log_kargs = kargs else: log_kargs = self._strip_credentials(kargs) utils.http_log_req(_logger, args, log_kargs) try: resp, body = self.request(*args, **kargs) except httplib2.SSLHandshakeError as e: raise exceptions.SslCertificateValidationError(reason=e) except Exception as e: # Wrap the low-level connection error (socket timeout, redirect # limit, decompression error, etc) into our custom high-level # connection exception (it is excepted in the upper layers of code) _logger.debug("throwing ConnectionFailed : %s", e) raise exceptions.ConnectionFailed(reason=e) finally: # Temporary Fix for gate failures. RPC calls and HTTP requests # seem to be stepping on each other resulting in bogus fd's being # picked up for making http requests self.connections.clear() utils.http_log_resp(_logger, resp, body) status_code = self.get_status_code(resp) if status_code == 401: raise exceptions.Unauthorized(message=body) elif status_code == 403: raise exceptions.Forbidden(message=body) return resp, body
def _cs_request(self, *args, **kwargs): kargs = {} kargs.setdefault('headers', kwargs.get('headers', {})) kargs['headers']['User-Agent'] = USER_AGENT if 'body' in kwargs: kargs['body'] = kwargs['body'] if self.log_credentials: log_kargs = kargs else: log_kargs = self._strip_credentials(kargs) utils.http_log_req(_logger, args, log_kargs) try: resp, body = self.request(*args, **kargs) except requests.exceptions.SSLError as e: raise exceptions.SslCertificateValidationError(reason=str(e)) except Exception as e: # Wrap the low-level connection error (socket timeout, redirect # limit, decompression error, etc) into our custom high-level # connection exception (it is excepted in the upper layers of code) _logger.debug("throwing ConnectionFailed : %s", e) raise exceptions.ConnectionFailed(reason=str(e)) utils.http_log_resp(_logger, resp, body) # log request-id for each api call request_id = resp.headers.get('x-openstack-request-id') if request_id: _logger.debug( '%(method)s call to neutron for ' '%(url)s used request id ' '%(response_request_id)s', { 'method': resp.request.method, 'url': resp.url, 'response_request_id': request_id }) if resp.status_code == 401: raise exceptions.Unauthorized(message=body) return resp, body
def authenticate(self): if self.auth_strategy != 'keystone': raise exceptions.Unauthorized(message=_('Unknown auth strategy')) if self.tenant_id: body = {'auth': {'passwordCredentials': {'username': self.username, 'password': self.password, }, 'tenantId': self.tenant_id, }, } else: body = {'auth': {'passwordCredentials': {'username': self.username, 'password': self.password, }, 'tenantName': self.tenant_name, }, } token_url = self.auth_url + "/tokens" # Make sure we follow redirects when trying to reach Keystone tmp_follow_all_redirects = self.follow_all_redirects self.follow_all_redirects = True try: resp, resp_body = self._cs_request(token_url, "POST", body=json.dumps(body), content_type="application/json") finally: self.follow_all_redirects = tmp_follow_all_redirects status_code = self.get_status_code(resp) if status_code != 200: if not _logger.isEnabledFor(logging.DEBUG): utils.http_log_req(_logger, ["POST"], {'body': json.dumps(body), 'content_type': "application/json"}, force_logging=True) raise exceptions.Unauthorized(message=resp_body) if resp_body: try: resp_body = json.loads(resp_body) except ValueError: pass else: resp_body = None self._extract_service_catalog(resp_body)