def authorize_console(self, context, token, console_type, host, port, internal_access_path, instance_uuid): token_dict = {'token': token, 'instance_uuid': instance_uuid, 'console_type': console_type, 'host': host, 'port': port, 'internal_access_path': internal_access_path, 'last_activity_at': time.time()} data = jsonutils.dumps(token_dict) # We need to log the warning message if the token is not cached # successfully, because the failure will cause the console for # instance to not be usable. if not self.mc.set(token.encode('UTF-8'), data, CONF.console_token_ttl): LOG.warning(_LW("Token: %(token)s failed to save into memcached."), {'token': HWExtend.b64encodeToken(token)}) tokens = self._get_tokens_for_instance(instance_uuid) # Remove the expired tokens from cache. for tok in tokens: token_str = self.mc.get(tok.encode('UTF-8')) if not token_str: tokens.remove(tok) tokens.append(token) if not self.mc.set(instance_uuid.encode('UTF-8'), jsonutils.dumps(tokens)): LOG.warning(_LW("Instance: %(instance_uuid)s failed to save " "into memcached"), {'instance_uuid': instance_uuid}) token = HWExtend.b64encodeToken(token) token_dict['token'] = token LOG.audit(_("Received Token: %(token)s, %(token_dict)s"), {'token': token, 'token_dict': token_dict})
def check_token(self, context, token): token_str = self.mc.get(token.encode('UTF-8')) token_valid = (token_str is not None) LOG.audit(_("Checking Token: %(token)s, %(token_valid)s"), {'token': HWExtend.b64encodeToken(token), 'token_valid': token_valid}) if token_valid: token = jsonutils.loads(token_str) if self._validate_token(context, token): return token
def __call__(self, request): now = timeutils.utcnow() reqBody = "-" heartBeatLog = False if 'xml' in str(request.content_type) or 'json' in str( request.content_type): if request.content_length is not None and request.content_length < 10240: reqBody = str(request.body) or '-' if HWExtend.hasSensitiveStr(reqBody): reqBody = '-' reqBody = h_utils._filter_sensitive_data(reqBody) data = { 'remote_addr': request.remote_addr, 'remote_user': request.remote_user or '-', 'token_id': "None", 'request_datetime': '%s' % now.strftime(APACHE_TIME_FORMAT), 'response_datetime': '%s' % now.strftime(APACHE_TIME_FORMAT), 'method': request.method, 'url': request.url, 'http_version': request.http_version, 'status': 500, 'content_length': '-', 'request_body': reqBody, 'instance_id': '-' } token = '' try: token = request.headers['X-Auth-Token'] token = HWExtend.b64encodeToken(token) except: token = "-" try: response = request.get_response(self.application) data['status'] = response.status_int data['content_length'] = response.content_length or '-' finally: # must be calculated *after* the application has been called now = timeutils.utcnow() data['token_id'] = token if "GET" in data['method'] and "/tokens/" in data['url']: Pos = data['url'].find("tokens") + 7 logToken = data['url'][Pos:Pos + 32] encodedToken = HWExtend.b64encodeToken(logToken) data['url'] = data['url'].replace(logToken, encodedToken) elif "POST" in data['method'] and data['url'].endswith("/servers"): if int(data['status']) < 400: try: resp_body = json.loads(response.body) vm_server = resp_body.get('server', None) if vm_server is not None: instance_id = vm_server.get('id', None) if instance_id is not None: data['instance_id'] = instance_id except Exception: pass elif "OPTIONS" in data['method'] and data['url'].endswith( ":%s/" % self.port): heartBeatLog = True if heartBeatLog != True: #timeutils may not return UTC, so we can't hardcode +0000 data['response_datetime'] = '%s' % ( now.strftime(APACHE_TIME_FORMAT)) log.info(DRM_LOG_FORMAT % data, extra={"type": "operate"}) return response
def __call__(self, request): now = timeutils.utcnow() reqBody = "-" heartBeatLog = False if 'xml' in str(request.content_type) or 'json' in str(request.content_type): if request.content_length is not None and request.content_length < 10240: reqBody = str(request.body) or '-' if HWExtend.hasSensitiveStr(reqBody): reqBody = '-' reqBody = h_utils._filter_sensitive_data(reqBody) data = { 'remote_addr': request.remote_addr, 'remote_user': request.remote_user or '-', 'token_id':"None", 'request_datetime':'%s' % now.strftime(APACHE_TIME_FORMAT), 'response_datetime':'%s' % now.strftime(APACHE_TIME_FORMAT), 'method': request.method, 'url': request.url, 'http_version': request.http_version, 'status': 500, 'content_length': '-', 'request_body':reqBody, 'instance_id':'-'} token = '' try: token = request.headers['X-Auth-Token'] token = HWExtend.b64encodeToken(token) except: token = "-" try: response = request.get_response(self.application) data['status'] = response.status_int data['content_length'] = response.content_length or '-' finally: # must be calculated *after* the application has been called now = timeutils.utcnow() data['token_id'] = token if "GET" in data['method'] and "/tokens/" in data['url']: Pos = data['url'].find("tokens") + 7 logToken = data['url'][Pos:Pos+32] encodedToken = HWExtend.b64encodeToken(logToken) data['url'] = data['url'].replace(logToken,encodedToken) elif "POST" in data['method'] and data['url'].endswith("/servers"): if int(data['status']) < 400: try: resp_body = json.loads(response.body) vm_server = resp_body.get('server', None) if vm_server is not None: instance_id = vm_server.get('id', None) if instance_id is not None: data['instance_id'] = instance_id except Exception: pass elif "OPTIONS" in data['method'] and data['url'].endswith(":%s/" % self.port): heartBeatLog = True if heartBeatLog != True: #timeutils may not return UTC, so we can't hardcode +0000 data['response_datetime'] = '%s' % (now.strftime(APACHE_TIME_FORMAT)) log.info(DRM_LOG_FORMAT % data, extra={"type":"operate"}) return response