def _create_auth_token(self, context): if not context: return None user = context.get('user', None) if not user: return None return access.create_token(user)
def test_delete_token(self): token = access.create_token(USERNAME) access.delete_token(token.token) try: token = Token.get(token.token) self.assertTrue(False, 'Delete failed was expected to pass.') except TokenNotFoundError: self.assertTrue(True)
def test_create_token_ttl_ok(self): ttl = 10 token = access.create_token(USERNAME, 10) self.assertTrue(token is not None) self.assertTrue(token.token is not None) self.assertEqual(token.user, USERNAME) expected_expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=ttl) expected_expiry = isotime.add_utc_tz(expected_expiry) self.assertLess(isotime.parse(token.expiry), expected_expiry)
def post(self, request, **kwargs): if not pecan.request.remote_user: LOG.audit('Access denied to anonymous user.') pecan.abort(http_client.UNAUTHORIZED) ttl = getattr(request, 'ttl', None) tokendb = create_token(pecan.request.remote_user, ttl) return TokenAPI.from_model(tokendb)
def test_create_token_ttl_capped(self): ttl = cfg.CONF.auth.token_ttl + 10 expected_expiry = datetime.datetime.utcnow() + datetime.timedelta(seconds=ttl) expected_expiry = isotime.add_utc_tz(expected_expiry) token = access.create_token('manas', 10) self.assertTrue(token is not None) self.assertTrue(token.token is not None) self.assertEqual(token.user, 'manas') self.assertLess(isotime.parse(token.expiry), expected_expiry)
def test_create_token_ttl_capped(self): ttl = cfg.CONF.auth.token_ttl + 10 expected_expiry = date_utils.get_datetime_utc_now() + datetime.timedelta(seconds=ttl) expected_expiry = date_utils.add_utc_tz(expected_expiry) token = access.create_token(USERNAME, 10) self.assertTrue(token is not None) self.assertTrue(token.token is not None) self.assertEqual(token.user, USERNAME) self.assertLess(isotime.parse(token.expiry), expected_expiry)
def test_create_token_ttl_capped(self): ttl = cfg.CONF.auth.token_ttl + 10 expected_expiry = date_utils.get_datetime_utc_now( ) + datetime.timedelta(seconds=ttl) expected_expiry = date_utils.add_utc_tz(expected_expiry) token = access.create_token(USERNAME, 10) self.assertTrue(token is not None) self.assertTrue(token.token is not None) self.assertEqual(token.user, USERNAME) self.assertLess(isotime.parse(token.expiry), expected_expiry)
def test_create_token_ttl_capped(self): ttl = cfg.CONF.auth.token_ttl + 10 expected_expiry = datetime.datetime.utcnow() + datetime.timedelta( seconds=ttl) expected_expiry = isotime.add_utc_tz(expected_expiry) token = access.create_token('manas', 10) self.assertTrue(token is not None) self.assertTrue(token.token is not None) self.assertEqual(token.user, 'manas') self.assertLess(isotime.parse(token.expiry), expected_expiry)
def test_create_token_ttl_ok(self): ttl = 10 token = access.create_token(USERNAME, 10) self.assertIsNotNone(token) self.assertIsNotNone(token.token) self.assertEqual(token.user, USERNAME) expected_expiry = date_utils.get_datetime_utc_now( ) + datetime.timedelta(seconds=ttl) expected_expiry = date_utils.add_utc_tz(expected_expiry) self.assertLess(isotime.parse(token.expiry), expected_expiry)
def __init__(self): self._action_sensor_enabled = cfg.CONF.action_sensor.enable self._trigger_type_endpoint = cfg.CONF.action_sensor.triggers_base_url self._retry_wait = cfg.CONF.action_sensor.retry_wait self._timeout = cfg.CONF.action_sensor.request_timeout self._max_attempts = cfg.CONF.action_sensor.max_attempts self._auth_creds = create_token('system.internal_trigger_registrar', ttl=INTERNAL_TRIGGER_REGISTER_TOKEN_TTL) self._http_post_headers = {'content-type': 'application/json', 'X-Auth-Token': self._auth_creds.token} self._http_get_headers = {'X-Auth-Token': self._auth_creds.token}
def __init__(self): self._action_sensor_enabled = cfg.CONF.action_sensor.enable self._trigger_type_endpoint = cfg.CONF.action_sensor.triggers_base_url self._retry_wait = cfg.CONF.action_sensor.retry_wait self._timeout = cfg.CONF.action_sensor.request_timeout self._max_attempts = cfg.CONF.action_sensor.max_attempts self._auth_creds = create_token('system.internal_trigger_registrar', ttl=(1 * 60 * 60)) self._http_post_headers = {'content-type': 'application/json', 'X-Auth-Token': self._auth_creds.token} self._http_get_headers = {'X-Auth-Token': self._auth_creds.token}
def _get_api_client(self): """ Retrieve API client instance. """ if not self._client: ttl = (24 * 60 * 60) temporary_token = create_token(username=self._api_username, ttl=ttl) api_url = get_full_public_api_url() self._client = Client(api_url=api_url, token=temporary_token.token) return self._client
def test_create_token_service_token_can_use_arbitrary_ttl(self): ttl = (10000 * 24 * 24) # Service token should support arbitrary TTL token = access.create_token(USERNAME, ttl=ttl, service=True) expected_expiry = date_utils.get_datetime_utc_now() + datetime.timedelta(seconds=ttl) expected_expiry = date_utils.add_utc_tz(expected_expiry) self.assertTrue(token is not None) self.assertEqual(token.user, USERNAME) self.assertLess(isotime.parse(token.expiry), expected_expiry) # Non service token should throw on TTL which is too large self.assertRaises(TTLTooLargeException, access.create_token, USERNAME, ttl=ttl, service=False)
def _get_api_client(self): """ Retrieve API client instance. """ token_expire = self._token_expire <= get_datetime_utc_now() if not self._client or token_expire: self._logger.audit('Creating new Client object.') ttl = cfg.CONF.auth.service_token_ttl self._token_expire = get_datetime_utc_now() + timedelta(seconds=ttl) temporary_token = create_token(username=self._api_username, ttl=ttl, service=True) api_url = get_full_public_api_url() self._client = Client(api_url=api_url, token=temporary_token.token) return self._client
def _get_api_client(self): """ Retrieve API client instance. """ token_expire = self._token_expire <= get_datetime_utc_now() if not self._client or token_expire: self._logger.audit('Creating new Client object.') ttl = (24 * 60 * 60) self._token_expire = get_datetime_utc_now() + timedelta(seconds=ttl) temporary_token = create_token(username=self._api_username, ttl=ttl) api_url = get_full_public_api_url() self._client = Client(api_url=api_url, token=temporary_token.token) return self._client
def _create_auth_token(self, context, action_db, liveaction_db): if not context: return None user = context.get('user', None) if not user: return None metadata = { 'service': 'actions_container', 'action_name': action_db.name, 'live_action_id': str(liveaction_db.id) } token_db = access.create_token(username=user, metadata=metadata, service=True) return token_db
def _create_auth_token(self, context, action_db, liveaction_db): if not context: return None user = context.get('user', None) if not user: return None metadata = { 'service': 'actions_container', 'action_name': action_db.name, 'live_action_id': str(liveaction_db.id) } ttl = cfg.CONF.auth.service_token_ttl token_db = access.create_token(username=user, ttl=ttl, metadata=metadata, service=True) return token_db
def get_api_client(self): """ Retrieve API client instance. """ token_expire = self._token_expire <= get_datetime_utc_now() if not self._client or token_expire: # Note: Late import to avoid high import cost (time wise) from st2common.services.access import create_token self._logger.debug('Creating new Client object.') ttl = cfg.CONF.auth.service_token_ttl api_url = get_full_public_api_url() temporary_token = create_token(username=self._api_username, ttl=ttl, service=True) self._client = Client(api_url=api_url, token=temporary_token.token) self._token_expire = get_datetime_utc_now() + timedelta(seconds=ttl) return self._client
def test_create_token_service_token_can_use_arbitrary_ttl(self): ttl = (10000 * 24 * 24) # Service token should support arbitrary TTL token = access.create_token(USERNAME, ttl=ttl, service=True) expected_expiry = date_utils.get_datetime_utc_now( ) + datetime.timedelta(seconds=ttl) expected_expiry = date_utils.add_utc_tz(expected_expiry) self.assertTrue(token is not None) self.assertEqual(token.user, USERNAME) self.assertLess(isotime.parse(token.expiry), expected_expiry) # Non service token should throw on TTL which is too large self.assertRaises(TTLTooLargeException, access.create_token, USERNAME, ttl=ttl, service=False)
def _create_auth_token(self, context, action_db, liveaction_db): if not context: return None user = context.get("user", None) if not user: return None metadata = { "service": "actions_container", "action_name": action_db.name, "live_action_id": str(liveaction_db.id), } ttl = cfg.CONF.auth.service_token_ttl token_db = access.create_token(username=user, ttl=ttl, metadata=metadata, service=True) return token_db
def _spawn_sensor_process(self, sensor): """ Spawn a new process for the provided sensor. New process uses isolated Python binary from a virtual environment belonging to the sensor pack. """ sensor_id = self._get_sensor_id(sensor=sensor) virtualenv_path = get_sandbox_virtualenv_path(pack=sensor['pack']) python_path = get_sandbox_python_binary_path(pack=sensor['pack']) if virtualenv_path and not os.path.isdir(virtualenv_path): format_values = {'pack': sensor['pack'], 'virtualenv_path': virtualenv_path} msg = PACK_VIRTUALENV_DOESNT_EXIST % format_values raise Exception(msg) trigger_type_refs = sensor['trigger_types'] or [] trigger_type_refs = ','.join(trigger_type_refs) parent_args = json.dumps(sys.argv[1:]) args = [ python_path, WRAPPER_SCRIPT_PATH, '--pack=%s' % (sensor['pack']), '--file-path=%s' % (sensor['file_path']), '--class-name=%s' % (sensor['class_name']), '--trigger-type-refs=%s' % (trigger_type_refs), '--parent-args=%s' % (parent_args) ] if sensor['poll_interval']: args.append('--poll-interval=%s' % (sensor['poll_interval'])) env = os.environ.copy() env['PYTHONPATH'] = get_sandbox_python_path(inherit_from_parent=True, inherit_parent_virtualenv=True) # Include full api URL and API token specific to that sensor ttl = (24 * 60 * 60) temporary_token = create_token(username='******', ttl=ttl) env[API_URL_ENV_VARIABLE_NAME] = get_full_public_api_url() env[AUTH_TOKEN_ENV_VARIABLE_NAME] = temporary_token.token # TODO 1: Purge temporary token when service stops or sensor process dies # TODO 2: Store metadata (wrapper process id) with the token and delete # tokens for old, dead processes on startup cmd = ' '.join(args) LOG.debug('Running sensor subprocess (cmd="%s")', cmd) # TODO: Intercept stdout and stderr for aggregated logging purposes try: process = subprocess.Popen(args=args, stdin=None, stdout=None, stderr=None, shell=False, env=env, preexec_fn=on_parent_exit('SIGTERM')) except Exception as e: cmd = ' '.join(args) message = ('Failed to spawn process for sensor %s ("%s"): %s' % (sensor_id, cmd, str(e))) raise Exception(message) self._processes[sensor_id] = process self._sensors[sensor_id] = sensor self._sensor_start_times[sensor_id] = int(time.time()) self._dispatch_trigger_for_sensor_spawn(sensor=sensor, process=process, cmd=cmd) return process
def _spawn_sensor_process(self, sensor): """ Spawn a new process for the provided sensor. New process uses isolated Python binary from a virtual environment belonging to the sensor pack. """ sensor_id = self._get_sensor_id(sensor=sensor) pack_ref = sensor["pack"] virtualenv_path = get_sandbox_virtualenv_path(pack=pack_ref) python_path = get_sandbox_python_binary_path(pack=pack_ref) if virtualenv_path and not os.path.isdir(virtualenv_path): format_values = { "pack": sensor["pack"], "virtualenv_path": virtualenv_path } msg = PACK_VIRTUALENV_DOESNT_EXIST % format_values raise Exception(msg) args = self._get_args_for_wrapper_script(python_binary=python_path, sensor=sensor) if self._enable_common_pack_libs: pack_common_libs_path = get_pack_common_libs_path_for_pack_ref( pack_ref=pack_ref) else: pack_common_libs_path = None env = os.environ.copy() sandbox_python_path = get_sandbox_python_path( inherit_from_parent=True, inherit_parent_virtualenv=True) if self._enable_common_pack_libs and pack_common_libs_path: env["PYTHONPATH"] = pack_common_libs_path + ":" + sandbox_python_path else: env["PYTHONPATH"] = sandbox_python_path if self._create_token: # Include full api URL and API token specific to that sensor LOG.debug("Creating temporary auth token for sensor %s" % (sensor["class_name"])) ttl = cfg.CONF.auth.service_token_ttl metadata = { "service": "sensors_container", "sensor_path": sensor["file_path"], "sensor_class": sensor["class_name"], } temporary_token = create_token(username="******", ttl=ttl, metadata=metadata, service=True) env[API_URL_ENV_VARIABLE_NAME] = get_full_public_api_url() env[AUTH_TOKEN_ENV_VARIABLE_NAME] = temporary_token.token # TODO 1: Purge temporary token when service stops or sensor process dies # TODO 2: Store metadata (wrapper process id) with the token and delete # tokens for old, dead processes on startup cmd = " ".join(args) LOG.debug('Running sensor subprocess (cmd="%s")', cmd) # TODO: Intercept stdout and stderr for aggregated logging purposes try: process = subprocess.Popen( args=args, stdin=None, stdout=None, stderr=None, shell=False, env=env, preexec_fn=on_parent_exit("SIGTERM"), ) except Exception as e: cmd = " ".join(args) message = 'Failed to spawn process for sensor %s ("%s"): %s' % ( sensor_id, cmd, six.text_type(e), ) raise Exception(message) self._processes[sensor_id] = process self._sensors[sensor_id] = sensor self._sensor_start_times[sensor_id] = int(time.time()) self._dispatch_trigger_for_sensor_spawn(sensor=sensor, process=process, cmd=cmd) return process
def _spawn_sensor_process(self, sensor): """ Spawn a new process for the provided sensor. New process uses isolated Python binary from a virtual environment belonging to the sensor pack. """ sensor_id = self._get_sensor_id(sensor=sensor) virtualenv_path = get_sandbox_virtualenv_path(pack=sensor['pack']) python_path = get_sandbox_python_binary_path(pack=sensor['pack']) if virtualenv_path and not os.path.isdir(virtualenv_path): msg = PACK_VIRTUALENV_DOESNT_EXIST % (sensor['pack'], sensor['pack']) raise Exception(msg) trigger_type_refs = sensor['trigger_types'] or [] trigger_type_refs = ','.join(trigger_type_refs) parent_args = json.dumps(sys.argv[1:]) args = [ python_path, WRAPPER_SCRIPT_PATH, '--pack=%s' % (sensor['pack']), '--file-path=%s' % (sensor['file_path']), '--class-name=%s' % (sensor['class_name']), '--trigger-type-refs=%s' % (trigger_type_refs), '--parent-args=%s' % (parent_args) ] if sensor['poll_interval']: args.append('--poll-interval=%s' % (sensor['poll_interval'])) env = os.environ.copy() env['PYTHONPATH'] = get_sandbox_python_path( inherit_from_parent=True, inherit_parent_virtualenv=True) # Include full api URL and API token specific to that sensor ttl = (24 * 60 * 60) temporary_token = create_token(username='******', ttl=ttl) env[API_URL_ENV_VARIABLE_NAME] = get_full_api_url() env[AUTH_TOKEN_ENV_VARIABLE_NAME] = temporary_token.token # TODO 1: Purge temporary token when service stops or sensor process dies # TODO 2: Store metadata (wrapper process id) with the token and delete # tokens for old, dead processes on startup LOG.debug('Running sensor subprocess (cmd="%s")', ' '.join(args)) # TODO: Intercept stdout and stderr for aggregated logging purposes try: process = subprocess.Popen(args=args, stdin=None, stdout=None, stderr=None, shell=False, env=env) except Exception as e: cmd = ' '.join(args) message = ('Failed to spawn process for sensor %s ("%s"): %s' % (sensor_id, cmd, str(e))) raise Exception(message) self._processes[sensor_id] = process return process
def test_create_token(self): token = access.create_token(USERNAME) self.assertIsNotNone(token) self.assertIsNotNone(token.token) self.assertEqual(token.user, USERNAME)
def test_create_token_fail(self): try: access.create_token(None) self.assertTrue(False, 'Create succeeded was expected to fail.') except ValueError: self.assertTrue(True)
def test_create_token(self): token = access.create_token(USERNAME) self.assertTrue(token is not None) self.assertTrue(token.token is not None) self.assertEqual(token.user, USERNAME)
def test_create_token(self): token = access.create_token('manas') self.assertTrue(token is not None) self.assertTrue(token.token is not None) self.assertEqual(token.user, 'manas')
def _create_token_for_user(self, username, ttl=None): tokendb = create_token(username=username, ttl=ttl) return TokenAPI.from_model(tokendb)
def _spawn_sensor_process(self, sensor): """ Spawn a new process for the provided sensor. New process uses isolated Python binary from a virtual environment belonging to the sensor pack. """ sensor_id = self._get_sensor_id(sensor=sensor) pack_ref = sensor['pack'] virtualenv_path = get_sandbox_virtualenv_path(pack=pack_ref) python_path = get_sandbox_python_binary_path(pack=pack_ref) if virtualenv_path and not os.path.isdir(virtualenv_path): format_values = {'pack': sensor['pack'], 'virtualenv_path': virtualenv_path} msg = PACK_VIRTUALENV_DOESNT_EXIST % format_values raise Exception(msg) trigger_type_refs = sensor['trigger_types'] or [] trigger_type_refs = ','.join(trigger_type_refs) parent_args = json.dumps(sys.argv[1:]) args = [ python_path, WRAPPER_SCRIPT_PATH, '--pack=%s' % (sensor['pack']), '--file-path=%s' % (sensor['file_path']), '--class-name=%s' % (sensor['class_name']), '--trigger-type-refs=%s' % (trigger_type_refs), '--parent-args=%s' % (parent_args) ] if sensor['poll_interval']: args.append('--poll-interval=%s' % (sensor['poll_interval'])) sandbox_python_path = get_sandbox_python_path(inherit_from_parent=True, inherit_parent_virtualenv=True) if self._enable_common_pack_libs: pack_common_libs_path = get_pack_common_libs_path_for_pack_ref(pack_ref=pack_ref) else: pack_common_libs_path = None env = os.environ.copy() if self._enable_common_pack_libs and pack_common_libs_path: env['PYTHONPATH'] = pack_common_libs_path + ':' + sandbox_python_path else: env['PYTHONPATH'] = sandbox_python_path # Include full api URL and API token specific to that sensor ttl = cfg.CONF.auth.service_token_ttl metadata = { 'service': 'sensors_container', 'sensor_path': sensor['file_path'], 'sensor_class': sensor['class_name'] } temporary_token = create_token(username='******', ttl=ttl, metadata=metadata, service=True) env[API_URL_ENV_VARIABLE_NAME] = get_full_public_api_url() env[AUTH_TOKEN_ENV_VARIABLE_NAME] = temporary_token.token # TODO 1: Purge temporary token when service stops or sensor process dies # TODO 2: Store metadata (wrapper process id) with the token and delete # tokens for old, dead processes on startup cmd = ' '.join(args) LOG.debug('Running sensor subprocess (cmd="%s")', cmd) # TODO: Intercept stdout and stderr for aggregated logging purposes try: process = subprocess.Popen(args=args, stdin=None, stdout=None, stderr=None, shell=False, env=env, preexec_fn=on_parent_exit('SIGTERM')) except Exception as e: cmd = ' '.join(args) message = ('Failed to spawn process for sensor %s ("%s"): %s' % (sensor_id, cmd, str(e))) raise Exception(message) self._processes[sensor_id] = process self._sensors[sensor_id] = sensor self._sensor_start_times[sensor_id] = int(time.time()) self._dispatch_trigger_for_sensor_spawn(sensor=sensor, process=process, cmd=cmd) return process