def authz_heartbeat(*args, **kwargs):
cycle_timer = kwargs['mythread']['cycle_timer']
logger.info('Checking authz availability')
try:
host_id = localconfig.get_host_id()
authz_handlr = get_authorizer()
handler = authz_handlr.__class__.__name__
ex = None
try:
result = authz_handlr.healthcheck()
except Exception as e:
ex = e
result = False
if not result:
fail_event = ServiceAuthzPluginHealthCheckFailed(user_id=localconfig.ADMIN_ACCOUNT_NAME,
name=service_name,
host=host_id,
plugin=handler,
details=str(ex)
)
logger.info('Sending healthcheck failure event: {}'.format(fail_event.__event_type__))
try:
client = internal_client_for(CatalogClient, localconfig.ADMIN_ACCOUNT_NAME)
client.add_event(fail_event)
except Exception as ex:
logger.exception(
'Failure to send authz healthcheck failure event: {}'.format(fail_event.to_json()))
except Exception as e:
logger.exception('Caught unexpected exception from the authz heartbeat handler')
time.sleep(cycle_timer)
return True
def authenticate_user(self, username, password):
try:
authc_token = UsernamePasswordToken(username=username,
password=password,
remember_me=False)
authorizer = get_authorizer()
authorizer.inline_authz([], authc_token=authc_token)
return User(username)
except:
logger.exception('Error authenticating')
raise
def authenticate_user(self, username, password):
try:
authc_token = UsernamePasswordToken(username=username,
password=password,
remember_me=False)
authorizer = get_authorizer()
identity = authorizer.inline_authz([], authc_token=authc_token)
# Use the user's uuid as the username/subject for the token to avoid name conflicts over time
if identity is None:
raise Exception('Unknown user')
else:
return User(identity.user_uuid)
except:
logger.debug_exception('Error authenticating')
raise Exception('User authentication failed')
import anchore_engine.apis
from anchore_engine import db
import anchore_engine.services.catalog.catalog_impl
import anchore_engine.common
from anchore_engine.subsys import logger
import anchore_engine.configuration.localconfig
import anchore_engine.subsys.servicestatus
from anchore_engine.clients.services import internal_client_for
from anchore_engine.clients.services.policy_engine import PolicyEngineClient
from anchore_engine.apis.authorization import get_authorizer, INTERNAL_SERVICE_ALLOWED
from anchore_engine.db import AccountTypes
from anchore_engine.apis.context import ApiRequestContextProxy
from anchore_engine.services.catalog import archiver
from anchore_engine.subsys.metrics import flask_metrics
authorizer = get_authorizer()
@authorizer.requires_account(with_types=INTERNAL_SERVICE_ALLOWED)
def status():
httpcode = 500
try:
service_record = anchore_engine.subsys.servicestatus.get_my_service_record()
return_object = anchore_engine.subsys.servicestatus.get_status(service_record)
httpcode = 200
except Exception as err:
return_object = str(err)
return (return_object, httpcode)