def test_incomplete_headers_76(self):
# First test: Missing Connection:
headers = dict(kv.split(': ') for kv in [
"Upgrade: WebSocket",
# NOTE: intentionally no connection header
"Host: %s:%s" % self.server_addr,
"Origin: http://%s:%s" % self.server_addr,
"Sec-WebSocket-Protocol: ws",
])
http = httplib.HTTPConnection(*self.server_addr)
http.request("GET", "/echo", headers=headers)
resp = http.getresponse()
self.assertEqual(resp.status, 400)
self.assertEqual(resp.getheader('connection'), 'close')
self.assertEqual(resp.read(), b'')
# Now, miss off key2
headers = dict(kv.split(': ') for kv in [
"Upgrade: WebSocket",
"Connection: Upgrade",
"Host: %s:%s" % self.server_addr,
"Origin: http://%s:%s" % self.server_addr,
"Sec-WebSocket-Protocol: ws",
"Sec-WebSocket-Key1: 4 @1 46546xW%0l 1 5",
# NOTE: Intentionally no Key2 header
])
http = httplib.HTTPConnection(*self.server_addr)
http.request("GET", "/echo", headers=headers)
resp = http.getresponse()
self.assertEqual(resp.status, 400)
self.assertEqual(resp.getheader('connection'), 'close')
self.assertEqual(resp.read(), b'')
def test_incomplete_headers_13(self):
headers = dict(
kv.split(': ') for kv in [
"Upgrade: websocket",
# NOTE: intentionally no connection header
"Host: %s:%s" % self.server_addr,
"Origin: http://%s:%s" % self.server_addr,
"Sec-WebSocket-Version: 13",
])
http = httplib.HTTPConnection(*self.server_addr)
http.request("GET", "/echo", headers=headers)
resp = http.getresponse()
self.assertEqual(resp.status, 400)
self.assertEqual(resp.getheader('connection'), 'close')
self.assertEqual(resp.read(), b'')
# Now, miss off key
headers = dict(
kv.split(': ') for kv in [
"Upgrade: websocket",
"Connection: Upgrade",
"Host: %s:%s" % self.server_addr,
"Origin: http://%s:%s" % self.server_addr,
"Sec-WebSocket-Version: 13",
])
http = httplib.HTTPConnection(*self.server_addr)
http.request("GET", "/echo", headers=headers)
resp = http.getresponse()
self.assertEqual(resp.status, 400)
self.assertEqual(resp.getheader('connection'), 'close')
self.assertEqual(resp.read(), b'')
# No Upgrade now
headers = dict(
kv.split(': ') for kv in [
"Connection: Upgrade",
"Host: %s:%s" % self.server_addr,
"Origin: http://%s:%s" % self.server_addr,
"Sec-WebSocket-Version: 13",
])
http = httplib.HTTPConnection(*self.server_addr)
http.request("GET", "/echo", headers=headers)
resp = http.getresponse()
self.assertEqual(resp.status, 400)
self.assertEqual(resp.getheader('connection'), 'close')
self.assertEqual(resp.read(), b'')
def __call__(self, req):
request_id = context.generate_request_id()
signature = req.params.get('Signature')
if not signature:
msg = _("Signature not provided")
return ec2_error(req, request_id, "Unauthorized", msg)
access = req.params.get('AWSAccessKeyId')
if not access:
msg = _("Access key not provided")
return ec2_error(req, request_id, "Unauthorized", msg)
# Make a copy of args for authentication and signature verification.
auth_params = dict(req.params)
# Not part of authentication args
auth_params.pop('Signature')
cred_dict = {
'access': access,
'signature': signature,
'host': req.host,
'verb': req.method,
'path': req.path,
'params': auth_params,
}
if "ec2" in CONF.keystone_ec2_url:
creds = {'ec2Credentials': cred_dict}
else:
creds = {'auth': {'OS-KSEC2:ec2Credentials': cred_dict}}
creds_json = jsonutils.dumps(creds)
headers = {'Content-Type': 'application/json'}
o = urlparse.urlparse(CONF.keystone_ec2_url)
if o.scheme == "http":
conn = httplib.HTTPConnection(o.netloc)
else:
conn = httplib.HTTPSConnection(o.netloc)
conn.request('POST', o.path, body=creds_json, headers=headers)
response = conn.getresponse()
data = response.read()
if response.status != 200:
if response.status == 401:
msg = response.reason
else:
msg = _("Failure communicating with keystone")
return ec2_error(req, request_id, "Unauthorized", msg)
result = jsonutils.loads(data)
conn.close()
try:
token_id = result['access']['token']['id']
user_id = result['access']['user']['id']
project_id = result['access']['token']['tenant']['id']
user_name = result['access']['user'].get('name')
project_name = result['access']['token']['tenant'].get('name')
roles = [role['name'] for role
in result['access']['user']['roles']]
except (AttributeError, KeyError), e:
LOG.exception("Keystone failure: %s" % e)
msg = _("Failure communicating with keystone")
return ec2_error(req, request_id, "Unauthorized", msg)
def put():
put_send_name = '/data/iso/ubuntu-10.04-server-amd64.iso'
put_save_name = '/data/iso/server_save_name'
length = 0
lines = []
with open(put_send_name, 'rb') as f:
for i in f:
pass
length = f.tell()
conn = httplib.HTTPConnection('127.0.0.1:8080')
conn.putrequest('PUT', '/index.html')
#conn.putheader('Content-Length', length)
conn.putheader('Transfer-Encoding', 'chunked')
conn.putheader('x-file-name', put_save_name)
conn.endheaders()
with open(put_send_name, 'rb') as f:
n = 0
while True:
chunk = f.read(chunk_size)
if not chunk:
conn.send("0\r\n\r\n")
break
conn.send('%x\r\n%s\r\n' % (len(chunk), chunk))
n += 1
r1 = conn.getresponse()
print r1.status, r1.reason, n
def http_request(method, host, path, headers):
conn = httplib.HTTPConnection(host)
conn.request(method, path, headers=headers)
response = conn.getresponse()
body = response.read()
print(method, host, path, response.status, response.reason, len(body))
return format_response(response, body)
class EC2Token(wsgi.Middleware):
"""Authenticate an EC2 request with keystone and convert to token."""
@webob.dec.wsgify(RequestClass=wsgi.Request)
def __call__(self, req):
# Read request signature and access id.
try:
signature = req.params['Signature']
access = req.params['AWSAccessKeyId']
except KeyError, e:
LOG.exception(e)
raise webob.exc.HTTPBadRequest()
# Make a copy of args for authentication and signature verification.
auth_params = dict(req.params)
# Not part of authentication args
auth_params.pop('Signature')
# Authenticate the request.
creds = {
'ec2Credentials': {
'access': access,
'signature': signature,
'host': req.host,
'verb': req.method,
'path': req.path,
'params': auth_params,
}
}
creds_json = utils.dumps(creds)
headers = {'Content-Type': 'application/json'}
# Disable "has no x member" pylint error
# for httplib and urlparse
# pylint: disable-msg=E1101
o = urlparse.urlparse(FLAGS.keystone_ec2_url)
if o.scheme == "http":
conn = httplib.HTTPConnection(o.netloc)
else:
conn = httplib.HTTPSConnection(o.netloc)
conn.request('POST', o.path, body=creds_json, headers=headers)
response = conn.getresponse().read()
conn.close()
# NOTE(vish): We could save a call to keystone by
# having keystone return token, tenant,
# user, and roles from this call.
result = utils.loads(response)
try:
token_id = result['access']['token']['id']
except (AttributeError, KeyError), e:
LOG.exception(e)
raise webob.exc.HTTPBadRequest()
def get():
get_recv_name = '/data/iso/server_save_name'
get_save_name = '/data/iso/ubuntu-10.04-server-amd64.iso_my_get'
conn = httplib.HTTPConnection('127.0.0.1:8080')
conn.request('GET', '', headers={'x-file-name': get_recv_name})
r1 = conn.getresponse()
with open(get_save_name, 'wb') as f:
while True:
chunk = r1.read(chunk_size)
if not chunk:
break
f.write(chunk)
def __call__(self, req):
# Read request signature and access id.
try:
signature = req.params['Signature']
access = req.params['AWSAccessKeyId']
except KeyError:
raise webob.exc.HTTPBadRequest()
# Make a copy of args for authentication and signature verification.
auth_params = dict(req.params)
# Not part of authentication args
auth_params.pop('Signature')
# Authenticate the request.
creds = {
'ec2Credentials': {
'access': access,
'signature': signature,
'host': req.host,
'verb': req.method,
'path': req.path,
'params': auth_params,
}
}
creds_json = jsonutils.dumps(creds)
headers = {'Content-Type': 'application/json'}
# Disable 'has no x member' pylint error
# for httplib and urlparse
# pylint: disable-msg=E1101
o = urllib.parse.urlparse(CONF.keystone_ec2_url)
if o.scheme == 'http':
conn = httplib.HTTPConnection(o.netloc)
else:
conn = httplib.HTTPSConnection(o.netloc)
conn.request('POST', o.path, body=creds_json, headers=headers)
response = conn.getresponse().read()
conn.close()
# NOTE(vish): We could save a call to keystone by
# having keystone return token, tenant,
# user, and roles from this call.
result = jsonutils.loads(response)
try:
token_id = result['access']['token']['id']
except (AttributeError, KeyError):
raise webob.exc.HTTPBadRequest()
# Authenticated!
req.headers['X-Auth-Token'] = token_id
return self.application
def test_incomplete_headers(self):
headers = dict(kv.split(': ') for kv in [
"Upgrade: WebSocket",
# NOTE: intentionally no connection header
"Host: 127.0.0.1:%s" % self.port,
"Origin: http://127.0.0.1:%s" % self.port,
"WebSocket-Protocol: ws",
])
http = httplib.HTTPConnection('127.0.0.1', self.port)
http.request("GET", "/echo", headers=headers)
resp = http.getresponse()
self.assertEqual(resp.status, 400)
self.assertEqual(resp.getheader('connection'), 'Close')
self.assert_(resp.read().startswith('Upgrade negotiation failed:'))
def _setupAtcomAuthentication(self):
http = httplib.HTTPConnection(self._ip)
noncesources = ('/', '/right.htm')
for noncesource in noncesources:
http.request('GET', noncesource, None, {'Connection' : 'keep-alive'})
resp = http.getresponse()
htmlbody = resp.read()
if not resp.status in (200, 404):
logging.error('Endpoint %s@%s failed to fetch nonce for HTTP configuration - got response code %s' %
(self._vendorname, self._ip, resp.status))
http.close()
return (None, None)
elif resp.status == 200:
m = re.search(r'<input type="hidden" name="nonce" value="([0-9a-zA-Z]+)">', htmlbody)
if m != None: break
if m == None:
logging.error('Endpoint %s@%s failed to locate nonce in HTTP response' %
(self._vendorname, self._ip))
http.close()
return (None, None)
nonce = m.group(1)
# Identify firmware
if noncesource == '/right.htm': self._firmware = 1 # Old firmware
# Simulate POST to allow fetching rest of content
extraheaders = {
'Connection' : 'keep-alive',
'Cookie' : 'auth=' + nonce,
'Content-Type' : 'application/x-www-form-urlencoded'
}
postvars = {
'encoded' : self._http_username + ':' +
md5.new(':'.join((self._http_username, self._http_password, nonce))).hexdigest(),
'nonce' : nonce,
'goto' : 'Logon',
'URL' : '/'
}
postdata = urllib.urlencode(postvars)
http.request('POST', noncesource, postdata, extraheaders)
resp = http.getresponse()
if resp.status != 200:
logging.error('Endpoint %s@%s failed to fetch login result - got response code %s' %
(self._vendorname, self._ip, resp.status))
http.close()
return (None, None)
htmlbody = resp.read()
return (http, nonce)
def test_incomplete_headers_75(self):
headers = dict(kv.split(': ') for kv in [
"Upgrade: WebSocket",
# NOTE: intentionally no connection header
"Host: %s:%s" % self.server_addr,
"Origin: http://%s:%s" % self.server_addr,
"WebSocket-Protocol: ws",
])
http = httplib.HTTPConnection(*self.server_addr)
http.request("GET", "/echo", headers=headers)
resp = http.getresponse()
self.assertEqual(resp.status, 400)
self.assertEqual(resp.getheader('connection'), 'close')
self.assertEqual(resp.read(), b'')
def test_communication_failure(self):
req = wsgi.Request.blank('/test')
req.GET['Signature'] = 'test-signature'
req.GET['AWSAccessKeyId'] = 'test-key-id'
conn = httplib.HTTPConnection('/mock')
self.mox.StubOutWithMock(httplib.HTTPConnection, 'request')
self.mox.StubOutWithMock(httplib.HTTPConnection, 'getresponse')
conn.request('POST', mox.IgnoreArg(), body=mox.IgnoreArg(),
headers=mox.IgnoreArg())
resp = FakeResponse()
conn.getresponse().AndReturn(resp)
self.mox.ReplayAll()
resp = self.kauth(req)
self._validate_ec2_error(resp, 400, 'AuthFailure')
def _updateLocalConfig_AT800(self):
''' Local configuration for AT800
The AT800 uses a XML configuration file. For this phone, it is enough
to generate the XML content, then POST it through a special URL on the
phone, with no authentication. If successful, the phone reboots
immediately.
'''
xmlcontent = self._getAtcom800Template()
try:
status = True
boundary = '------------------ENDPOINTCONFIG'
postdata = '--' + boundary + '\r\n' +\
'Content-Disposition: form-data; name="configfile"; filename="config.xml"\r\n' +\
'Content-Type: text/xml\r\n' +\
'\r\n' +\
xmlcontent + '\r\n' +\
'--' + boundary + '--\r\n'
http = httplib.HTTPConnection(self._ip)
http.request(
'POST', '/goform/submit_upload_configfile', postdata,
{'Content-Type': ' multipart/form-data; boundary=' + boundary})
resp = http.getresponse()
htmlbody = resp.read()
if resp.status != 200:
logging.error(
'Endpoint %s@%s failed to post configuration - got response code %s'
% (self._vendorname, self._ip, resp.status))
status = False
elif not ('Upload Successfully' in htmlbody):
logging.error(
'Endpoint %s@%s failed to post configuration - unknown body follows: %s'
% (self._vendorname, self._ip, htmlbody))
status = False
http.close()
return status
except socket.error, e:
logging.error('Endpoint %s@%s failed to connect - %s' %
(self._vendorname, self._ip, str(e)))
return False
def http_connect(url, timeout=500):
"""
Time a request to an HTTP server.
Args:
url (str or urlparse.ParseResult): -- URL to connect to
timeout (int) -- connection timeout
Returns:
(resp_time, resp_code, resp_reason, resp.getheaders())
"""
timeout = timeout / 1000.0
url = _parse_url(url)
try:
conn = httplib.HTTPConnection(url.netloc,
port=url.port,
timeout=timeout)
stime = datetime.now()
conn.request('HEAD', url.path, None, {'User-Agent': USER_AGENT})
resp = conn.getresponse()
etime = datetime.now()
resp_code = resp.status
resp_reason = resp.reason
except Exception: # as e:
raise
# return None
finally:
conn.close()
if resp_code != 200:
return None
resp_time = (etime - stime).microseconds / 1000
return HTTPResult(resp_time, resp_code, resp_reason, resp.getheaders(),
stime, etime)
def _setupAtcomAuthentication(self):
http = httplib.HTTPConnection(self._ip)
nonce, noncesource = self._getNonce(http)
if nonce == None:
http.close()
return (None, None)
# Simulate POST to allow fetching rest of content
extraheaders = {
'Connection': 'keep-alive',
'Cookie': 'auth=' + nonce,
'Content-Type': 'application/x-www-form-urlencoded'
}
postvars = {
'encoded':
self._http_username + ':' + md5.new(':'.join(
(self._http_username, self._http_password,
nonce))).hexdigest(),
'nonce':
nonce,
'goto':
'Logon',
'URL':
'/'
}
postdata = urllib.urlencode(postvars)
http.request('POST', noncesource, postdata, extraheaders)
resp = http.getresponse()
if resp.status != 200:
logging.error(
'Endpoint %s@%s failed to fetch login result - got response code %s'
% (self._vendorname, self._ip, resp.status))
http.close()
return (None, None)
htmlbody = resp.read()
return (http, nonce)
def execute_task(task, headers, args):
""" Executes a task to a url with the given args.
Args:
task: A celery Task instance.
headers: A dictionary of headers for the task.
args: A dictionary of arguments for the request.
Contains the task body.
Returns:
The status code of the task fetch upon success.
Raises:
The current function to retry.
"""
start_time = datetime.datetime.utcnow()
task_name = args['task_name'].decode('utf-8')
content_length = len(args['body'])
loggable_args = {
key: args[key]
for key in args if key not in ['task_name', 'body', 'payload']
}
loggable_args['body_length'] = content_length
logger.info('Running {}\n'
'Headers: {}\n'
'Args: {}'.format(args['task_name'], headers, loggable_args))
url = urlparse(args['url'])
timeout = EventletTimeout(MAX_TASK_DURATION)
try:
redirects_left = 1
while True:
urlpath = url.path
if url.query:
urlpath += "?" + url.query
method = args['method']
if args['expires'] <= datetime.datetime.now():
# We do this check because the expires attribute in
# celery is not passed to retried tasks. This is a
# documented bug in celery.
logger.error(
"Task %s with id %s has expired with expiration date %s" %
(args['task_name'], task.request.id, args['expires']))
celery.control.revoke(task.request.id)
update_task(task_name, TASK_STATES.EXPIRED)
return
if (args['max_retries'] != 0
and task.request.retries >= args['max_retries']):
logger.error(
"Task %s with id %s has exceeded retries: %s" %
(args['task_name'], task.request.id, args['max_retries']))
celery.control.revoke(task.request.id)
update_task(task_name, TASK_STATES.FAILED)
return
# Tasks should use HTTP to bypass scheme redirects since they use HAProxy.
connection = httplib.HTTPConnection(remote_host, url.port)
skip_accept_encoding = False
if 'accept-encoding' in headers or 'Accept-Encoding' in headers:
skip_accept_encoding = True
connection.putrequest(method,
urlpath,
skip_accept_encoding=skip_accept_encoding)
# Update the task headers
headers['X-AppEngine-TaskRetryCount'] = str(task.request.retries)
headers['X-AppEngine-TaskExecutionCount'] = str(
task.request.retries)
for header in headers:
# Avoid changing the host header from the HAProxy location. Though GAE
# supports host-based routing, we need to make some additional changes
# before we can behave in a similar manner. Using the HAProxy location
# for the host header allows the dispatcher to try extracting a port,
# which it uses to set environment variables for the request.
if header == b'Host':
continue
connection.putheader(header, headers[header])
if 'content-type' not in headers or 'Content-Type' not in headers:
if url.query:
connection.putheader('content-type',
'application/octet-stream')
else:
connection.putheader('content-type',
'application/x-www-form-urlencoded')
connection.putheader("Content-Length", str(content_length))
retries = int(task.request.retries) + 1
wait_time = get_wait_time(retries, args)
try:
connection.endheaders()
if args["body"]:
connection.send(args['body'])
response = connection.getresponse()
response.read()
response.close()
except (BadStatusLine, SocketError):
logger.warning(
'{task} failed before receiving response. It will retry in {wait} '
'seconds.'.format(task=args['task_name'], wait=wait_time))
raise task.retry(countdown=wait_time)
if 200 <= response.status < 300:
# Task successful.
update_task(task_name, TASK_STATES.SUCCESS)
time_elapsed = datetime.datetime.utcnow() - start_time
logger.info(
'{task} received status {status} from {url} [time elapsed: {te}]'. \
format(task=args['task_name'], status=response.status,
url=url, te=str(time_elapsed)))
return response.status
elif response.status == 302:
redirect_url = response.getheader('Location')
logger.info(
"Task %s asked us to redirect to %s, so retrying there." %
(args['task_name'], redirect_url))
url = urlparse(redirect_url)
if redirects_left == 0:
raise task.retry(countdown=wait_time)
redirects_left -= 1
else:
message = ('Received a {status} for {task}. '
'Retrying in {wait} secs.'.format(
status=response.status,
task=args['task_name'],
wait=wait_time))
logger.warning(message)
raise task.retry(countdown=wait_time)
except EventletTimeout as thrown_timeout:
if thrown_timeout != timeout:
raise
logger.exception('Task {} timed out. Retrying.'.format(
args['task_name']))
# This could probably be calculated, but for now, just retry immediately.
raise task.retry(countdown=0)
finally:
timeout.cancel()
def __call__(self, req):
# NOTE(alevine) We need to calculate the hash here because
# subsequent access to request modifies the req.body so the hash
# calculation will yield invalid results.
body_hash = hashlib.sha256(req.body).hexdigest()
request_id = context.generate_request_id()
signature = self._get_signature(req)
if not signature:
msg = _("Signature not provided")
return faults.ec2_error_response(request_id,
"AuthFailure",
msg,
status=400)
access = self._get_access(req)
if not access:
msg = _("Access key not provided")
return faults.ec2_error_response(request_id,
"AuthFailure",
msg,
status=400)
if 'X-Amz-Signature' in req.params or 'Authorization' in req.headers:
auth_params = {}
else:
# Make a copy of args for authentication and signature verification
auth_params = dict(req.params)
# Not part of authentication args
auth_params.pop('Signature', None)
cred_dict = {
'access': access,
'signature': signature,
'host': req.host,
'verb': req.method,
'path': req.path,
'params': auth_params,
'headers': req.headers,
'body_hash': body_hash
}
if "ec2" in CONF.keystone_ec2_url:
creds = {'ec2Credentials': cred_dict}
else:
creds = {'auth': {'OS-KSEC2:ec2Credentials': cred_dict}}
creds_json = jsonutils.dumps(creds)
headers = {'Content-Type': 'application/json'}
o = urlparse.urlparse(CONF.keystone_ec2_url)
if o.scheme == "http":
conn = httplib.HTTPConnection(o.netloc)
else:
conn = httplib.HTTPSConnection(o.netloc)
conn.request('POST', o.path, body=creds_json, headers=headers)
response = conn.getresponse()
data = response.read()
if response.status != 200:
if response.status == 401:
msg = response.reason
else:
msg = _("Failure communicating with keystone")
return faults.ec2_error_response(request_id,
"AuthFailure",
msg,
status=response.status)
result = jsonutils.loads(data)
conn.close()
try:
token_id = result['access']['token']['id']
user_id = result['access']['user']['id']
project_id = result['access']['token']['tenant']['id']
user_name = result['access']['user'].get('name')
project_name = result['access']['token']['tenant'].get('name')
roles = [
role['name'] for role in result['access']['user']['roles']
]
except (AttributeError, KeyError) as e:
LOG.error(_LE("Keystone failure: %s"), e)
msg = _("Failure communicating with keystone")
return faults.ec2_error_response(request_id,
"AuthFailure",
msg,
status=400)
remote_address = req.remote_addr
if CONF.use_forwarded_for:
remote_address = req.headers.get('X-Forwarded-For', remote_address)
catalog = result['access']['serviceCatalog']
ctxt = context.RequestContext(user_id,
project_id,
user_name=user_name,
project_name=project_name,
roles=roles,
auth_token=token_id,
remote_address=remote_address,
service_catalog=catalog)
req.environ['nova.context'] = ctxt
return self.application
def test_incorrect_headers(self):
http = httplib.HTTPConnection(*self.server_addr)
http.request("GET", "/echo")
response = http.getresponse()
assert response.status == 400
def execute_task(task, headers, args):
""" Executes a task to a url with the given args.
Args:
task: A celery Task instance.
headers: A dictionary of headers for the task.
args: A dictionary of arguments for the request.
Contains the task body.
Returns:
The status code of the task fetch upon success.
Raises:
The current function to retry.
"""
start_time = datetime.datetime.utcnow()
content_length = len(args['body'])
loggable_args = {key: args[key] for key in args
if key not in ['task_name', 'body', 'payload']}
loggable_args['body_length'] = content_length
logger.info('Running {}\n'
'Headers: {}\n'
'Args: {}'.format(args['task_name'], headers, loggable_args))
url = urlparse(args['url'])
redirects_left = 1
while True:
urlpath = url.path
if url.query:
urlpath += "?" + url.query
method = args['method']
if args['expires'] <= datetime.datetime.now():
# We do this check because the expires attribute in
# celery is not passed to retried tasks. This is a
# documented bug in celery.
logger.error(
"Task %s with id %s has expired with expiration date %s" % (
args['task_name'], task.request.id, args['expires']))
item = TaskName.get_by_key_name(args['task_name'])
celery.control.revoke(task.request.id)
db.delete(item)
return
if (args['max_retries'] != 0 and
task.request.retries >= args['max_retries']):
logger.error("Task %s with id %s has exceeded retries: %s" % (
args['task_name'], task.request.id,
args['max_retries']))
item = TaskName.get_by_key_name(args['task_name'])
celery.control.revoke(task.request.id)
db.delete(item)
return
# Targets do not get X-Forwarded-Proto from nginx, they use haproxy port.
headers['X-Forwarded-Proto'] = url.scheme
if url.scheme == 'http':
connection = httplib.HTTPConnection(remote_host, url.port)
elif url.scheme == 'https':
connection = httplib.HTTPSConnection(remote_host, url.port)
else:
logger.error("Task %s tried to use url scheme %s, "
"which is not supported." % (
args['task_name'], url.scheme))
skip_host = False
if 'host' in headers or 'Host' in headers:
skip_host = True
skip_accept_encoding = False
if 'accept-encoding' in headers or 'Accept-Encoding' in headers:
skip_accept_encoding = True
connection.putrequest(method,
urlpath,
skip_host=skip_host,
skip_accept_encoding=skip_accept_encoding)
# Update the task headers
headers['X-AppEngine-TaskRetryCount'] = str(task.request.retries)
headers['X-AppEngine-TaskExecutionCount'] = str(task.request.retries)
for header in headers:
connection.putheader(header, headers[header])
if 'content-type' not in headers or 'Content-Type' not in headers:
if url.query:
connection.putheader('content-type', 'application/octet-stream')
else:
connection.putheader('content-type',
'application/x-www-form-urlencoded')
connection.putheader("Content-Length", str(content_length))
retries = int(task.request.retries) + 1
wait_time = get_wait_time(retries, args)
try:
connection.endheaders()
if args["body"]:
connection.send(args['body'])
response = connection.getresponse()
response.read()
response.close()
except (BadStatusLine, SocketError):
logger.warning(
'{task} failed before receiving response. It will retry in {wait} '
'seconds.'.format(task=args['task_name'], wait=wait_time))
raise task.retry(countdown=wait_time)
if 200 <= response.status < 300:
# Task successful.
item = TaskName.get_by_key_name(args['task_name'])
db.delete(item)
time_elapsed = datetime.datetime.utcnow() - start_time
logger.info(
'{task} received status {status} from {url} [time elapsed: {te}]'. \
format(task=args['task_name'], status=response.status,
url=url, te=str(time_elapsed)))
return response.status
elif response.status == 302:
redirect_url = response.getheader('Location')
logger.info(
"Task %s asked us to redirect to %s, so retrying there." % (
args['task_name'], redirect_url))
url = urlparse(redirect_url)
if redirects_left == 0:
raise task.retry(countdown=wait_time)
redirects_left -= 1
else:
message = ('Received a {status} for {task}. '
'Retrying in {wait} secs.'.format(status=response.status,
task=args['task_name'],
wait=wait_time))
logger.warning(message)
raise task.retry(countdown=wait_time)
# Failed to identify default prompt
return False
elif not m.group(1) in ('AT530', 'AT610', 'AT620',
'AT640'):
# Unsupported phone model
return False
else:
sModel = m.group(1)
except socket.error, e:
logging.error('Endpoint %s@%s connection failure - %s' %
(self._vendorname, self._ip, str(e)))
return False
else:
# If telnet failed, this might be an AT800 phone
try:
http = httplib.HTTPConnection(self._ip)
http.request('GET', '/index.asp')
resp = http.getresponse()
htmlbody = resp.read()
http.close()
m = re.search(r'Product Name : .+?>(\w+)<', htmlbody)
if m != None: sModel = m.group(1)
except socket.error, e:
logging.error('Endpoint %s@%s connection failure - %s' %
(self._vendorname, self._ip, str(e)))
return False
if sModel != None: self._saveModel(sModel)
def updateLocalConfig(self):
'''Configuration for ATCOM endpoints
def __init__ (self, server_ip, server_port):
""" Open an HTTP connection to the hookbox server.
"""
self.conn = httplib.HTTPConnection(server_ip, server_port)
self.headers = {"Content-type": "application/x-www-form-urlencoded",
"Accept": "text/plain"}
def __call__(self, req):
request_id = context.generate_request_id()
signature = req.params.get('Signature')
if not signature:
msg = _("Signature not provided")
return faults.ec2_error_response(request_id, "Unauthorized", msg,
status=400)
access = req.params.get('AWSAccessKeyId')
if not access:
msg = _("Access key not provided")
return faults.ec2_error_response(request_id, "Unauthorized", msg,
status=400)
# Make a copy of args for authentication and signature verification.
auth_params = dict(req.params)
# Not part of authentication args
auth_params.pop('Signature')
cred_dict = {
'access': access,
'signature': signature,
'host': req.host,
'verb': req.method,
'path': req.path,
'params': auth_params,
}
if "ec2" in FLAGS.keystone_ec2_url:
creds = {'ec2Credentials': cred_dict}
else:
creds = {'auth': {'OS-KSEC2:ec2Credentials': cred_dict}}
creds_json = jsonutils.dumps(creds)
headers = {'Content-Type': 'application/json'}
o = urlparse.urlparse(FLAGS.keystone_ec2_url)
if o.scheme == "http":
conn = httplib.HTTPConnection(o.netloc)
else:
conn = httplib.HTTPSConnection(o.netloc)
conn.request('POST', o.path, body=creds_json, headers=headers)
response = conn.getresponse()
data = response.read()
if response.status != 200:
if response.status == 401:
msg = response.reason
else:
msg = _("Failure communicating with keystone")
return faults.ec2_error_response(request_id, "Unauthorized", msg,
status=400)
result = jsonutils.loads(data)
conn.close()
try:
token_id = result['access']['token']['id']
user_id = result['access']['user']['id']
project_id = result['access']['token']['tenant']['id']
user_name = result['access']['user'].get('name')
project_name = result['access']['token']['tenant'].get('name')
roles = [role['name'] for role
in result['access']['user']['roles']]
except (AttributeError, KeyError) as e:
LOG.exception(_("Keystone failure: %s") % e)
msg = _("Failure communicating with keystone")
return faults.ec2_error_response(request_id, "Unauthorized", msg,
status=400)
remote_address = req.remote_addr
if FLAGS.use_forwarded_for:
remote_address = req.headers.get('X-Forwarded-For',
remote_address)
catalog = result['access']['serviceCatalog']
ctxt = context.RequestContext(user_id,
project_id,
#user_name=user_name,
#project_name=project_name,
roles=roles,
auth_token=token_id,
remote_address=remote_address)
#service_catalog=catalog)
req.environ['synaps.context'] = ctxt
return self.application
def test_incorrect_headers(self):
http = httplib.HTTPConnection('localhost', self.port)
http.request("GET", "/echo")
response = http.getresponse()
assert response.status == 400
