def contextBrokerUnSubscription(self, cbSubscriptionId, serverId):
"""Unsubscribes server from Context Broker """
headers = {"Content-Type": "application/json", "Accept": "application/json"}
data = json.dumps('{"subscriptionId": "%s"}' % cbSubscriptionId)
r = self.client.post(settings.CONTEXT_BROKER_URL + "/unsubscribeContext", data, headers=headers)
if r.status_code == 200:
logger.info(
"Server %s was unsubscribed from Context Broker.--- HTTP Response: %d" % (serverId, r.status_code)
)
else:
logger.error(
"ERROR, Server %s was not unsubscribed from Context Broker.--- HTTP Response: %d"
% (serverId, r.status_code)
)
raise SystemError("ERROR, Server %s was not unsubscribed.--- HTTP Response: %d" % (serverId, r.status_code))
def get_auth_token(self, username, password, tenant_id, **kwargs):
"""
Init the variables related to authorization, needed to execute tests
:return: The auth token retrieved
"""
if self.auth_token is None:
cred_kwargs = {
'auth_url': self.identity_url,
'username': username,
'password': password
}
# Currently, both v2 and v3 Identity API versions are supported
if self.api_version == AUTH_API_V2:
cred_kwargs['tenant_name'] = kwargs.get('tenant_name')
elif self.api_version == AUTH_API_V3:
cred_kwargs['user_domain_name'] = kwargs.get(
'user_domain_name')
# Instantiate a Password object
try:
identity_package = 'keystoneclient.auth.identity.%s' % self.api_version.replace(
'.0', '')
identity_module = __import__(identity_package,
fromlist=['Password'])
password_class = getattr(identity_module, 'Password')
logger.debug("Authentication with %s", password_class)
credentials = password_class(**cred_kwargs)
except (ImportError, AttributeError) as e:
raise e
# Get auth token
logger.debug("Getting auth token for tenant %s...", tenant_id)
try:
auth_sess = self.session.Session(
auth=credentials, timeout=DEFAULT_REQUEST_TIMEOUT)
self.auth_token = auth_sess.get_token()
logger.debug("Admin token generated: %s", self.auth_token)
except Exception as e:
logger.error("No auth token (%s)", e.message)
raise (e)
return self.auth_token
def get_auth_token(self, username, password, tenant_id, auth_api, url, **kwargs):
"""
Init the variables related to authorization, needed to execute tests
:return: The auth token retrieved
"""
cred_kwargs = {
'auth_url': url,
'username': username,
'password': password
}
# Currently, both v2 and v3 Identity API versions are supported
if auth_api == AUTH_API_V2:
cred_kwargs['tenant_name'] = kwargs.get('tenant_name')
elif auth_api == AUTH_API_V3:
cred_kwargs['user_domain_name'] = kwargs.get('user_domain_name')
# Instantiate a Password object
try:
identity_package = 'keystoneclient.auth.identity.%s' % auth_api.replace('.0', '')
identity_module = __import__(identity_package, fromlist=['Password'])
password_class = getattr(identity_module, 'Password')
logger.debug("Authentication with %s", password_class)
credentials = password_class(**cred_kwargs)
except (ImportError, AttributeError) as e:
raise e
# Get auth token
logger.debug("Getting auth token for tenant %s...", tenant_id)
try:
auth_sess = self.session.Session(auth=credentials, timeout=DEFAULT_REQUEST_TIMEOUT)
auth_token = auth_sess.get_token()
logger.debug("Admin token generated:" + auth_token)
except (KeystoneClientException, KeystoneConnectionRefused) as e:
logger.error("No auth token (%s)", e.message)
raise(e)
return auth_token
def contextBrokerSubscription(self, tenantId, serverId):
"""Subscribes server to Context Broker to get information about cpu and memory monitoring"""
headers = {CONTENT_HEADER: JSON_TYPE, ACCEPT_HEADER: JSON_TYPE}
data = '{"entities": [' \
'{"type": "Server",'\
'"isPattern": "false",' \
'"id": "' + serverId + '"' \
'}],' \
'"attributes": [' \
'"cpu",' \
'"mem"],' \
'"reference": "' + settings.NOTIFICATION_URL + '/' + \
tenantId + 'servers/' + serverId + '",' \
'"duration": "P1M",' \
'"notifyConditions": [' \
'{"type": "' + settings.NOTIFICATION_TYPE + '",' \
'"condValues": ["' + settings.NOTIFICATION_TIME + '"]}]}'
r = self.client.post(settings.CONTEXT_BROKER_URL + "/subscribeContext",
data,
headers=headers)
if r.status_code == 200:
decoded = json.loads(r.text.decode())
logger.info(
"Server %s was subscribed to Context Broker.--- HTTP Response: %d"
% (serverId, r.status_code))
else:
logger.error(
"ERROR, Server %s was not subscribed to Context Broker.--- HTTP Response: %d"
% (serverId, r.status_code))
raise SystemError(
"ERROR, Server %s was not subscribed to Context Broker.--- HTTP Response: %d"
% (serverId, r.status_code))
return decoded["subscribeResponse"]["subscriptionId"]
def contextBrokerSubscription(self, tenantId, serverId):
"""Subscribes server to Context Broker to get information about cpu and memory monitoring"""
headers = {CONTENT_HEADER: JSON_TYPE, ACCEPT_HEADER: JSON_TYPE}
data = (
'{"entities": ['
'{"type": "Server",'
'"isPattern": "false",'
'"id": "' + serverId + '"'
"}],"
'"attributes": ['
'"cpu",'
'"mem"],'
'"reference": "' + settings.NOTIFICATION_URL + "/" + tenantId + "servers/" + serverId + '",'
'"duration": "P1M",'
'"notifyConditions": ['
'{"type": "' + settings.NOTIFICATION_TYPE + '",'
'"condValues": ["' + settings.NOTIFICATION_TIME + '"]}]}'
)
r = self.client.post(settings.CONTEXT_BROKER_URL + "/subscribeContext", data, headers=headers)
if r.status_code == 200:
decoded = json.loads(r.text.decode())
logger.info("Server %s was subscribed to Context Broker.--- HTTP Response: %d" % (serverId, r.status_code))
else:
logger.error(
"ERROR, Server %s was not subscribed to Context Broker.--- HTTP Response: %d"
% (serverId, r.status_code)
)
raise SystemError(
"ERROR, Server %s was not subscribed to Context Broker.--- HTTP Response: %d"
% (serverId, r.status_code)
)
return decoded["subscribeResponse"]["subscriptionId"]
def contextBrokerUnSubscription(self, cbSubscriptionId, serverId):
"""Unsubscribes server from Context Broker """
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
data = json.dumps("{\"subscriptionId\": \"%s\"}" % cbSubscriptionId)
r = self.client.post(settings.CONTEXT_BROKER_URL +
"/unsubscribeContext",
data,
headers=headers)
if r.status_code == 200:
logger.info(
"Server %s was unsubscribed from Context Broker.--- HTTP Response: %d"
% (serverId, r.status_code))
else:
logger.error(
"ERROR, Server %s was not unsubscribed from Context Broker.--- HTTP Response: %d"
% (serverId, r.status_code))
raise SystemError(
"ERROR, Server %s was not unsubscribed.--- HTTP Response: %d" %
(serverId, r.status_code))
def get_auth_token(self, username, password, tenant_id, **kwargs):
"""
Init the variables related to authorization, needed to execute tests
:return: The auth token retrieved
"""
if self.auth_token is None:
cred_kwargs = {"auth_url": self.identity_url, "username": username, "password": password}
# Currently, both v2 and v3 Identity API versions are supported
if self.api_version == AUTH_API_V2:
cred_kwargs["tenant_name"] = kwargs.get("tenant_name")
elif self.api_version == AUTH_API_V3:
cred_kwargs["user_domain_name"] = kwargs.get("user_domain_name")
# Instantiate a Password object
try:
identity_package = "keystoneclient.auth.identity.%s" % self.api_version.replace(".0", "")
identity_module = __import__(identity_package, fromlist=["Password"])
password_class = getattr(identity_module, "Password")
logger.debug("Authentication with %s", password_class)
credentials = password_class(**cred_kwargs)
except (ImportError, AttributeError) as e:
raise e
# Get auth token
logger.debug("Getting auth token for tenant %s...", tenant_id)
try:
auth_sess = self.session.Session(auth=credentials, timeout=DEFAULT_REQUEST_TIMEOUT)
self.auth_token = auth_sess.get_token()
logger.debug("Admin token generated: %s", self.auth_token)
except Exception as e:
logger.error("No auth token (%s)", e.message)
raise (e)
return self.auth_token
def checkToken(self, admin_token, token, tenant_id, url, auth_api):
"""checks if a token is valid against a url using an admin token."""
logger.debug("Starting Authentication of token %s ", token)
try:
if not token:
raise Unauthorized("Token is empty")
auth_result = self.get_info_token(url, admin_token, token, auth_api)
if auth_result:
if tenant_id == auth_result.tenant["id"]:
logger.debug('The token is valid')
else:
logger.error("TenantId %s ", tenant_id)
logger.error("Token TenantId %s ", auth_result.tenant["id"])
raise Unauthorized("Token is not valid for specified tenant %s" % tenant_id)
except Unauthorized as unauth:
logger.error(unauth)
raise unauth
except InternalServerError as internalError:
raise AuthorizationFailure("Token could not have enough permissions to access tenant: %s" % tenant_id)
except Exception as ex:
raise ex
def checkToken(self, admin_token, token, tenant_id):
"""checks if a token is valid against a url using an admin token."""
token_db = None
try:
if not token:
raise Unauthorized("Token is empty")
logger.debug("Starting Authentication of token %s ", token)
try:
token_db = self.get_token_from_memory(token)
if self.api_version == AUTH_API_V2:
time_to_review = token_db['createdAt'] + timezone.timedelta(
seconds=int(settings.SECURITY_LEVEL_SECONDS_V2[
settings.SECURITY_LEVEL]))
elif self.api_version == AUTH_API_V3:
time_to_review = token_db['createdAt'] + timezone.timedelta(
seconds=int(settings.SECURITY_LEVEL_SECONDS_V3[
settings.SECURITY_LEVEL]))
logger.debug(
"Token {0} is present in memory, should be checked at {1}".
format(token, time_to_review))
expires = dateparse.parse_datetime(token_db['expires'])
if timezone.now() > expires or timezone.now(
) > time_to_review or tenant_id is not token_db["tenant"]:
logger.debug(
"Token %s should be checked against keystone.", token)
else:
return token
except KeyError:
logger.debug("Token %s is not present in DB", token)
pass
auth_result = self.get_info_token(admin_token, token)
if auth_result:
if tenant_id == auth_result.tenant["id"]:
# STORE TOKEN IN MEMORY
createdAt = timezone.now()
token_db = self.user_tokens.setdefault(
token, {
'id': auth_result.id,
'expires': auth_result.expires,
'username': auth_result.username,
'tenant': auth_result.tenant["id"],
'createdAt': createdAt
})
self.user_tokens[token] = token_db
return token
else:
logger.error("TenantId %s ", tenant_id)
logger.error("Token TenantId %s ",
auth_result.tenant["id"])
raise Unauthorized(
"Token is not valid for specified tenant %s" %
tenant_id)
except AuthorizationFailure as ex:
if re.search(self.auth_token, ex.message) or re.search(
AUTH_TOKEN_ERROR_MESSAGE, ex.message):
self.auth_token = None
logger.debug(
"Admin token has expired, setting global to None.")
elif re.search(token, ex.message) and token_db:
self.user_tokens.pop(token)
raise ex
except Unauthorized as unauth:
logger.debug(unauth)
raise unauth
except InternalServerError as internalError:
raise AuthorizationFailure(
"Token could not have enough permissions to access tenant: %s"
% tenant_id)
except Exception as ex:
raise ex
from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()
import datetime
from django.utils import timezone
from fiware_cloto.cloto.models import ServerInfo
from django.conf import settings
from fiware_cloto.cloto.utils.log import logger
runningfrom = datetime.datetime.now(tz=timezone.get_default_timezone())
# Creating initial data
s = ServerInfo(id=1,
owner=settings.OWNER,
version=settings.VERSION,
runningfrom=runningfrom,
doc=settings.API_INFO_URL)
try:
s.save()
except Exception as ex:
logger.error(
"Error saving initial server data into DB while server was starting: %s",
ex)
# Starting environments Controller
controller = environment_controller.environment_controller()
if not controller.is_started():
controller.start_manager()
logger.info("SERVER STARTED")
# This application object is used by any WSGI server configured to use this
# file. This includes Django's development server, if the WSGI_APPLICATION
# setting points here.
from fiware_cloto.environments import environment_controller
from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()
import datetime
from django.utils import timezone
from fiware_cloto.cloto.models import ServerInfo
from django.conf import settings
from fiware_cloto.cloto.utils.log import logger
runningfrom = datetime.datetime.now(tz=timezone.get_default_timezone())
# Creating initial data
s = ServerInfo(id=1, owner=settings.OWNER, version=settings.VERSION,
runningfrom=runningfrom, doc=settings.API_INFO_URL)
try:
s.save()
except Exception as ex:
logger.error("Error saving initial server data into DB while server was starting: %s", ex)
# Starting environments Controller
controller = environment_controller.environment_controller()
if not controller.is_started():
controller.start_manager()
logger.info("SERVER STARTED")
def checkToken(self, admin_token, token, tenant_id):
"""checks if a token is valid against a url using an admin token."""
token_db = None
try:
if not token:
raise Unauthorized("Token is empty")
logger.debug("Starting Authentication of token %s ", token)
try:
token_db = self.get_token_from_memory(token)
if self.api_version == AUTH_API_V2:
time_to_review = token_db["createdAt"] + timezone.timedelta(
seconds=int(settings.SECURITY_LEVEL_SECONDS_V2[settings.SECURITY_LEVEL])
)
elif self.api_version == AUTH_API_V3:
time_to_review = token_db["createdAt"] + timezone.timedelta(
seconds=int(settings.SECURITY_LEVEL_SECONDS_V3[settings.SECURITY_LEVEL])
)
logger.debug("Token {0} is present in memory, should be checked at {1}".format(token, time_to_review))
expires = dateparse.parse_datetime(token_db["expires"])
if timezone.now() > expires or timezone.now() > time_to_review or tenant_id is not token_db["tenant"]:
logger.debug("Token %s should be checked against keystone.", token)
else:
return token
except KeyError:
logger.debug("Token %s is not present in DB", token)
pass
auth_result = self.get_info_token(admin_token, token)
if auth_result:
if tenant_id == auth_result.tenant["id"]:
# STORE TOKEN IN MEMORY
createdAt = timezone.now()
token_db = self.user_tokens.setdefault(
token,
{
"id": auth_result.id,
"expires": auth_result.expires,
"username": auth_result.username,
"tenant": auth_result.tenant["id"],
"createdAt": createdAt,
},
)
self.user_tokens[token] = token_db
return token
else:
logger.error("TenantId %s ", tenant_id)
logger.error("Token TenantId %s ", auth_result.tenant["id"])
raise Unauthorized("Token is not valid for specified tenant %s" % tenant_id)
except AuthorizationFailure as ex:
if re.search(self.auth_token, ex.message) or re.search(AUTH_TOKEN_ERROR_MESSAGE, ex.message):
self.auth_token = None
logger.debug("Admin token has expired, setting global to None.")
elif re.search(token, ex.message) and token_db:
self.user_tokens.pop(token)
raise ex
except Unauthorized as unauth:
logger.debug(unauth)
raise unauth
except InternalServerError as internalError:
raise AuthorizationFailure("Token could not have enough permissions to access tenant: %s" % tenant_id)
except Exception as ex:
raise ex
