def handle(self):
# If we have a rate limiting definition, let's check it upfront
DefinitionParser.check_definition_from_input(self.request.input)
input = self.request.input
input.password = uuid4().hex
input.secret = Fernet.generate_key()
with closing(self.odb.session()) as session:
try:
# Let's see if we already have a definition of that name before committing
# any stuff into the database.
existing_one = session.query(JWT).\
filter(Cluster.id==input.cluster_id).\
filter(JWT.name==input.name).first()
if existing_one:
raise Exception(
'JWT definition `{}` already exists on this cluster'.
format(input.name))
item = self._new_zato_instance_with_cluster(JWT)
item.name = input.name
item.is_active = input.is_active
item.username = input.username
item.password = input.password
item.secret = input.secret
item.ttl = input.ttl
item.cluster_id = input.cluster_id
set_instance_opaque_attrs(item, input)
session.add(item)
session.commit()
except Exception:
self.logger.error('Could not create a JWT definition, e:`%s`',
format_exc())
session.rollback()
raise
else:
input.id = item.id
input.action = SECURITY.JWT_CREATE.value
input.sec_type = SEC_DEF_TYPE.JWT
self.broker_client.publish(input)
self.response.payload.id = item.id
self.response.payload.name = item.name
def handle(self):
# If we have a rate limiting definition, let's check it upfront
DefinitionParser.check_definition_from_input(self.request.input)
input = self.request.input
with closing(self.odb.session()) as session:
try:
existing_one = session.query(HTTPBasicAuth).\
filter(Cluster.id==input.cluster_id).\
filter(HTTPBasicAuth.name==input.name).\
filter(HTTPBasicAuth.id!=input.id).\
first()
if existing_one:
raise Exception(
'HTTP Basic Auth definition `{}` already exists on this cluster'
.format(input.name))
definition = session.query(HTTPBasicAuth).filter_by(
id=input.id).one()
old_name = definition.name
set_instance_opaque_attrs(definition, input)
definition.name = input.name
definition.is_active = input.is_active
definition.username = input.username
definition.realm = input.realm or None
session.add(definition)
session.commit()
except Exception:
self.logger.error(
'Could not update HTTP Basic Auth definition, e:`%s`',
format_exc())
session.rollback()
raise
else:
input.action = SECURITY.BASIC_AUTH_EDIT.value
input.old_name = old_name
input.sec_type = SEC_DEF_TYPE.BASIC_AUTH
self.broker_client.publish(input)
self.response.payload.id = definition.id
self.response.payload.name = definition.name
def handle(self):
# If we have a rate limiting definition, let's check it upfront
DefinitionParser.check_definition_from_input(self.request.input)
input = self.request.input
input.password = uuid4().hex
with closing(self.odb.session()) as session:
try:
cluster = session.query(Cluster).filter_by(
id=input.cluster_id).first()
# Let's see if we already have a definition of that name before committing
# any stuff into the database.
existing_one = session.query(HTTPBasicAuth).\
filter(Cluster.id==input.cluster_id).\
filter(HTTPBasicAuth.name==input.name).first()
if existing_one:
raise Exception(
'HTTP Basic Auth definition `{}` already exists in this cluster'
.format(input.name))
auth = HTTPBasicAuth(None, input.name, input.is_active,
input.username, input.realm or None,
input.password, cluster)
set_instance_opaque_attrs(auth, input)
session.add(auth)
session.commit()
except Exception:
self.logger.error(
'Could not create an HTTP Basic Auth definition, e:`%s`',
format_exc())
session.rollback()
raise
else:
input.id = auth.id
input.action = SECURITY.BASIC_AUTH_CREATE.value
input.sec_type = SEC_DEF_TYPE.BASIC_AUTH
self.broker_client.publish(input)
self.response.payload.id = auth.id
self.response.payload.name = auth.name
def handle(self):
input = self.request.input
# If we have a rate limiting definition, let's check it upfront
DefinitionParser.check_definition_from_input(input)
with closing(self.odb.session()) as session:
try:
service = session.query(Service).filter_by(
id=input.id).one() # type: Service
service.is_active = input.is_active
service.slow_threshold = input.slow_threshold
set_instance_opaque_attrs(service, input)
# Configure JSON Schema validation if service has a schema assigned by user.
class_info = self.server.service_store.get_service_info_by_id(
input.id) # type: dict
class_ = class_info['service_class'] # type: Service
if class_.schema:
self.server.service_store.set_up_class_json_schema(
class_, input)
# Set up rate-limiting each time an object was edited
self.server.service_store.set_up_rate_limiting(service.name)
session.add(service)
session.commit()
input.action = SERVICE.EDIT.value
input.impl_name = service.impl_name
input.name = service.name
self.broker_client.publish(input)
self.response.payload = service
internal_del = is_boolean(self.server.fs_server_config.misc.
internal_services_may_be_deleted)
self.response.payload.may_be_deleted = internal_del if service.is_internal else True
except Exception:
self.logger.error('Service could not be updated, e:`%s`',
format_exc())
session.rollback()
raise
def handle(self):
input = self.request.input
# If we have a rate limiting definition, let's check it upfront
DefinitionParser.check_definition_from_input(input)
with closing(self.odb.session()) as session:
try:
existing_one = session.query(APIKeySecurity).\
filter(Cluster.id==input.cluster_id).\
filter(APIKeySecurity.name==input.name).\
filter(APIKeySecurity.id!=input.id).\
first()
if existing_one:
raise Exception('API key `{}` already exists in this cluster'.format(input.name))
definition = session.query(APIKeySecurity).filter_by(id=input.id).one()
old_name = definition.name
set_instance_opaque_attrs(definition, input)
definition.name = input.name
definition.is_active = input.is_active
definition.username = input.username
session.add(definition)
session.commit()
except Exception:
self.logger.error('API key could not be updated, e:`{}`', format_exc())
session.rollback()
raise
else:
input.action = SECURITY.APIKEY_EDIT.value
input.old_name = old_name
input.sec_type = SEC_DEF_TYPE.APIKEY
self.broker_client.publish(input)
self.response.payload.id = definition.id
self.response.payload.name = definition.name
def handle(self):
# If we have a rate limiting definition, let's check it upfront
DefinitionParser.check_definition_from_input(self.request.input)
input = self.request.input
input.sec_use_rbac = input.get('sec_use_rbac') or (input.security_id == ZATO_SEC_USE_RBAC)
input.security_id = input.security_id if input.security_id not in (ZATO_NONE, ZATO_SEC_USE_RBAC) else None
input.soap_action = input.soap_action if input.soap_action else ''
if input.content_encoding and input.content_encoding != 'gzip':
raise Exception('Content encoding must be empty or equal to `gzip`')
with closing(self.odb.session()) as session:
existing_one = session.query(HTTPSOAP.id).\
filter(HTTPSOAP.cluster_id==input.cluster_id).\
filter(HTTPSOAP.id!=input.id).\
filter(HTTPSOAP.name==input.name).\
filter(HTTPSOAP.connection==input.connection).\
filter(HTTPSOAP.transport==input.transport).\
first()
if existing_one:
raise Exception('An object of that input.name:`{}` already exists in this cluster ' \
'(input.connection:`{}` input.transport:`{}` input.id:`{}` existing_one.id:`{}`)'.format(
input.name, input.connection, input.transport, input.id, existing_one.id))
# Is the service's name correct?
service = session.query(Service).\
filter(Cluster.id==input.cluster_id).\
filter(Service.cluster_id==Cluster.id).\
filter(Service.name==input.service).first()
if input.connection == CONNECTION.CHANNEL and not service:
msg = 'Service `{}` does not exist on this cluster'.format(input.service)
self.logger.error(msg)
raise Exception(msg)
# Will raise exception if the security type doesn't match connection
# type and transport
sec_info = self._handle_security_info(session, input.security_id, input.connection, input.transport)
# TLS data comes in combinations, i.e. certain elements are required only if TLS keys/certs are used
self._validate_tls(input, sec_info)
try:
item = session.query(HTTPSOAP).filter_by(id=input.id).one()
opaque = parse_instance_opaque_attr(item)
old_name = item.name
old_url_path = item.url_path
old_soap_action = item.soap_action
old_http_method = item.method
old_http_accept = opaque.get('http_accept')
item.name = input.name
item.is_active = input.is_active
item.host = input.host
item.url_path = input.url_path
item.security_id = input.security_id or None # So that SQLite does not reject ''
item.connection = input.connection
item.transport = input.transport
item.cluster_id = input.cluster_id
item.method = input.method
item.soap_action = input.soap_action
item.soap_version = input.soap_version or None
item.data_format = input.data_format
item.service = service
item.ping_method = input.get('ping_method') or DEFAULT_HTTP_PING_METHOD
item.pool_size = input.get('pool_size') or DEFAULT_HTTP_POOL_SIZE
item.merge_url_params_req = input.get('merge_url_params_req') or False
item.url_params_pri = input.get('url_params_pri') or URL_PARAMS_PRIORITY.DEFAULT
item.params_pri = input.get('params_pri') or PARAMS_PRIORITY.DEFAULT
item.serialization_type = input.get('serialization_type') or HTTP_SOAP_SERIALIZATION_TYPE.DEFAULT.id
item.timeout = input.get('timeout') or MISC.DEFAULT_HTTP_TIMEOUT
item.has_rbac = input.get('has_rbac') or input.sec_use_rbac or False
item.content_type = input.get('content_type')
item.sec_use_rbac = input.sec_use_rbac
item.cache_id = input.cache_id or None
item.cache_expiry = input.cache_expiry
item.content_encoding = input.content_encoding
sec_tls_ca_cert_id = input.get('sec_tls_ca_cert_id')
item.sec_tls_ca_cert_id = sec_tls_ca_cert_id if sec_tls_ca_cert_id and sec_tls_ca_cert_id != ZATO_NONE else None
# Opaque attributes
set_instance_opaque_attrs(item, input)
session.add(item)
session.commit()
if input.connection == CONNECTION.CHANNEL:
input.impl_name = service.impl_name
input.service_id = service.id
input.service_name = service.name
input.merge_url_params_req = item.merge_url_params_req
input.url_params_pri = item.url_params_pri
input.params_pri = item.params_pri
cache = cache_by_id(session, input.cluster_id, item.cache_id) if item.cache_id else None
if cache:
input.cache_type = cache.cache_type
input.cache_name = cache.name
else:
input.cache_type = None
input.cache_name = None
else:
input.ping_method = item.ping_method
input.pool_size = item.pool_size
input.is_internal = item.is_internal
input.old_name = old_name
input.old_url_path = old_url_path
input.old_soap_action = old_soap_action
input.old_http_method = old_http_method
input.old_http_accept = old_http_accept
input.update(sec_info)
if item.sec_tls_ca_cert_id and item.sec_tls_ca_cert_id != ZATO_NONE:
self.add_tls_ca_cert(input, item.sec_tls_ca_cert_id)
if input.connection == CONNECTION.CHANNEL:
action = CHANNEL.HTTP_SOAP_CREATE_EDIT.value
else:
action = OUTGOING.HTTP_SOAP_CREATE_EDIT.value
self.notify_worker_threads(input, action)
self.response.payload.id = item.id
self.response.payload.name = item.name
except Exception:
self.logger.error('Object could not be updated, e:`%s`', format_exc())
session.rollback()
raise
def handle(self):
# If we have a rate limiting definition, let's check it upfront
DefinitionParser.check_definition_from_input(self.request.input)
input = self.request.input
input.sec_use_rbac = input.get('sec_use_rbac') or (
input.security_id == ZATO_SEC_USE_RBAC)
input.security_id = input.security_id if input.security_id not in (
ZATO_NONE, ZATO_SEC_USE_RBAC) else None
input.soap_action = input.soap_action if input.soap_action else ''
input.timeout = input.get('timeout') or MISC.DEFAULT_HTTP_TIMEOUT
# For HL7
input.data_encoding = input.get('data_encoding') or 'utf-8'
input.hl7_version = input.get('hl7_version') or HL7.Const.Version.v2.id
if input.content_encoding and input.content_encoding != 'gzip':
raise Exception(
'Content encoding must be empty or equal to `gzip`')
with closing(self.odb.session()) as session:
existing_one = session.query(HTTPSOAP.id).\
filter(HTTPSOAP.cluster_id==input.cluster_id).\
filter(HTTPSOAP.name==input.name).\
filter(HTTPSOAP.connection==input.connection).\
filter(HTTPSOAP.transport==input.transport).\
first()
if existing_one:
raise Exception(
'An object of that name `{}` already exists in this cluster'
.format(input.name))
# Is the service's name correct?
service = session.query(Service).\
filter(Cluster.id==input.cluster_id).\
filter(Service.cluster_id==Cluster.id).\
filter(Service.name==input.service).first()
if input.connection == CONNECTION.CHANNEL and not service:
msg = 'Service `{}` does not exist on this cluster'.format(
input.service)
self.logger.error(msg)
raise Exception(msg)
# Will raise exception if the security type doesn't match connection
# type and transport
sec_info = self._handle_security_info(session, input.security_id,
input.connection,
input.transport)
# Make sure this combination of channel parameters does not exist already
if input.connection == CONNECTION.CHANNEL:
self.ensure_channel_is_unique(session, input.url_path,
input.http_accept, input.method,
input.soap_action,
input.cluster_id)
try:
item = self._new_zato_instance_with_cluster(HTTPSOAP)
item.connection = input.connection
item.transport = input.transport
item.is_internal = input.is_internal
item.name = input.name
item.is_active = input.is_active
item.host = input.host
item.url_path = input.url_path
item.method = input.method
item.soap_action = input.soap_action
item.soap_version = input.soap_version or None
item.data_format = input.data_format
item.service = service
item.ping_method = input.get(
'ping_method') or DEFAULT_HTTP_PING_METHOD
item.pool_size = input.get(
'pool_size') or DEFAULT_HTTP_POOL_SIZE
item.merge_url_params_req = input.get(
'merge_url_params_req') or True
item.url_params_pri = input.get(
'url_params_pri') or URL_PARAMS_PRIORITY.DEFAULT
item.params_pri = input.get(
'params_pri') or PARAMS_PRIORITY.DEFAULT
item.serialization_type = input.get(
'serialization_type'
) or HTTP_SOAP_SERIALIZATION_TYPE.DEFAULT.id
item.timeout = input.timeout
item.has_rbac = input.get(
'has_rbac') or input.sec_use_rbac or False
item.content_type = input.get('content_type')
item.sec_use_rbac = input.sec_use_rbac
item.cache_id = input.get('cache_id') or None
item.cache_expiry = input.get('cache_expiry') or 0
item.content_encoding = input.content_encoding
# Configure CA certs
self._set_sec_tls_ca_cert_id(item, input)
if input.security_id:
item.security = get_security_by_id(session,
input.security_id)
else:
input.security_id = None # To ensure that SQLite doesn't reject ''
# Opaque attributes
set_instance_opaque_attrs(item, input)
session.add(item)
session.commit()
if input.connection == CONNECTION.CHANNEL:
input.impl_name = service.impl_name
input.service_id = service.id
input.service_name = service.name
cache = cache_by_id(
session, input.cluster_id,
item.cache_id) if item.cache_id else None
if cache:
input.cache_type = cache.cache_type
input.cache_name = cache.name
else:
input.cache_type = None
input.cache_name = None
if item.sec_tls_ca_cert_id:
self.add_tls_ca_cert(input, item.sec_tls_ca_cert_id)
input.id = item.id
input.update(sec_info)
if input.connection == CONNECTION.CHANNEL:
action = CHANNEL.HTTP_SOAP_CREATE_EDIT.value
else:
action = OUTGOING.HTTP_SOAP_CREATE_EDIT.value
self.notify_worker_threads(input, action)
self.response.payload.id = item.id
self.response.payload.name = item.name
except Exception:
self.logger.error('Object could not be created, e:`%s',
format_exc())
session.rollback()
raise