Пример #1
0
    def _request_args(self, with_auth=True, **kwargs):
        headers = kwargs.pop("headers", {})
        if with_auth and self.use_auth:
            if self.token is None:
                self.get_oauth_token()
            if self.token:
                headers["Authorization"] = "Bearer %s" % self.token
            else:
                raise OsbsAuthException(
                    "Please check your credentials. "
                    "Token was not retrieved successfully.")

        # Use the client certificate both for the OAuth request and OpenShift
        # API requests. Certificate auth can be used as an alternative to
        # OAuth, however a scenario where they are used to get OAuth token is
        # also possible. Certificate is not sent when server does not request it.
        if self.client_cert or self.client_key:
            if self.client_cert and self.client_key:
                kwargs["client_cert"] = self.client_cert
                kwargs["client_key"] = self.client_key
            else:
                raise OsbsAuthException(
                    "You need to provide both client certificate and key.")

        # Do we have a ca.crt? If so, use it
        if self.verify_ssl and self.ca is not None:
            kwargs["ca"] = self.ca

        return headers, kwargs
Пример #2
0
    def get_oauth_token(self):
        url = self.os_oauth_url + "?response_type=token&client_id=openshift-challenging-client"
        if self.use_auth:
            if self.username and self.password:
                logger.debug("using basic authentication")
                r = self.get(
                    url,
                    with_auth=False,
                    allow_redirects=False,
                    username=self.username,
                    password=self.password,
                )
            elif self.use_kerberos:
                logger.debug("using kerberos authentication")

                if self.kerberos_keytab:
                    if not self.kerberos_principal:
                        raise OsbsAuthException(
                            "You need to provide kerberos principal along "
                            "with the keytab path.")
                    kerberos_ccache_init(self.kerberos_principal,
                                         self.kerberos_keytab,
                                         ccache_file=self.kerberos_ccache)

                r = self.get(url,
                             with_auth=False,
                             allow_redirects=False,
                             kerberos_auth=True)
            else:
                logger.debug("using identity authentication")
                r = self.get(url, with_auth=False, allow_redirects=False)
        else:
            logger.debug(
                "getting token without any authentication (fingers crossed)")
            r = self.get(url, with_auth=False, allow_redirects=False)

        try:
            redir_url = r.headers['location']
        except KeyError:
            logger.error(
                "[%s] 'Location' header is missing in response, cannot retrieve token",
                r.status_code)
            return ""
        parsed_url = urlparse(redir_url)
        fragment = parsed_url.fragment
        parsed_fragment = parse_qs(fragment)
        self.token = parsed_fragment['access_token'][0]
        return self.token