def validSource(self) -> bool: try: return net.ipInNetwork(self._request.ip, GlobalConfig.ADMIN_TRUSTED_SOURCES.get(True)) except Exception as e: logger.warning('Error checking truted ADMIN source: "%s" does not seems to be a valid network string. Using Unrestricted access.', GlobalConfig.ADMIN_TRUSTED_SOURCES.get()) return True
def _wrapped_view(request, *args, **kwargs): """ Wrapped function for decorator """ from uds.core.util import net if net.ipInNetwork(request.ip, GlobalConfig.TRUSTED_SOURCES.get(True)) is False: return HttpResponseForbidden() return view_func(request, *args, **kwargs)
def _wrapped_view(request: HttpRequest, *args, **kwargs) -> RT: """ Wrapped function for decorator """ from uds.core.util import net if net.ipInNetwork(request.ip, GlobalConfig.TRUSTED_SOURCES.get(True)) is False: return HttpResponseForbidden() return view_func(request, *args, **kwargs)
def getGroups(self, username, groupsManager: GroupsManager): # these groups are a bit special. They are in fact ip-ranges, and we must check that the ip is in betwen # The ranges are stored in group names for g in groupsManager.getGroupsNames(): try: if net.ipInNetwork(username, g): groupsManager.validate(g) except Exception as e: logger.error('Invalid network for IP auth: %s', e)
def getGroups(self, ip, groupsManager): # these groups are a bit special. They are in fact ip-ranges, and we must check that the ip is in betwen # The ranges are stored in group names for g in groupsManager.getGroupsNames(): try: if net.ipInNetwork(ip, g): groupsManager.validate(g) except Exception as e: logger.error('Invalid network for IP auth: {0}'.format(six.text_type(e)))
def _wrapped_view(request: HttpRequest, *args, **kwargs) -> RT: """ Wrapped function for decorator """ try: if net.ipInNetwork( request.ip, GlobalConfig.TRUSTED_SOURCES.get(True)) is False: return HttpResponseForbidden() except Exception as e: logger.warning( 'Error checking trusted source: "%s" does not seems to be a valid network string. Using Unrestricted access.', GlobalConfig.TRUSTED_SOURCES.get()) return view_func(request, *args, **kwargs)
def wolURL(self, ip: str, mac: str) -> str: """Tries to get WOL server for indicated IP Args: ip (str): ip of target machine Returns: str: URL of WOL server or empty ('') if no server for the ip is found """ if not self.config.value or not ip or not mac: return '' # If ip is in fact a hostname... if not net.ipToLong(ip): # Try to resolve name... try: res = dns.resolver.resolve(ip) ip = res[0].address except Exception: self.doLog(log.WARN, f'Name {ip} could not be resolved') logger.warning('Name %s could not be resolved', ip) return '' url = '' try: config = configparser.ConfigParser() config.read_string(self.config.value) for key in config['wol']: if net.ipInNetwork(ip, key): return (config['wol'][key].replace('{MAC}', mac).replace( '{IP}', ip)) except Exception as e: logger.error('Error parsing advanced configuration: %s', e) return ''
def isTrustedSource(ip: str) -> bool: return net.ipInNetwork(ip, GlobalConfig.TRUSTED_SOURCES.get(True))
def prometheus_metrics(request: HttpRequest) -> HttpResponse: ''' response with openuds metrics for: A. authenticators B. providers C. provider services D. service pools ''' # manual ip check instead of auth.trustedSourceRequired decorator if len(ALLOWED_IPS) and not net.ipInNetwork(request.ip, ALLOWED_IPS): return HttpResponseForbidden() if request.method == 'POST': return HttpResponseNotAllowed(['GET']) start_time = time.time() response = '' # A. authenticators # names prefix: openuds_auth_ for auth in Authenticator.objects.all(): auth_name = map_name(auth.uuid, auth.name) response += '# HELP openuds_auth_users_total Total number of users.\n' response += '# TYPE openuds_auth_users_total counter\n' response += ('openuds_auth_users_total{auth="%s"} %d\n' % (auth_name, auth.users.count())) response += '# HELP openuds_auth_groups_total Total number of groups.\n' response += '# TYPE openuds_auth_groups_total gauge\n' response += ('openuds_auth_groups_total{auth="%s"} %d\n' % (auth_name, auth.groups.count())) # ToDo # B. providers # names prefix: openuds_provider_ # ToDo # C. provider services # names prefix: openuds_providerservice_ # D. service pools # names prefix: openuds_pool_ sps = ServicePool.objects.all() response += '# HELP openuds_pool_total Total number of pools.\n' response += '# TYPE openuds_pool_total gauge\n' response += 'openuds_pool_total %d\n' % (len(sps)) for sp in sps: sp_name = map_name(sp.uuid, sp.name) response += '# HELP openuds_pool_pub_revision Pool publication revision.\n' response += '# TYPE openuds_pool_pub_revision counter\n' response += ('openuds_pool_pub_revision{pool="%s"} %d\n' % (sp_name, int(sp.current_pub_revision))) # access_allowed / maintenance / restrained response += '# HELP openuds_pool_access_allowed Access allowed.\n' response += '# TYPE openuds_pool_access_allowed untyped\n' response += ('openuds_pool_access_allowed{pool="%s"} %d\n' % (sp_name, int(sp.isAccessAllowed()))) response += '# HELP openuds_pool_in_maintenance In maintenance.\n' response += '# TYPE openuds_pool_in_maintenance untyped\n' response += ('openuds_pool_in_maintenance{pool="%s"} %d\n' % (sp_name, int(sp.isInMaintenance()))) response += '# HELP openuds_pool_restrained Restrained.\n' response += '# TYPE openuds_pool_restrained untyped\n' response += ('openuds_pool_restrained{pool="%s"} %d\n' % (sp_name, int(sp.isRestrained()))) # openuds_pool settings: initial_srvs, cache_l1, cache_l2, max response += '# HELP openuds_pool_initial_srvs Initial services.\n' response += '# TYPE openuds_pool_initial_srvs gauge\n' response += ('openuds_pool_initial_srvs{pool="%s"} %d\n' % (sp_name, sp.initial_srvs)) response += '# HELP openuds_pool_cache_l1_srvs L1 cache services.\n' response += '# TYPE openuds_pool_cache_l1_srvs gauge\n' response += ('openuds_pool_cache_l1_srvs{pool="%s"} %d\n' % (sp_name, sp.cache_l1_srvs)) response += '# HELP openuds_pool_cache_l2_srvs L2 cache services.\n' response += '# TYPE openuds_pool_cache_l2_srvs gauge\n' response += ('openuds_pool_cache_l2_srvs{pool="%s"} %d\n' % (sp_name, sp.cache_l2_srvs)) response += '# HELP openuds_pool_max_srvs Max services.\n' response += '# TYPE openuds_pool_max_srvs gauge\n' response += ('openuds_pool_max_srvs{pool="%s"} %d\n' % (sp_name, sp.max_srvs)) # These are serviceProvider metrics, not servicePool ones... # move to serviceProvider block? try: if sp.service.isOfType('FPService'): serviceProvider = sp.service.getInstance() response += '# HELP openuds_pool_maximal_srvs Max services.\n' response += '# TYPE openuds_pool_maximal_srvs gauge\n' counter = len( serviceProvider.getFPHosts(serviceProvider.getGroupId())) response += ('openuds_pool_maximal_srvs{pool="%s"} %d\n' % (sp_name, counter)) except Exception as e: date = datetime.datetime.now() logger.error( '%s - fog project connection error: pool %s - state %s - %s' % (date, sp.name, sp.state, str(e))) # openuds_pool state: A (active), .... Whatelse ? response += '# HELP openuds_pool_state Pool state.\n' response += '# TYPE openuds_pool_state gauge\n' response += ('openuds_pool_state{pool="%s", state="A"} %d\n' % (sp_name, int(sp.state == 'A'))) # here we could put more pool states... response += ('openuds_pool_state{pool="%s", state="other"} %d\n' % (sp_name, int(sp.state != 'A'))) # logging new pool states: if sp.state not in 'A': date = datetime.datetime.now() logger.warning('%s - pool %s - estado %s' % (date, sp.name, sp.state)) # E. user services # names prefix: openuds_pool_userservice_ erroneousUserServices = sp.erroneousUserServices() cachedUserServices = sp.cachedUserServices() assignedUserServices = sp.assignedUserServices() # restrained is a pool concept, not userservice's one # restraineds = sp.getRestraineds() # erroneous response += ('# HELP openuds_pool_userservice_erroneous_count' ' Pool userservice erroneous counter.\n') response += '# TYPE openuds_pool_userservice_erroneous_count gauge\n' usl = len([us for us in erroneousUserServices if us.state != 'S']) response += ( 'openuds_pool_userservice_erroneous_count{pool="%s"} %d\n' % (sp_name, usl)) ''' # restrained response += ('# HELP openuds_pool_userservice_restrained_count' ' Pool userservice restrained counter.\n') response += '# TYPE openuds_pool_userservice_restrained_count gauge\n' usl = len([us for us in restraineds if us.state != 'S']) response += ('openuds_pool_userservice_restrained_count{pool="%s"} %d\n' % (sp_name, usl)) ''' # cached response += ('# HELP openuds_pool_userservice_cached_count' ' Pool userservice cached counter.\n') response += '# TYPE openuds_pool_userservice_cached_count gauge\n' usl = len([us for us in cachedUserServices if us.state != 'S']) response += ('openuds_pool_userservice_cached_count{pool="%s"} %d\n' % (sp_name, usl)) # cached_valid_valid response += ('# HELP openuds_pool_userservice_cached_valid_valid_count' ' Pool userservice cached valid_valid counter.\n') response += '# TYPE openuds_pool_userservice_cached_valid_valid_count gauge\n' usl = len([ us for us in cachedUserServices if us.state == 'U' and us.os_state == 'U' ]) response += ( 'openuds_pool_userservice_cached_valid_valid_count{pool="%s"} %d\n' % (sp_name, usl)) # assigned_inuse response += ('# HELP openuds_pool_userservice_assigned_inuse_count' ' Pool userservice assigned_inuse counter.\n') response += '# TYPE openuds_pool_userservice_assigned_inuse_count gauge\n' usl = len([ us for us in assignedUserServices if us.state != 'S' and us.in_use ]) usl_inuse = usl response += ( 'openuds_pool_userservice_assigned_inuse_count{pool="%s"} %d\n' % (sp_name, usl)) # assigned response += ('# HELP openuds_pool_userservice_assigned_count' ' Pool userservice assigned counter.\n') response += '# TYPE openuds_pool_userservice_assigned_count gauge\n' usl = len([us for us in assignedUserServices if us.state != 'S']) response += ( 'openuds_pool_userservice_assigned_count{pool="%s"} %d\n' % (sp_name, usl)) # assigned_notinuse: # ** this can be calculated by diff so maybe it is bad practice # send it as new metric? but for using it in max_over_time # aggregation function this is convenient (ToDo?) response += ('# HELP openuds_pool_userservice_assigned_notinuse_count' ' Pool userservice assigned_notinuse counter.\n') response += '# TYPE openuds_pool_userservice_assigned_notinuse_count gauge\n' usl_notinuse = usl - usl_inuse response += ( 'openuds_pool_userservice_assigned_notinuse_count{pool="%s"} %d\n' % (sp_name, usl_notinuse)) # metrics of userservices by states. # maybe overkill ? # but it's done: if you want them, uncomment it """ nm = 'openuds_pool_userservice' response += '# HELP %s Pool userservice by_state counter.\n' % (nm) response += '# TYPE %s gauge\n' % (nm) known_us_states = [] for us_state in ['U', 'S', 'R', 'P', 'M', 'C', 'E', 'K']: for os_state in ['U', 'P']: state = '_'.join([us_state, os_state]) known_us_states.append(state) # erroneous usl = len([us for us in erroneousUserServices if '_'.join([us.state, us.os_state]) == state]) response += ('%s{pool="%s", type="erroneous", state="%s"} %d\n' % (nm, sp_name, state, usl)) ''' # restrained usl = len([us for us in restraineds if '_'.join([us.state, us.os_state]) == state]) response += ('%s{pool="%s", type="restrained", state="%s"} %d\n' % (nm, sp_name, state, usl )) ''' # cached usl = len([us for us in cachedUserServices if '_'.join([us.state, us.os_state]) == state]) response += ('%s{pool="%s", type="cached", state="%s"} %d\n' % (nm, sp_name, state, usl)) # assigned_inuse usl = len([us for us in assignedUserServices if '_'.join([us.state, us.os_state]) == state and us.in_use]) usl_inuse = usl response += ('%s{pool="%s", type="assigned_inuse", state="%s"} %d\n' % (nm, sp_name, state, usl)) # assigned usl = len([us for us in assignedUserServices if '_'.join([us.state, us.os_state]) == state]) response += ('%s{pool="%s", type="assigned", state="%s"} %d\n' % (nm, sp_name, state, usl)) # assigned_notinuse: # ** this can be calculated by diff so maybe it is bad practice # send it as new metric? but for using it in max_over_time # aggregation function this is convenient (ToDo?) usl_notinuse = usl - usl_inuse response += ('%s{pool="%s", type="assigned_notinuse", state="%s"} %d\n' % (nm, sp_name, state, usl_notinuse)) # learning userServices not considered states: usl = [] usl.extend([us for us in cachedUserServices if '_'.join([us.state, us.os_state]) not in known_us_states]) usl.extend([us for us in assignedUserServices if '_'.join([us.state, us.os_state]) not in known_us_states]) usl.extend([us for us in erroneousUserServices if '_'.join([us.state, us.os_state]) not in known_us_states]) if len(usl): date = datetime.datetime.now() new_states = ','.join(['_'.join([us.state, us.os_state]) for us in usl]) logger.warning('%s - pool %s have userservices in unknown' ' usstate_osstate: %s\n%s' % (date, sp.name, new_states, str(usl))) """ # F. scrapping time response += ('# HELP openuds_scrape_collector_duration_seconds' ' Duration of a collector scrape.\n') response += '# TYPE openuds_scrape_collector_duration_seconds gauge\n' response += ('openuds_scrape_collector_duration_seconds %f\n' % (time.time() - start_time)) return HttpResponse(response, content_type='text/plain')