def boto3_client(self, id_broker): """Retrieve S3 credentials from ID Broker and return a boto3 client. Arguments: None. Returns: boto3.client -- A boto3 client connected to the AWS environment """ try: r = requests.get( "https://{}:8444/gateway/dt/knoxtoken/api/v1/token".format( id_broker), auth=HTTPKerberosAuth()) url = "https://{}:8444/gateway/aws-cab/cab/api/v1/credentials".format( id_broker) headers = { 'Authorization': "Bearer " + r.json()['access_token'], 'cache-control': "no-cache" } response = requests.request("GET", url, headers=headers) ACCESS_KEY = response.json()['Credentials']['AccessKeyId'] SECRET_KEY = response.json()['Credentials']['SecretAccessKey'] SESSION_TOKEN = response.json()['Credentials']['SessionToken'] client = boto3.client( 's3', aws_access_key_id=ACCESS_KEY, aws_secret_access_key=SECRET_KEY, aws_session_token=SESSION_TOKEN, ) logging.debug("S3 credential found and boto3 client instantiated") except: logging.error("Unable to get S3 credentails") return client
def _do_request(self, requests_method, request_url, body, params, headers, expected_status_code, stream, verify, timeout): auth = HTTPKerberosAuth() if self.has_kerberos() else None response = requests_method(request_url, data=body, params=params, headers=headers, stream=stream, verify=verify, timeout=timeout or self.default_timeout_sec, auth=auth) if self.logger.isEnabledFor(logging.DEBUG): for hdr, hdr_content in list(response.request.headers.items()): self.logger.debug('request header: %s: %s' % (hdr, hdr_content)) self.logger.debug( 'reply: "%s %s" %s' % (response.status_code, response.reason, response.content)) for hdr, hdr_content in list(response.headers.items()): self.logger.debug('response header: %s: %s' % (hdr, hdr_content)) if response.status_code != expected_status_code: self._raise_client_error(response, request_url) if stream: return StreamedResponse(response) response_json = response.json() if response.history: response_json['history'] = response.history return response_json
def parse(self, inventory, loader, path, cache=True): super(InventoryModule, self).parse(inventory, loader, path) self.config_data = self._read_config_data(path) auth_type = self.get_option("authentication") if auth_type in ("basic", "ntlm"): username = self.get_option("username") password = self.get_option("password") if not (username and password): raise AnsibleError(("Username and password are required for " "{} authentication.").format(auth_type)) if auth_type == "basic": self._auth = (username, password) elif auth_type == "ntlm": if HAS_REQNTLM_AUTH: self._auth = HTTPNTLMAuth(username, password) else: raise AnsibleError( "The library 'requests_ntlm' is required for " "NTLM authentication.") elif auth_type == "kerberos": if HAS_REQKRB_AUTH: self._auth = HTTPKerberosAuth() else: raise AnsibleError( "The library 'requests_kerberos' is required for " "Kerberos authentication.") self._build_inventory()
def _handle_idbroker_ha(fs=None): fs = validate_fs(fs) idbrokeraddr = get_conf().get(_CNF_CAB_ADDRESS % fs) if fs else None response = None if fs: id_broker_addr = get_conf().get(_CNF_CAB_ADDRESS % fs) if id_broker_addr: id_broker_addr_list = id_broker_addr.split(',') for id_broker_addr in id_broker_addr_list: try: response = requests.get(id_broker_addr + 'dt/knoxtoken/api/v1/token', auth=HTTPKerberosAuth(), verify=False) except Exception as e: if 'Name or service not known' in str(e): LOG.warn('IDBroker %s is not available for use' % id_broker_addr) # Check response for None and if response code is successful (200) or authentication needed (401) if (response is not None) and (response.status_code in (200, 401)): idbrokeraddr = id_broker_addr break return idbrokeraddr else: return idbrokeraddr else: return idbrokeraddr
def krb_sign_on(url, cookiejar=None): """ Perform Kerberos-backed single-sign on against a provided (protected) URL. It is assumed that the current session has a working Kerberos ticket. Returns a Requests `CookieJar`, which can be accessed as a dictionary, but most importantly passed directly into a request or session via the `cookies` keyword argument. If a cookiejar-like object (such as a dictionary) is passed as the cookiejar keword argument, this is passed on to the Session. """ kerberos_auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL) with requests.Session() as s: krb_auth_url = _init_session(s=s, url=url, cookiejar=cookiejar, auth_url_fragment=u"auth/integrated/") # Perform actual Kerberos authentication log.info("Performing Kerberos authentication against %s" % krb_auth_url) r2 = s.get(krb_auth_url, auth=kerberos_auth, timeout=DEFAULT_TIMEOUT_SECONDS) return _finalise_login(s, auth_results=r2)
def get_comments(advisory_id): """5.2.10.2. GET /api/v1/comments?filter[key]=value Retrieve all advisory comments Example request body: {"filter": {"errata_id": 11112, "type": "AutomatedComment"}} Returns an array of comments ordered in descending order (newest first). The array may be empty depending on the filters used. The meaning of each attribute is documented under GET /api/v1/comments/{id} (see Erratum.get_comment()) Included for reference: 5.2.10.2.1. Filtering The list of comments can be filtered by applying filter[key]=value as a query parameter. All attributes of a comment - except advisory_state - can be used as a filter. This is a paginated API. Reference documentation: https://errata.devel.redhat.com/developer-guide/api-http-api.html#api-pagination """ body = {"filter": {"errata_id": advisory_id, "type": "Comment"}} res = requests.get(constants.errata_get_comments_url, verify=ssl.get_default_verify_paths().openssl_cafile, auth=HTTPKerberosAuth(), json=body) if res.status_code == 200: return res.json().get('data', []) elif res.status_code == 401: raise exceptions.ErrataToolUnauthorizedException(res.text) else: return False
def put_request(self, suffix_url, xml_file): """Make a oozie put request""" status = False file_h = open(os.path.join(self.cfg_mgr.saves, xml_file)) data = file_h.read() http_headers = {'Content-Type': 'application/xml'} url = self.oozie_url + suffix_url self.logger.info(url) response = requests.post(url, data=data, headers=http_headers, auth=HTTPKerberosAuth()) if 200 <= response.status_code and response.status_code < 300: my_json = json.dumps(response.json()) res_val = response.json() # self.logger.info(json.dumps(response.json(), # indent=4, sort_keys=True)) msg = "\n\n\t\tGo here: https://{0}:8888/oozie/" \ "list_oozie_workflow/{1}/\n".\ format(self.cfg_mgr.workflow_host, res_val['id']) self.logger.info(msg) status = True else: self.logger.error("Error submitting job. Error code: " "{status}".format(status=response.status_code)) self.logger.error(response.text) return status
def splunk_login(): # TODO: Support kerberos # https://github.com/requests/requests-kerberos # TODO: Store creds under ~/.config/splunkinv.conf # TODO: How long does the session id work? Possible to reuse it and store it persistently? s = requests.Session() if SPLUNK_KRB: kerberos_auth = HTTPKerberosAuth(mutual_authentication=REQUIRED, sanitize_mutual_error_response=False) login = s.post(SPLUNK_LOGIN, verify=sslverify, auth=kerberos_auth) else: login = s.post(SPLUNK_LOGIN, verify=sslverify, data={ 'username': SPLUNK_USER, 'password': SPLUNK_PASSWORD }) if login.status_code == 401: raise Exception('Login failed: %s' % login.json()) elif not login.ok: raise Exception('Failure logging in: %s' % login.text) s.headers.update( {'Authorization': 'Splunk %s' % login.json()['sessionKey']}) return s
def __get_es_client(self): if self.auth_type == CMRESHandler.AuthType.NO_AUTH: if self._client is None: self._client = Elasticsearch( hosts=self.hosts, use_ssl=self.use_ssl, verify_certs=self.verify_certs, connection_class=RequestsHttpConnection) return self._client if self.auth_type == CMRESHandler.AuthType.BASIC_AUTH: if self._client is None: return Elasticsearch(hosts=self.hosts, http_auth=self.auth_details, use_ssl=self.use_ssl, verify_certs=self.verify_certs, connection_class=RequestsHttpConnection) return self._client if self.auth_type == CMRESHandler.AuthType.KERBEROS_AUTH: if CMR_KERBEROS_SUPPORTED: # For kerberos we return a new client each time to make sure the tokens are up to date return Elasticsearch( hosts=self.hosts, use_ssl=self.use_ssl, verify_certs=self.verify_certs, connection_class=RequestsHttpConnection, http_auth=HTTPKerberosAuth(mutual_authentication=DISABLED)) else: raise EnvironmentError( "Kerberos module not available. Please install \"requests-kerberos\"" ) raise ValueError("Authentication method not supported")
def request(self, api_path, method='GET', **kwargs): api_endpoint = 'http://{}:{}{}'.format(self.address, self.port, api_path) self.logger.info('API Endpoint {}'.format(api_endpoint)) self._validate_configuration() if method == 'GET': headers = None else: headers = {"Content-Type": "application/json"} response = None if self.kerberos_enabled: from requests_kerberos import HTTPKerberosAuth response = requests.request(method=method, url=api_endpoint, auth=HTTPKerberosAuth(), headers=headers, **kwargs) else: response = requests.request(method=method, url=api_endpoint, headers=headers, **kwargs) if response.status_code in (200, 202): return self.response_class(response) else: msg = 'Response finished with status: %s. Details: %s' % ( response.status_code, response.text) raise APIError(msg)
def post(self, request, *args, **kwargs): ''' this is where we start data exchange ''' url = self.SP_ENDPOINT.format('http://localhost:9000') user_data = request.POST logger.debug(f'received POST from user {request.user!r}') # do we have to set cookies? cookies = request.COOKIES with requests.Session() as session: logger.debug('performing requests lib auth config') k = HTTPKerberosAuth() s = HTTPSAMLAuth(chained_auth=k) logger.debug('starting transaction with service provider') response = session.post(url, data=user_data, cookies=cookies, auth=s) logger.debug(f'SP response status: {response.status_code}') return self.render_to_response({ 'last_stop': True, 'sp_response': { 'header': response.headers, 'status_code': response.status_code, # 'content': str(response.text), 'content': response.text, # 'content': response.content, }, })
def get_brew_build(nvr, product_version='', session=None): """5.2.2.1. GET /api/v1/build/{id_or_nvr} Get Brew build details. https://errata.devel.redhat.com/developer-guide/api-http-api.html#api-get-apiv1buildid_or_nvr :param str nvr: A name-version-release string of a brew rpm/image build :param str product_version: The product version tag as given to ET when attaching a build :param requests.Session session: A python-requests Session object, used for for connection pooling. Providing `session` object can yield a significant reduction in total query time when looking up many builds. http://docs.python-requests.org/en/master/user/advanced/#session-objects :return: An initialized Build object with the build details :raises exceptions.BrewBuildException: When build not found """ if session is None: session = requests.session() res = session.get(constants.errata_get_build_url.format(id=nvr), verify=ssl.get_default_verify_paths().openssl_cafile, auth=HTTPKerberosAuth()) if res.status_code == 200: return brew.Build(nvr=nvr, body=res.json(), product_version=product_version) else: raise exceptions.BrewBuildException("{build}: {msg}".format( build=nvr, msg=res.text))
def sweep(ctx): advisory = ctx.obj['advisory'] target_releases = ctx.obj['target_release'] target_releases_str = '' #target_releases_string="target_release=3.4.z&target_release=3.5.z&target_release=3.6.z" for r in target_releases: target_releases_str += 'target_release={0}&'.format(r) query_url = 'https://bugzilla.redhat.com/buglist.cgi?bug_status=MODIFIED&classification=Red%20Hat&f1=component&f2=component&f3=component&f4=cf_verified&keywords=UpcomingRelease&keywords_type=nowords&known_name=All%203.x%20MODIFIED%20Bugs&list_id=8111122&o1=notequals&o2=notequals&o3=notequals&o4=notequals&product=OpenShift%20Container%20Platform&query_based_on=All%203.x%20MODIFIED%20Bugs&query_format=advanced&short_desc=%5C%5Bfork%5C%5D&short_desc_type=notregexp&{0}&v1=RFE&v2=Documentation&v3=Security&v4=FailedQA&version=3.0.0&version=3.1.0&version=3.1.1&version=3.2.0&version=3.2.1&version=3.3.0&version=3.3.1&version=3.4.0&version=3.4.1&version=3.5.0&version=3.5.1&version=3.6.0&version=3.6.1&version=3.7.0&version=3.7.1&version=unspecified'.format( target_releases_str) click.echo(query_url) new_bugs = check_output( ['bugzilla', 'query', '--ids', '--from-url="{0}"'.format(query_url)]).splitlines() flag_bugs(ctx, new_bugs) refresh_bugs(ctx, new_bugs) # post back to errata api for bug in new_bugs: click.echo("Adding Bug #{0}".format(bug)) payload = {'bug': bug} requests.post(ERRATA_ADD_BUG_URL % advisory, auth=HTTPKerberosAuth(), json=payload)
def test(self): try: if self.kerberos: kerberos_auth = HTTPKerberosAuth() url = "http://{0}/webhdfs/v1/?op=GETDELEGATIONTOKEN".format(self.endpoint) resp = requests.get(url, auth=kerberos_auth) if resp.status_code == 200: result = resp.json() self.delegationToken = result['Token']['urlString'] self.auth = "delegation=" + self.delegationToken + "&" return (True, "") elif resp.status_code == 401: return (False, "{0} => Response code: {1} (May be you need to perform 'kinit' on the remote host)".format(url, resp.status_code)) else: return (False, "{0} => Response code: {1}".format(url, resp.status_code)) else: url = "http://{0}/webhdfs/v1/?{1}op=GETFILESTATUS".format(self.endpoint, self.auth) resp = requests.get(url) if resp.status_code == 200: return (True, "") elif resp.status_code == 401: return (False, "{0} => Response code: {1} (May be KERBEROS authentication must be used)".format(url, resp.status_code)) else: return (False, "{0} => Response code: {1}".format(url, resp.status_code)) except Exception as e: if self.kerberos: return (False, "{0} => Error: {1}. Are you sure this cluster is secured by Kerberos ?".format(url, str(e))) else: return (False, "{0} => Error: {1}".format(url, str(e)))
def mentioned_trend(baseurl,mysqlhostIP, mysqlUserName = '******', mysqlPassword = '', dbname = 'btv_v2'): list_key_words = list() # 存储评论数据 # 连接数据库 print(base64.b64decode(b'Q29weXJpZ2h0IChjKSAyMDEyIERvdWN1YmUgSW5jLiBBbGwgcmlnaHRzIHJlc2VydmVkLg==').decode()) sqlConn=MySQLdb.connect(host=mysqlhostIP, user=mysqlUserName, passwd=mysqlPassword, db = dbname, charset='utf8') sqlcursor = sqlConn.cursor() sqlcursor.execute('''CREATE TABLE IF NOT EXISTS key_kk(pk bigint NOT NULL PRIMARY KEY AUTO_INCREMENT, keywords varchar(50)) DEFAULT CHARSET=utf8;''') print '新建库成功' os.popen('kinit -k -t /home/ctvit/ctvit.keytab ctvit') kerberos_auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL) tablename = "DATA:WEIBO_POST_Keywords" r = requests.get(baseurl + "/" + tablename + "/*", auth=kerberos_auth, headers = {"Accept" : "application/json"}) if issuccessful(r) == False: print "Could not get messages from HBase. Text was:\n" + r.text # quit() bleats = json.loads(r.text) box = list() for row in bleats['Row']: # print 000 # count+=1 message = '' lineNumber = '' username = '' for cell in row['Cell']: columnname = base64.b64decode(cell['column']) value = cell['$'] if value == None: print 'none' continue if columnname == "base_info:match": key_word = base64.b64decode(value) if columnname == "base_info:hot": hot = base64.b64decode(value) print 'hot',hot # if ("北京卫视春晚" not in key_word) and ("北京台的春晚" not in key_word) and ("BTV春晚" not in key_word) and ("BTV春晚" not in key_word) and ("bTV春晚" not in key_word): # break # if columnname == "base_info:cdate": # cdate = base64.b64decode(value) # cdate = cdate.split('T')[0] # print 'date',cdate # if cdate not in box: # box.append(cdate) # for i in box: # print i # print 'ppp',type(key_word) # print '11',key_word # if key_word not in list_key_words: # list_key_words.append(key_word) # # tempData = [] # for i in list_key_words: # print 'key',i # tempData.append(str(i)) # sqlcursor.execute('''insert into key_kk(keywords) values (%s)''',tempData) # sqlConn.commit() # tempData = [] sqlConn.close()
def login(self, username, password): preinturl='https://sp2010.ger.ith.intel.com/sites/XMM7360/Lists/7360_Preint/Default.aspx' import requests from requests_kerberos import HTTPKerberosAuth, REQUIRED kerberos_auth = HTTPKerberosAuth(mutual_authentication=REQUIRED, sanitize_mutual_error_response=False) r = requests.get(preinturl, auth=kerberos_auth,verify=False) print(r.text.encode('utf-8'))
def main(): with get(f"https://rhevm.abc.idm.lab.eng.brq.redhat.com/ovirt-engine/api/vms/{config['machine_id']}/statistics", auth=HTTPKerberosAuth(), headers={'accept': 'application/json'}) as response: if response.ok: result = loads(response.text) else: return False
def __get_token_gss(self): """ Sends a request to get an auth token from the server and stores it as a class attribute. Uses Kerberos authentication. :returns: True if the token was successfully received. False otherwise. """ if not EXTRA_MODULES['requests_kerberos']: raise MissingModuleException('The requests-kerberos module is not installed.') url = build_url(self.auth_host, path='auth/gss') result = self._send_request(url, get_token=True, auth=HTTPKerberosAuth()) if not result: self.logger.error('Cannot retrieve authentication token!') return False if result.status_code != codes.ok: # pylint: disable-msg=E1101 exc_cls, exc_msg = self._get_exception(headers=result.headers, status_code=result.status_code, data=result.content) raise exc_cls(exc_msg) self.auth_token = result.headers['x-rucio-auth-token'] return True
def _create_requests_session(self): """ Creates a Requests Session and authenticates to base API URL with HTTP Basic Auth or Kerberos Auth. We're using a Session to persist cookies across all requests made from the Session instance. :return s: Requests Session. """ s = requests.Session() # Kerberos Auth if self.auth == 'kerberos': self.principal = ticket._get_kerberos_principal() s.auth = HTTPKerberosAuth(mutual_authentication=DISABLED) s.verify = False # HTTP Basic Auth if isinstance(self.auth, tuple): username, password = self.auth self.principal = username s.params.update({'user': username, 'pass': password}) # Try to authenticate to auth_url. try: r = s.get(self.auth_url) logging.debug("Create requests session: status code: {0}".format( r.status_code)) r.raise_for_status() # Special case for RT. A 200 status code is still returned if authentication failed. Have to check r.text. if '200' not in r.text: raise requests.RequestException logging.info("Successfully authenticated to {0}".format( self.ticketing_tool)) return s except requests.RequestException as e: logging.error("Error authenticating to {0}".format(self.auth_url)) s.close()
def get_facts_puppetdb(self, apiurl, facts, hostgroup): url = '%s/facts' % apiurl if 'v3' in apiurl: query_base = '["and",["or",%s],["in", "certname", ["extract", "certname", ["select-facts", ["and", ["=", "name", "hostgroup"], ["~", "value", "%s"]]]]]]' else: query_base = '["and",["or",%s],["in", "certname", ["extract", "certname", ["select_facts", ["and", ["=", "name", "hostgroup"], ["~", "value", "%s"]]]]]]' query_facts = ','.join(['["=","name","%s"]' % fact for fact in facts]) query = query_base % (query_facts, hostgroup) headers = { 'Content-Type': 'application/json', 'Accept': 'application/json, version=2' } payload = {'query': query} logging.info("Getting facts from '%s', query: '%s'" % (url, query)) r = requests.get(url, params=payload, headers=headers, auth=HTTPKerberosAuth()) if r.status_code == requests.codes.ok: logging.info("Request code: '%s'" % r.status_code) return json.loads(r.text) else: logging.error("The request failed with code '%s'" % r.status_code) return None
def advisory_drop_cli(advisory): """Drop advisory Advisories can only be dropped by the creators, and program management. This script can get run on buildvm with the credentials of the creator of ART's advisories, so the bot account can drop them. """ url = errata_drop_url.format(id=advisory) data = 'utf8=%E2%9C%93&reason=Dropping+unused+advisory%21&commit=Dropping+unused+advisory' headers = {"Content-Type": "text/plain"} r = requests.post(url, auth=HTTPKerberosAuth(), data=data, headers=headers) if r.status_code == 200: click.echo(f'Succesfully dropped advisory {advisory}') sys.exit(0) elif "ERROR: Validation failed: Previous - Transition DROPPED_NO_SHIP => DROPPED_NO_SHIP is invalid" in r.text: click.echo(f'Advisory {advisory} already seems dropped') sys.exit(0) else: click.echo( f'Failed to drop advisory {advisory}. Got status code {r.status_code}' ) click.echo(r.text) sys.exit(1)
def rest(self, endpoint, data=None, method='get', formatjson=True, params=None): url = self.protocol + "://" + self.host + ":" + str( self.port) + "/api/atlas/" + endpoint header = { "Accept": "application/json", "Content-Type": "application/json" } if kerberos == True: auth = HTTPKerberosAuth() else: auth = (self.username, self.password) try: r = requests.request(method, url, headers=header, auth=auth, verify=False, data=data, params=params) except: logger.error("Cannot connect to Atlas") return (False) if formatjson: return (json.loads(r.text)) else: return (r.text)
def _create_requests_session(self): """ Creates a Requests Session and authenticates to base API URL with kerberos-requests. We're using a Session to persist cookies across all requests made from the Session instance. :return s: Requests Session. """ # TODO: Support other authentication methods. # Set up authentication for requests session. s = requests.Session() if self.auth == 'kerberos': self.principal = _get_kerberos_principal() s.auth = HTTPKerberosAuth(mutual_authentication=DISABLED) s.verify = False if isinstance(self.auth, tuple): s.auth = self.auth # Try to authenticate to auth_url. try: r = s.get(self.auth_url) logging.debug("Create requests session: status code: {0}".format( r.status_code)) r.raise_for_status() logging.info("Successfully authenticated to {0}".format( self.ticketing_tool)) return s # We log an error if authentication was not successful, because rest of the HTTP requests will not succeed. # Instead of using e.message, use e.args[0] instead to prevent DeprecationWarning for exception.message. except requests.RequestException as e: logging.error("Error authenticating to {0}.".format(self.auth_url)) logging.error(e.args[0]) s.close()
def atlasPOST(restAPI, data): kerberos_auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL) requests.packages.urllib3.disable_warnings(InsecureRequestWarning) url = "https://" + ATLAS_DOMAIN + restAPI print(url) r = requests.post(url, auth=kerberos_auth, verify=False, json=data) return (json.loads(r.text))
def _create_requests_session(self): """ Creates a Requests Session and authenticates to base API URL with kerberos-requests. We're using a Session to persist cookies across all requests made from the Session instance. :return s: Requests Session. """ # TODO: Support other authentication methods. # Set up authentication for requests session. s = requests.Session() if self.auth == 'kerberos': self.principal = _get_kerberos_principal() s.auth = HTTPKerberosAuth(mutual_authentication=DISABLED) s.verify = self.verify if isinstance(self.auth, tuple): s.auth = self.auth s.verify = self.verify # Try to authenticate to auth_url. try: r = s.get(self.auth_url) logger.debug("Create requests session: status code: {0}".format( r.status_code)) r.raise_for_status() logger.info("Successfully authenticated to {0}".format( self.ticketing_tool)) return s except requests.RequestException as e: logger.error("Error authenticating to {0}".format(self.auth_url)) logger.error(e) s.close()
def __init__(self): self.url = Environment().get_spark_livy_url() self.auth = None if Environment().is_kerberos_enabled(): from requests_kerberos import HTTPKerberosAuth, REQUIRED self.auth = HTTPKerberosAuth(mutual_authentication=REQUIRED, sanitize_mutual_error_response=False)
def set_kerberos_auth(self, service="HTTP"): """Set up kerberos auth for the client, based on the current ticket.""" mutual_auth = conf.KERBEROS.MUTUAL_AUTHENTICATION.get().upper() if mutual_auth == 'OPTIONAL': self._session.auth = HTTPKerberosAuth( mutual_authentication=OPTIONAL, service=service) elif mutual_auth == 'REQUIRED': self._session.auth = HTTPKerberosAuth( mutual_authentication=REQUIRED, service=service) elif mutual_auth == 'DISABLED': self._session.auth = HTTPKerberosAuth( mutual_authentication=DISABLED, service=service) else: self._session.auth = HTTPKerberosAuth( mutual_authentication=OPTIONAL, service=service) return self
def _make_request(self, entity, params): """ Send a request to Pyxis :param str entity: entity part to construct a full URL for request. :param dict params: Pyxis query parameters. :return: Json response from Pyxis :rtype: dict :raises PyxisRequestError: If Pyxis returns error as a response """ entity_url = urllib.parse.urljoin(self._api_root, entity) auth_method = HTTPKerberosAuth(mutual_authentication=OPTIONAL) response = requests.get(entity_url, params=params, auth=auth_method, timeout=conf.net_timeout) if response.ok: return response.json() # Warn early, in case there is an error in the error handling code below log.warning("Request to %s gave %r", response.request.url, response) try: response_text = response.json() except ValueError: response_text = response.text raise PyxisRequestError(response.status_code, response_text)
def __init__(self, client_id, capture_request_history=False, saml_auth=HTTPKerberosAuth(mutual_authentication=OPTIONAL), expiration=120, verify=True): self.client_id = client_id self.capture_request_history = capture_request_history self.history = [] self.expiration = expiration # Defaults to 2 hours (120 min) self.verify = verify self.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob' # DOI SAML service required these headers for single-sign-on. Developers can explicity over-write if needed... self.saml_headers = { "User-Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0E; InfoPath.3)" } # DOI SAML service did not support 'REQUIRED' mutual authentication. HTTPKerberosAuth threw a 'mutual authentication exception'. Developers can explicity over-write if needed (or even add NTLM or some other 3rd party auth handler to the SAML communications) self.saml_auth = saml_auth ### Derived Fields ### self._verify_cert = True self._base_url = None # Expected to be - https://host/<instance>/sharing/rest where <instance> is optional self._oauth_info = None # Derived from the portal "authorize" endpoint self._saml_code = None # Derived from the SAML login self._token_data = None # Derived from the portal "token" endpoint self._token_acquired = None
def set_kerberos_auth(self, mutual_authentication, service, delegate, force_preemptive, principal, hostname_override, sanitize_mutual_error_response, send_cbt): """Set up kerberos auth for the client, based on the current ticket.""" mutual_authentication_val = OPTIONAL if mutual_authentication == 'OPTIONAL': mutual_authentication_val = OPTIONAL elif mutual_authentication == 'REQUIRED': mutual_authentication_val = REQUIRED elif mutual_authentication == 'DISABLED': mutual_authentication_val = DISABLED self._session.auth = HTTPKerberosAuth( mutual_authentication=mutual_authentication_val, service=service, delegate=delegate, force_preemptive=force_preemptive, principal=principal, hostname_override=hostname_override, sanitize_mutual_error_response=sanitize_mutual_error_response, send_cbt=send_cbt) return self