From 84a73d69340a62deef2c8113249f8144d1819489 Mon Sep 17 00:00:00 2001 From: Ankit Jain Date: Thu, 4 Aug 2016 11:10:31 -0700 Subject: [PATCH] 1. Pass auth header in post_query request Fix for test_verify_object_logs Needed to pass auth header in post_query request Pass expect : 202 in query header to get qid 2. Script fix required after Secured Access for Analytic REST API- 8081 in R3.1(master): 1. we need to pass inputs in VerificationOpsSrv now which can be used for authentication in class JsonDrv (cherry picked from commit 55eb03b234249a007cbb1a4fb00a34914d557132) 3. Change VerificationOpsSrv to use admin credentials for auth After changing default aaa mode to cloud-admin-only for contrail-analytics-api we need to change VerificationOpsSrv to use admin credentials when getting auth token to send to contrail-analytics-api instead of stack user credentials. Partial-Bug: #1599654 (cherry picked from commit 1eb5678528d036f7a46a14dd4010667c4ac44be4) Change-Id: I9692c57add27b2bacc3d0c05d59690c3e2c82b7f --- common/connections.py | 5 ++-- .../collector/opserver_introspect_utils.py | 24 ++++++++++++------- tcutils/collector/opserver_util.py | 21 +++++++++------- tcutils/verification_util.py | 14 ++++++----- 4 files changed, 39 insertions(+), 25 deletions(-) diff --git a/common/connections.py b/common/connections.py index 0f439d2bd..f2f55385b 100755 --- a/common/connections.py +++ b/common/connections.py @@ -39,7 +39,7 @@ def __init__(self, inputs=None, logger=None, project_name=None, self.agent_inspect = custom_dict(self.get_vrouter_agent_inspect_handle, 'agent_inspect') self.ops_inspects = custom_dict(self.get_opserver_inspect_handle, - 'ops_inspect') + 'ops_inspect:'+self.project_name+':'+self.username) self.cn_inspect = custom_dict(self.get_control_node_inspect_handle, 'cn_inspect') self.ds_inspect = custom_dict(self.get_discovery_service_inspect_handle, @@ -156,7 +156,8 @@ def get_opserver_inspect_handle(self, host): if ip not in self.ops_inspects: self.ops_inspects[ip] = VerificationOpsSrv(ip, port=self.inputs.analytics_api_port, - logger=self.logger) + logger=self.logger, + inputs=self.inputs) return self.ops_inspects[ip] def get_discovery_service_inspect_handle(self, host): diff --git a/tcutils/collector/opserver_introspect_utils.py b/tcutils/collector/opserver_introspect_utils.py index 92a2eaea6..33ffca7c3 100755 --- a/tcutils/collector/opserver_introspect_utils.py +++ b/tcutils/collector/opserver_introspect_utils.py @@ -16,8 +16,9 @@ class VerificationOpsSrv (VerificationUtilBase): - def __init__(self, ip, port=8081, logger=LOG): - super(VerificationOpsSrv, self).__init__(ip, port, logger=logger) + def __init__(self, ip, port=8081, logger=LOG, inputs=None): + super(VerificationOpsSrv, self).__init__(ip, port, logger=logger, args=inputs, + use_admin_auth=True) def get_ops_generator(self, generator=None, @@ -290,6 +291,8 @@ def post_query(self, table, start_time=None, end_time=None, where_clause='', sort_fields=None, sort=None, limit=None, filter=None, dir=None): res = None + self._drv._auth() + headers = self._drv._headers try: flows_url = OpServerUtils.opserver_query_url( self._ip, str(self._port)) @@ -303,14 +306,19 @@ def post_query(self, table, start_time=None, end_time=None, print json.dumps(query_dict) res = [] resp = OpServerUtils.post_url_http( - flows_url, json.dumps(query_dict)) + flows_url, json.dumps(query_dict), headers) if resp is not None: resp = json.loads(resp) - qid = resp['href'].rsplit('/', 1)[1] - result = OpServerUtils.get_query_result( - self._ip, str(self._port), qid) - for item in result: - res.append(item) + try: + qid = resp['href'].rsplit('/', 1)[1] + result = OpServerUtils.get_query_result( + self._ip, str(self._port), qid, headers) + for item in result: + res.append(item) + except Exception as e: + if 'value' in resp: + for item in resp['value']: + res.append(item) except Exception as e: print str(e) finally: diff --git a/tcutils/collector/opserver_util.py b/tcutils/collector/opserver_util.py index 89df85a30..8aa7c5a04 100644 --- a/tcutils/collector/opserver_util.py +++ b/tcutils/collector/opserver_util.py @@ -59,17 +59,20 @@ def get_start_end_time(start_time, end_time): # end get_start_end_time @staticmethod - def post_url_http(url, params): + def post_url_http(url, params, token): + DEFAULT_HEADERS = {'Content-type': 'application/json; charset="UTF-8"','Expect': '202-accepted'} + headers = DEFAULT_HEADERS.copy() + headers['X-AUTH-TOKEN'] = token['X-AUTH-TOKEN'] try: print 'request version : %s'%(pkg_resources.get_distribution("requests").version[0]) if int(pkg_resources.get_distribution("requests").version[0]) >= 1: response = requests.post(url, stream=True, data=params, - headers=OpServerUtils.POST_HEADERS) + headers=headers) else: response = requests.post(url, prefetch=False, data=params, - headers=OpServerUtils.POST_HEADERS) + headers=headers) except requests.exceptions.ConnectionError, e: print "Connection to %s failed" % url return None @@ -81,13 +84,13 @@ def post_url_http(url, params): # end post_url_http @staticmethod - def get_url_http(url): + def get_url_http(url, headers=None): data = {} try: if int(pkg_resources.get_distribution("requests").version[0]) >= 1: - data = requests.get(url, stream=True) + data = requests.get(url, stream=True, headers=headers) else: - data = requests.get(url, prefetch=False) + data = requests.get(url, prefetch=False, headers=headers) except requests.exceptions.ConnectionError, e: print "Connection to %s failed" % url @@ -121,11 +124,11 @@ def parse_query_result(result): # end parse_query_result @staticmethod - def get_query_result(opserver_ip, opserver_port, qid): + def get_query_result(opserver_ip, opserver_port, qid, headers): while True: url = OpServerUtils.opserver_query_url( opserver_ip, opserver_port) + '/' + qid - resp = OpServerUtils.get_url_http(url) + resp = OpServerUtils.get_url_http(url, headers=headers) if resp.status_code != 200: yield {} return @@ -137,7 +140,7 @@ def get_query_result(opserver_ip, opserver_port, qid): for chunk in status['chunks']: url = OpServerUtils.opserver_url( opserver_ip, opserver_port) + chunk['href'] - resp = OpServerUtils.get_url_http(url) + resp = OpServerUtils.get_url_http(url, headers=headers) if resp.status_code != 200: yield {} else: diff --git a/tcutils/verification_util.py b/tcutils/verification_util.py index 6289172ba..73d32c85d 100644 --- a/tcutils/verification_util.py +++ b/tcutils/verification_util.py @@ -14,11 +14,12 @@ class JsonDrv (object): } _DEFAULT_AUTHN_URL = "/v2.0/tokens" - def __init__(self, vub, logger=LOG, args=None): + def __init__(self, vub, logger=LOG, args=None, use_admin_auth=False): self.log = logger self._vub = vub self._headers = None self._args = args + self._use_admin_auth = use_admin_auth def _auth(self): if self._args: @@ -33,8 +34,9 @@ def _auth(self): verify = not insecure self._authn_body = \ '{"auth":{"passwordCredentials":{"username": "%s", "password": "%s"}, "tenantName":"%s"}}' % ( - self._args.stack_user, self._args.stack_password, - self._args.project_name) + self._args.admin_username if self._use_admin_auth else self._args.stack_user, + self._args.admin_password if self._use_admin_auth else self._args.stack_password, + self._args.admin_tenant if self._use_admin_auth else self._args.project_name) response = requests.post(url, data=self._authn_body, headers=self._DEFAULT_HEADERS, verify=verify) @@ -62,7 +64,7 @@ def load(self, url, retry=True): class XmlDrv (object): - def __init__(self, vub, logger=LOG, args=None): + def __init__(self, vub, logger=LOG, args=None, use_admin_auth=False): self.log = logger self._vub = vub if args: @@ -80,11 +82,11 @@ def load(self, url): class VerificationUtilBase (object): - def __init__(self, ip, port, drv=JsonDrv, logger=LOG, args=None): + def __init__(self, ip, port, drv=JsonDrv, logger=LOG, args=None, use_admin_auth=False): self.log = logger self._ip = ip self._port = port - self._drv = drv(self, logger=logger, args=args) + self._drv = drv(self, logger=logger, args=args, use_admin_auth=use_admin_auth) self._force_refresh = False def get_force_refresh(self):