# Copyright 2018 AT&T Intellectual Property. All other rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. """Client for submitting authenticated requests to Promenade API.""" import logging import requests from urllib.parse import urlparse from keystoneauth1 import exceptions as exc import drydock_provisioner.error as errors from drydock_provisioner.util import KeystoneUtils # TODO: Remove this local implementation of Promenade Session and client once # Promenade api client is available as part of Promenade project. class PromenadeSession(object): """ A session to the Promenade API maintaining credentials and API options :param string marker: (optional) external context marker :param tuple timeout: (optional) a tuple of connect, read timeout values to use as the default for invocations using this session. A single value may also be supplied instead of a tuple to indicate only the read timeout to use """ def __init__(self, scheme='http', marker=None, timeout=None): self.logger = logging.getLogger(__name__) self.__session = requests.Session() self.set_auth() self.marker = marker self.__session.headers.update({'X-Context-Marker': marker}) self.prom_url = self._get_prom_url() self.port = self.prom_url.port self.host = self.prom_url.hostname self.scheme = scheme if self.port: self.base_url = "%s://%s:%s/api/" % (self.scheme, self.host, self.port) else: # assume default port for scheme self.base_url = "%s://%s/api/" % (self.scheme, self.host) self.default_timeout = self._calc_timeout_tuple((20, 30), timeout) def set_auth(self): auth_header = self._auth_gen() self.__session.headers.update(auth_header) def get(self, route, query=None, timeout=None): """ Send a GET request to Promenade. :param string route: The URL string following the hostname and API prefix :param dict query: A dict of k, v pairs to add to the query string :param timeout: A single or tuple value for connect, read timeout. A single value indicates the read timeout only :return: A requests.Response object """ auth_refresh = False while True: url = self.base_url + route self.logger.debug('GET ' + url) self.logger.debug('Query Params: ' + str(query)) resp = self.__session.get( url, params=query, timeout=self._timeout(timeout)) if resp.status_code == 401 and not auth_refresh: self.set_auth() auth_refresh = True else: break return resp def put(self, endpoint, query=None, body=None, data=None, timeout=None): """ Send a PUT request to Promenade. If both body and data are specified, body will be used. :param string endpoint: The URL string following the hostname and API prefix :param dict query: A dict of k, v parameters to add to the query string :param string body: A string to use as the request body. Will be treated as raw :param data: Something json.dumps(s) can serialize. Result will be used as the request body :param timeout: A single or tuple value for connect, read timeout. A single value indicates the read timeout only :return: A requests.Response object """ auth_refresh = False url = self.base_url + endpoint while True: self.logger.debug('PUT ' + url) self.logger.debug('Query Params: ' + str(query)) if body is not None: self.logger.debug( "Sending PUT with explicit body: \n%s" % body) resp = self.__session.put( self.base_url + endpoint, params=query, data=body, timeout=self._timeout(timeout)) else: self.logger.debug( "Sending PUT with JSON body: \n%s" % str(data)) resp = self.__session.put( self.base_url + endpoint, params=query, json=data, timeout=self._timeout(timeout)) if resp.status_code == 401 and not auth_refresh: self.set_auth() auth_refresh = True else: break return resp def post(self, endpoint, query=None, body=None, data=None, timeout=None): """ Send a POST request to Drydock. If both body and data are specified, body will be used. :param string endpoint: The URL string following the hostname and API prefix :param dict query: A dict of k, v parameters to add to the query string :param string body: A string to use as the request body. Will be treated as raw :param data: Something json.dumps(s) can serialize. Result will be used as the request body :param timeout: A single or tuple value for connect, read timeout. A single value indicates the read timeout only :return: A requests.Response object """ auth_refresh = False url = self.base_url + endpoint while True: self.logger.debug('POST ' + url) self.logger.debug('Query Params: ' + str(query)) if body is not None: self.logger.debug( "Sending POST with explicit body: \n%s" % body) resp = self.__session.post( self.base_url + endpoint, params=query, data=body, timeout=self._timeout(timeout)) else: self.logger.debug( "Sending POST with JSON body: \n%s" % str(data)) resp = self.__session.post( self.base_url + endpoint, params=query, json=data, timeout=self._timeout(timeout)) if resp.status_code == 401 and not auth_refresh: self.set_auth() auth_refresh = True else: break return resp def _timeout(self, timeout=None): """Calculate the default timeouts for this session :param timeout: A single or tuple value for connect, read timeout. A single value indicates the read timeout only :return: the tuple of the default timeouts used for this session """ return self._calc_timeout_tuple(self.default_timeout, timeout) def _calc_timeout_tuple(self, def_timeout, timeout=None): """Calculate the default timeouts for this session :param def_timeout: The default timeout tuple to be used if no specific timeout value is supplied :param timeout: A single or tuple value for connect, read timeout. A single value indicates the read timeout only :return: the tuple of the timeouts calculated """ connect_timeout, read_timeout = def_timeout try: if isinstance(timeout, tuple): if all(isinstance(v, int) for v in timeout) and len(timeout) == 2: connect_timeout, read_timeout = timeout else: raise ValueError("Tuple non-integer or wrong length") elif isinstance(timeout, int): read_timeout = timeout elif timeout is not None: raise ValueError("Non integer timeout value") except ValueError: self.logger.warn( "Timeout value must be a tuple of integers or a " "single integer. Proceeding with values of " "(%s, %s)", connect_timeout, read_timeout) return (connect_timeout, read_timeout) def _get_ks_session(self): # Get keystone session object try: ks_session = KeystoneUtils.get_session() except exc.AuthorizationFailure as aferr: self.logger.error( 'Could not authorize against Keystone: %s', str(aferr)) raise errors.DriverError('Could not authorize against Keystone: %s', str(aferr)) return ks_session def _get_prom_url(self): # Get promenade url from Keystone session object ks_session = self._get_ks_session() try: prom_endpoint = ks_session.get_endpoint( interface='internal', service_type='kubernetesprovisioner') except exc.EndpointNotFound: self.logger.error("Could not find an internal interface" " defined in Keystone for Promenade") raise errors.DriverError("Could not find an internal interface" " defined in Keystone for Promenade") prom_url = urlparse(prom_endpoint) return prom_url def _auth_gen(self): # Get auth token from Keystone session token = self._get_ks_session().get_auth_headers().get('X-Auth-Token') return [('X-Auth-Token', token)] class PromenadeClient(object): """" A client for the Promenade API """ def __init__(self): self.session = PromenadeSession() self.logger = logging.getLogger(__name__) def relabel_node(self, node_id, node_labels): """ Relabel kubernetes node :param string node_id: Node id for node to be relabeled. :param dict node_labels: The dictionary representation of node labels that needs be re-applied to the node. :return: response """ route = 'v1.0/node-labels/{}'.format(node_id) self.logger.debug("promenade_client is calling %s API: body is %s" % (route, str(node_labels))) resp = self.session.put(route, data=node_labels) self._check_response(resp) return resp.json() def _check_response(self, resp): if resp.status_code == 401: raise errors.ClientUnauthorizedError( "Unauthorized access to %s, include valid token." % resp.url) elif resp.status_code == 403: raise errors.ClientForbiddenError( "Forbidden access to %s" % resp.url) elif not resp.ok: raise errors.ClientError( "Error - received %d: %s" % (resp.status_code, resp.text), code=resp.status_code)