refs #1943 have REST object support TLS
Natalia Serrano
parent
c39b2530f9
commit
16d24f3d96
|
|
@ -17,6 +17,12 @@ level=full
|
|||
# Log Level, if omitted, will be set to INFO
|
||||
log=DEBUG
|
||||
|
||||
# TLS
|
||||
ca=TODO
|
||||
crt=TODO
|
||||
key=TODO
|
||||
|
||||
|
||||
# Module specific
|
||||
# The sections must match the module name
|
||||
# This section will be passes on activation to module
|
||||
|
|
@ -28,3 +34,8 @@ log=DEBUG
|
|||
pathinterface=/opt/opengnsys/interfaceAdm
|
||||
urlMenu={}://{}/menu-browser
|
||||
urlMsg=http://localhost/cgi-bin/httpd-log.sh
|
||||
|
||||
# TLS
|
||||
ca=/opt/opengnsys/ca.crt
|
||||
crt=/opt/opengnsys/ogagent.crt
|
||||
key=/opt/opengnsys/ogagent.key
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ class REST(object):
|
|||
the deserialized JSON result or raises an exception in case of error
|
||||
"""
|
||||
|
||||
def __init__(self, url):
|
||||
def __init__(self, url, ca_file=None, crt_file=None, key_file=None):
|
||||
"""
|
||||
Initializes the REST helper
|
||||
url is the full url of the REST API Base, as for example "https://example.com/rest/v1".
|
||||
|
|
@ -105,6 +105,14 @@ class REST(object):
|
|||
except Exception:
|
||||
self.newerRequestLib = False # I no version, guess this must be an old requests
|
||||
|
||||
if not self.newerRequestLib:
|
||||
logger.debug ('TLS not available: python requests library is old')
|
||||
|
||||
self.use_tls = url.startswith ('https')
|
||||
if self.use_tls:
|
||||
if not ca_file or not crt_file or not key_file:
|
||||
raise Exception ('missing TLS parameters in REST constructor')
|
||||
|
||||
# Disable logging requests messages except for errors, ...
|
||||
logging.getLogger("requests").setLevel(logging.CRITICAL)
|
||||
# Tries to disable all warnings
|
||||
|
|
@ -135,14 +143,23 @@ class REST(object):
|
|||
logger.debug('Requesting using GET (no data provided) {}'.format(url))
|
||||
# Old requests version does not support verify, but it do not checks ssl certificate by default
|
||||
if self.newerRequestLib:
|
||||
r = requests.get(url, verify=VERIFY_CERT, timeout=TIMEOUT)
|
||||
if self.use_tls:
|
||||
logger.debug ('nati: using TLS for GET')
|
||||
## TODO enviar mi certificado y comprobar el de ogcore
|
||||
r = requests.get(url, verify=VERIFY_CERT, timeout=TIMEOUT)
|
||||
else:
|
||||
r = requests.get(url, verify=VERIFY_CERT, timeout=TIMEOUT)
|
||||
else:
|
||||
r = requests.get(url)
|
||||
else: # POST
|
||||
logger.debug('Requesting using POST {}, data: {}'.format(url, data))
|
||||
if self.newerRequestLib:
|
||||
r = requests.post(url, data=data, headers={'content-type': 'application/json'},
|
||||
verify=VERIFY_CERT, timeout=TIMEOUT)
|
||||
if self.use_tls:
|
||||
logger.debug ('nati: using TLS for POST')
|
||||
## TODO enviar mi certificado y comprobar el de ogcore
|
||||
r = requests.post(url, data=data, headers={'content-type': 'application/json'}, verify=VERIFY_CERT, timeout=TIMEOUT)
|
||||
else:
|
||||
r = requests.post(url, data=data, headers={'content-type': 'application/json'}, verify=VERIFY_CERT, timeout=TIMEOUT)
|
||||
else:
|
||||
r = requests.post(url, data=data, headers={'content-type': 'application/json'})
|
||||
|
||||
|
|
|
|||
|
|
@ -130,11 +130,14 @@ class OpenGnSysWorker(ServerWorker):
|
|||
self.random = ''.join(random.choice(string.ascii_lowercase + string.digits) for _ in range(self.length))
|
||||
# Ensure cfg has required configuration variables or an exception will be thrown
|
||||
try:
|
||||
url = self.service.config.get(self.name, 'remote')
|
||||
url = self.service.config.get(self.name, 'remote')
|
||||
ca_file = self.service.config.get(self.name, 'ca')
|
||||
crt_file = self.service.config.get(self.name, 'crt')
|
||||
key_file = self.service.config.get(self.name, 'key')
|
||||
except NoOptionError as e:
|
||||
logger.error("Configuration error: {}".format(e))
|
||||
raise e
|
||||
self.REST = REST(url)
|
||||
self.REST = REST (url, ca_file=ca_file, crt_file=crt_file, key_file=key_file)
|
||||
# Execution level ('full' by default)
|
||||
try:
|
||||
self.exec_level = self.service.config.get(self.name, 'level')
|
||||
|
|
@ -174,7 +177,7 @@ class OpenGnSysWorker(ServerWorker):
|
|||
logger.warn (str (e))
|
||||
# Trying to initialize on alternative server, if defined
|
||||
# (used in "exam mode" from the University of Seville)
|
||||
self.REST = REST(self.service.config.get(self.name, 'altremote'))
|
||||
self.REST = REST(self.service.config.get(self.name, 'altremote'), ca_file=ca_file, crt_file=crt_file, key_file=key_file)
|
||||
self.REST.sendMessage('ogagent/started', {'mac': self.interface.mac, 'ip': self.interface.ip,
|
||||
'secret': self.random, 'ostype': operations.os_type,
|
||||
'osversion': operations.os_version, 'alt_url': True,
|
||||
|
|
|
|||
|
|
@ -449,13 +449,16 @@ class ogLiveWorker(ServerWorker):
|
|||
self.urlMenu = self.service.config.get (self.name, 'urlMenu')
|
||||
self.urlMsg = self.service.config.get (self.name, 'urlMsg')
|
||||
|
||||
ca_file = self.service.config.get (self.name, 'ca')
|
||||
crt_file = self.service.config.get (self.name, 'crt')
|
||||
key_file = self.service.config.get (self.name, 'key')
|
||||
url = url.format (ogcore_scheme, ogcore_ip_port)
|
||||
self.urlMenu = self.urlMenu.format (urlmenu_scheme, urlmenu_ip_port)
|
||||
except NoOptionError as e:
|
||||
logger.error ("Configuration error: {}".format (e))
|
||||
raise e
|
||||
logger.setLevel (loglevel)
|
||||
self.REST = REST (url)
|
||||
self.REST = REST (url, ca_file=ca_file, crt_file=crt_file, key_file=key_file)
|
||||
|
||||
if not self.tomaIPlocal():
|
||||
raise Exception ('Se han generado errores. No se puede continuar la ejecución de este módulo')
|
||||
|
|
|
|||
Loading…
Reference in New Issue