-
Notifications
You must be signed in to change notification settings - Fork 25
/
session.py
375 lines (320 loc) · 13.4 KB
/
session.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
# -*- coding: utf-8 -*-
"""
almdrlib.session
~~~~~~~~~~~~~~~~
almdrlib authentication/authorization
"""
import logging
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.retry import Retry
import re
from almdrlib.config import Config
from almdrlib.region import Region
from almdrlib.client import Client
import alsdkdefs
from functools import lru_cache
logger = logging.getLogger(__name__)
class AuthenticationException(Exception):
def __init__(self, message):
super(AuthenticationException, self).__init__(
f"authentication error: {message}")
class Session():
"""
Authenticates against Alert Logic AIMS service and
stores session information (token and account id).
Additionally objects of this class can be used as auth modules
for the requests lib, more info:
http://docs.python-requests.org/en/master/user/authentication/#new-forms-of-authentication
"""
_access_key_id = None
_secret_key = None
def __init__(
self, access_key_id=None, secret_key=None, aims_token=None,
account_id=None, profile=None, global_endpoint=None,
residency="default", raise_for_status=True):
"""
:param region: a Region object
:param access_key_id: your Alert Logic ActiveWatchaccess_key_id
or username
:param secret_key: your Alert Logic ActiveWatchsecret_key or password
:param aims_token: aims_token to be used for authentication.
If aims_token is specified,
access_key_id and secret_key paramters are ignored
:param account_id: Alert Logic Account ID to initialize a session for.
Unless account_id is provided explicitly
during service connection initialization,
this account id is used.
If this parameter isn't specified,
the account id of the access_key_id is used.
:param: profile: name of the profile section of the configuration file
:param: global_endpoint: Name of the global endpoint.
'production', 'integration', or 'map' are
the only valid values
:param residency: Data residency name to perform
data residency dependend actions.
Currently, 'default', 'us' and 'emea'
are the only valid entries
:param raise_for_status: Raise an exception for failed http requests
instead of returning response object
"""
# Setup session object
self._session = requests.Session()
retries = Retry(
total=5,
backoff_factor=1,
status_forcelist=[429, 500, 502, 503, 504],
method_whitelist=[
"HEAD", "GET", "POST", "PUT", "DELETE", "OPTIONS", "TRACE"]
)
self._session.mount('https://', HTTPAdapter(max_retries=retries))
# Initialize session's state
self._token = None
self._defaults = None
self._init_session(
access_key_id=access_key_id,
secret_key=secret_key,
aims_token=aims_token,
account_id=account_id,
profile=profile,
global_endpoint=global_endpoint,
residency=residency,
raise_for_status=raise_for_status)
def _init_session(self, *args, **kwargs):
""" Initialize session object based on the kwargs provided """
if not len(kwargs):
return
access_key_id = kwargs.get('access_key_id')
secret_key = kwargs.get('secret_key')
account_id = kwargs.get('account_id')
profile = kwargs.get('profile')
global_endpoint = kwargs.get('global_endpoint')
residency = kwargs.get('residency', 'default')
aims_token = kwargs.get('aims_token')
self._config = Config(
access_key_id=access_key_id,
secret_key=secret_key,
account_id=account_id,
profile=profile,
global_endpoint=global_endpoint,
residency=residency
)
self._account_id = self._config.account_id
self._residency = self._config.residency
self._global_endpoint = self._config.global_endpoint
self._endpoint_map = self._config.endpoint_map
self._global_endpoint_url = Region.get_global_endpoint(self._global_endpoint)
self._raise_for_status = kwargs.get('raise_for_status')
if aims_token:
self._token = aims_token
else:
self._access_key_id, self._secret_key = self._config.get_auth()
logger.debug(
"Initialized session. "
f"access_key_id={self._access_key_id}, "
f"account_id={self._account_id}, "
f"profile={profile}, "
f"global_endpoint={self._global_endpoint}, "
f"residency={self._residency}"
)
def _authenticate(self):
"""
Authenticates against Access and Identity Management Service (AIMS)
more info:
https://console.cloudinsight.alertlogic.com/api/aims/#api-AIMS_Authentication_and_Authorization_Resources-Authenticate
"""
if not self._token:
if self._access_key_id == "skip" and self._secret_key == "skip":
logger.info(
f"Skipping authentication."
)
self._token = ""
self._account_id = ""
self._account_name = ""
self._user_id = ""
return
logger.info(
f"Authenticating '{self._access_key_id}' " +
f"user against '{self._global_endpoint_url}' endpoint."
)
try:
self._session.auth = (self._access_key_id, self._secret_key)
response = self._session.post(
f"{self._global_endpoint_url}/aims/v1/authenticate")
response.raise_for_status()
auth_info = response.json()
account_info = auth_info["authentication"]["account"]
self._token = auth_info["authentication"]["token"]
self._user_id = auth_info["authentication"]["user"]["id"]
logger.info(f'Authenticated user {auth_info["authentication"]["user"]["id"]}')
except requests.exceptions.HTTPError as e:
raise AuthenticationException(f"invalid http response {e}")
except (KeyError, TypeError, ValueError):
raise AuthenticationException("token not found in response")
else:
logger.info("Authenticating using aims token " +
f"against '{self._global_endpoint_url}' endpoint.")
try:
response = self._session.get(
f"{self._global_endpoint_url}/aims/v1/token_info",
headers={'x-aims-auth-token': self._token})
response.raise_for_status()
account_info = response.json()["account"]
except requests.exceptions.HTTPError:
self._token = None
return self._authenticate()
except (KeyError, TypeError, ValueError):
raise AuthenticationException(
"account information not found in response")
if self._account_id is None:
try:
self._account_id = account_info["id"]
self._account_name = account_info["name"]
except (KeyError, TypeError, ValueError):
raise AuthenticationException(
"account information not found in response")
def __call__(self, r):
"""
requests lib auth module callback
"""
r.headers["x-aims-auth-token"] = self.token
return r
def client(self, service_name, version=None, *args, **kwargs):
"""
Create Service's client class
"""
self._init_session(**kwargs)
# Create Service's module
module_name = service_name.capitalize()
class_name = "Client"
#
# Init function for the dynamically created class,
# which is derived from almdrlib.client.Client
#
def __init__(self,
name,
session=self,
version=None,
*args,
**kwargs):
super(self.__class__, self).__init__(name=name,
session=session,
version=version)
ServiceClient = type(class_name,
(Client,),
{
'__init__': __init__,
'__module__': module_name
})
_client = ServiceClient(service_name, session=self, version=version)
logger.debug(
"Created " +
f"{_client.__class__.__module__}.{_client.__class__.__name__}" +
" class instance")
return _client
@lru_cache(maxsize=128)
def get_url(self, service_name, account_id=None):
"""
Lookup account-specific URL prefix for a service
The host portion of each service URL can vary, based on the account_id of the
request. This function looks up the correct URL, via a static map or (usually)
the endpoints service. The result is cached.
The URL consists of the protocol and hostname, for example
https://api.cloudinsight.alertlogic.com
"""
if self._global_endpoint == "map":
return self.get_mapped_url(service_name, account_id)
elif re.match(r'^(http|https)://.*$', self._global_endpoint):
return self._global_endpoint
try:
response = self.request(
'get',
Region.get_endpoint_url(self._global_endpoint_url,
service_name,
account_id or self.account_id,
self.residency),
)
response.raise_for_status()
except requests.exceptions.HTTPError as e:
raise AuthenticationException(
f"invalid http response from endpoints service {e}"
)
return "https://{}".format(response.json()[service_name])
def get_mapped_url(self, service_name, account_id):
map = self._endpoint_map
return map[service_name]
def request(
self,
method,
url,
params={},
headers={},
cookies={},
**kwargs):
# it's too easy to include the AIMS token when pasting debug logs, so redact it in
# the logging statement.
headers.update({'x-aims-auth-token': "REDACTED"})
logger.debug(f"Calling '{method}' method. " +
f"URL: '{url}'. " +
f"Params: '{params}' " +
f"Headers: '{headers}' " +
f"Cookies: '{cookies}' " +
f"Args: '{kwargs}'")
headers.update({'x-aims-auth-token': self.token})
response = self._session.request(
method, url,
params=params,
headers=headers,
cookies=cookies,
**kwargs)
if self._raise_for_status:
response.raise_for_status()
logger.debug(f"'{method}' method for URL: '{url}' returned "
f"'{response.status_code}' status code "
f"in '{response.elapsed.total_seconds()}' seconds")
return response
def get_default(self, name):
if name == 'account_id':
return self.account_id
return None
def validate_server(self, spec):
if 'x-alertlogic-global-endpoint' not in spec:
return True
return self._global_endpoint == spec['x-alertlogic-global-endpoint']
@staticmethod
def list_services():
return alsdkdefs.list_services()
@staticmethod
def get_service_api(service_name, version=None):
client = Client(service_name, version=version)
model = {'info': client.info}
operations = {}
for op_name, operation in client.operations.items():
operations[op_name] = operation.get_schema()
model.update({'operations': dict(sorted(operations.items()))})
return model
@property
def account_id(self):
if self._account_id is None:
self._authenticate()
return self._account_id
@property
def residency(self):
return self._residency
@property
def account_name(self):
return self._account_name
@property
def global_endpoint(self):
return self._global_endpoint
@property
def global_endpoint_url(self):
return self._global_endpoint_url
@property
def token(self):
if self._token is None:
self._authenticate()
return self._token
@property
def user_id(self):
return self._user_id