Skip to content

Commit 3968715

Browse files
dtantsuropenstack-gerrit
authored andcommitted
Revert "Add token validation to GET command endpoints"
This reverts commit 6f86099. Reason for revert: the change has broken virtually everyone who has not updated Ironic before IPA. To make the matter worse, the attached release note is not descriptive and does not explain the upgrade impact. The reverted change should be reworked to allow a graceful period. Change-Id: I2a2a03dd8409af900b938494ceafd45a89e0c197
1 parent 6f86099 commit 3968715

3 files changed

Lines changed: 4 additions & 71 deletions

File tree

ironic_python_agent/api/app.py

Lines changed: 4 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -84,14 +84,6 @@ def format_exception(value):
8484

8585
class Application(object):
8686

87-
def require_agent_token(func):
88-
def wrapper(self, request, *args, **kwargs):
89-
token = request.args.get('agent_token', None)
90-
if not self.agent.validate_agent_token(token):
91-
raise http_exc.Unauthorized('Token invalid.')
92-
return func(self, request, *args, **kwargs)
93-
return wrapper
94-
9587
def __init__(self, agent, conf):
9688
"""Set up the API app.
9789
@@ -207,13 +199,11 @@ def api_status(self, request):
207199
status = self.agent.get_status()
208200
return jsonify(status)
209201

210-
@require_agent_token
211202
def api_list_commands(self, request):
212203
with metrics_utils.get_metrics_logger(__name__).timer('list_commands'):
213204
results = self.agent.list_command_results()
214205
return jsonify({'commands': results})
215206

216-
@require_agent_token
217207
def api_get_command(self, request, cmd):
218208
with metrics_utils.get_metrics_logger(__name__).timer('get_command'):
219209
result = self.agent.get_command_result(cmd)
@@ -224,13 +214,16 @@ def api_get_command(self, request, cmd):
224214

225215
return jsonify(result)
226216

227-
@require_agent_token
228217
def api_run_command(self, request):
229218
body = request.get_json(force=True)
230219
if ('name' not in body or 'params' not in body
231220
or not isinstance(body['params'], dict)):
232221
raise http_exc.BadRequest('Missing or invalid name or params')
233222

223+
token = request.args.get('agent_token', None)
224+
if not self.agent.validate_agent_token(token):
225+
raise http_exc.Unauthorized(
226+
'Token invalid.')
234227
with metrics_utils.get_metrics_logger(__name__).timer('run_command'):
235228
result = self.agent.execute_command(body['name'], **body['params'])
236229
wait = request.args.get('wait')

ironic_python_agent/tests/unit/test_api.py

Lines changed: 0 additions & 55 deletions
Original file line numberDiff line numberDiff line change
@@ -274,61 +274,6 @@ def test_get_command_result(self):
274274
data = response.json
275275
self.assertEqual(serialized_cmd_result, data)
276276

277-
def test_list_commands_with_token(self):
278-
agent_token = str('0123456789' * 10)
279-
cmd_result = base.SyncCommandResult('do_things',
280-
{'key': 'value'},
281-
True,
282-
{'test': 'result'})
283-
self.mock_agent.list_command_results.return_value = [cmd_result]
284-
self.mock_agent.validate_agent_token.return_value = True
285-
286-
response = self.get_json('/commands?agent_token=%s' % agent_token)
287-
288-
self.assertEqual(200, response.status_code)
289-
self.assertEqual(1, self.mock_agent.validate_agent_token.call_count)
290-
self.assertEqual(1, self.mock_agent.list_command_results.call_count)
291-
292-
def test_get_command_with_token(self):
293-
agent_token = str('0123456789' * 10)
294-
cmd_result = base.SyncCommandResult('do_things',
295-
{'key': 'value'},
296-
True,
297-
{'test': 'result'})
298-
self.mock_agent.get_command_result.return_value = cmd_result
299-
self.mock_agent.validate_agent_token.return_value = True
300-
301-
response = self.get_json(
302-
'/commands/abc123?agent_token=%s' % agent_token)
303-
304-
self.assertEqual(200, response.status_code)
305-
self.assertEqual(cmd_result.serialize(), response.json)
306-
self.assertEqual(1, self.mock_agent.validate_agent_token.call_count)
307-
self.assertEqual(1, self.mock_agent.get_command_result.call_count)
308-
309-
def test_list_commands_with_token_invalid(self):
310-
agent_token = str('0123456789' * 10)
311-
self.mock_agent.validate_agent_token.return_value = False
312-
313-
response = self.get_json('/commands?agent_token=%s' % agent_token,
314-
expect_errors=True)
315-
316-
self.assertEqual(401, response.status_code)
317-
self.assertEqual(1, self.mock_agent.validate_agent_token.call_count)
318-
self.assertEqual(0, self.mock_agent.list_command_results.call_count)
319-
320-
def test_get_command_with_token_invalid(self):
321-
agent_token = str('0123456789' * 10)
322-
self.mock_agent.validate_agent_token.return_value = False
323-
324-
response = self.get_json(
325-
'/commands/abc123?agent_token=%s' % agent_token,
326-
expect_errors=True)
327-
328-
self.assertEqual(401, response.status_code)
329-
self.assertEqual(1, self.mock_agent.validate_agent_token.call_count)
330-
self.assertEqual(0, self.mock_agent.get_command_result.call_count)
331-
332277
def test_execute_agent_command_with_token(self):
333278
agent_token = str('0123456789' * 10)
334279
command = {

releasenotes/notes/prevent-restart-in-rescue-state-1c5d2ecf174ece63.yaml

Lines changed: 0 additions & 5 deletions
This file was deleted.

0 commit comments

Comments
 (0)