xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2025-01-15 04:07:51 +00:00
Code Issues Projects Releases Wiki Activity

Clear armed API if current node token is used

Browse Source 
If a node is armed, but instead unseals the prior key from TPM,
implicitly clear the armed state to avoid leaving it armed.
This commit is contained in:
Jarrod Johnson 2021-06-28 13:30:09 -04:00
parent 9c43dbff47
commit 35b9635840
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
confluent_server/confluent/selfservice.py
View File

@ -56,7 +56,8 @@ def handle_request(env, start_response):
yield 'Unauthorized'
return
cfg = configmanager.ConfigManager(None)
eak = cfg.get_node_attributes(nodename, 'crypted.selfapikey').get(
ea = cfg.get_node_attributes(nodename, ['crypted.selfapikey', 'deployment.apiarmed'])
eak = ea.get(
nodename, {}).get('crypted.selfapikey', {}).get('hashvalue', None)
if not eak:
start_response('401 Unauthorized', [])
@ -67,6 +68,8 @@ def handle_request(env, start_response):
start_response('401 Unauthorized', [])
yield 'Unauthorized'
return
if ea.get(nodename, {}).get('deployment.apiarmed', {}).get('value', None) == 'once':
cfg.set_node_attributes({nodename: {'deployment.apiarmed': ''}})
retype = env.get('HTTP_ACCEPT', 'application/yaml')
isgeneric = False
if retype == '*/*':