From 4c8c68efb380f2488e6fdda41b1d8ef378c044e5 Mon Sep 17 00:00:00 2001 From: Mark Gurevich Date: Wed, 18 Apr 2018 14:45:01 -0400 Subject: [PATCH] Changes after review --- .../restapi/restapi_usage/restapi_usage.rst | 6 +- .../admin-guides/references/man5/site.5.rst | 2 +- .../admin-guides/references/man5/token.5.rst | 14 +- perl-xCAT/xCAT/Schema.pm | 6 +- perl-xCAT/xCAT/Utils.pm | 36 +++ xCAT-server/lib/perl/xCAT/xcatd.pm | 72 +++--- xCAT-server/sbin/xcatd | 7 +- .../autotest/testcase/restapi/node/case0 | 242 ------------------ 8 files changed, 94 insertions(+), 291 deletions(-) delete mode 100644 xCAT-test/autotest/testcase/restapi/node/case0 diff --git a/docs/source/advanced/restapi/restapi_usage/restapi_usage.rst b/docs/source/advanced/restapi/restapi_usage/restapi_usage.rst index 89729c2d2..53490eb13 100644 --- a/docs/source/advanced/restapi/restapi_usage/restapi_usage.rst +++ b/docs/source/advanced/restapi/restapi_usage/restapi_usage.rst @@ -58,13 +58,13 @@ Then in the subsequent REST API access, the token can be used to replace the use curl -X GET -k -H X-Auth-Token:5cabd675-bc2e-4318-b1d6-831fd1f32f97 'https:///xcatws/? -The default validity of a token is 1 day. This default can be changed by the setting of `expiretokendays` attribute in `site` table. :: +The default validity of a token is 1 day. This default can be changed by the setting of `tokenexpiredays` attribute in `site` table. :: - chdef -t site clustersite expiretokendays= + chdef -t site clustersite tokenexpiredays= To make tokens valid forever use "never". :: - chdef -t site clustersite expiretokendays=never + chdef -t site clustersite tokenexpiredays=never If an old token has expired, you will get a 'Authentication failure' error. You will need to reacquire a token for your account. diff --git a/docs/source/guides/admin-guides/references/man5/site.5.rst b/docs/source/guides/admin-guides/references/man5/site.5.rst index f9bc5383a..ed5180374 100644 --- a/docs/source/guides/admin-guides/references/man5/site.5.rst +++ b/docs/source/guides/admin-guides/references/man5/site.5.rst @@ -429,7 +429,7 @@ site Attributes: -------------------- XCAT DAEMON ATTRIBUTES -------------------- - expiretokendays: Number of days before REST API token will expire. The default is 1. + tokenexpiredays: Number of days before REST API token will expire. The default is 1. use 'never' if you want your token to never expire. useflowcontrol: (yes/1 or no/0). If yes, the postscript processing on each node contacts xcatd on the MN/SN using a lightweight UDP packet to wait diff --git a/docs/source/guides/admin-guides/references/man5/token.5.rst b/docs/source/guides/admin-guides/references/man5/token.5.rst index e91287888..5089aa16b 100644 --- a/docs/source/guides/admin-guides/references/man5/token.5.rst +++ b/docs/source/guides/admin-guides/references/man5/token.5.rst @@ -19,7 +19,7 @@ SYNOPSIS ******** -\ **token Attributes:**\ \ *tokenid*\ , \ *username*\ , \ *created*\ , \ *access*\ , \ *expire*\ , \ *comments*\ , \ *disable*\ +\ **token Attributes:**\ \ *tokenid*\ , \ *username*\ , \ *expire*\ , \ *created*\ , \ *access*\ , \ *comments*\ , \ *disable*\ *********** @@ -48,6 +48,12 @@ token Attributes: +\ **expire**\ + + The expire time for this token. + + + \ **created**\ Creation time for this token. @@ -60,12 +66,6 @@ token Attributes: -\ **expire**\ - - The expire time for this token. - - - \ **comments**\ Any user-provided notes. diff --git a/perl-xCAT/xCAT/Schema.pm b/perl-xCAT/xCAT/Schema.pm index c475a6c02..e16dba65b 100755 --- a/perl-xCAT/xCAT/Schema.pm +++ b/perl-xCAT/xCAT/Schema.pm @@ -1285,7 +1285,7 @@ passed as argument rather than by table value', " --------------------\n" . "XCAT DAEMON ATTRIBUTES\n" . " --------------------\n" . -" expiretokendays: Number of days before REST API token will expire. The default is 1.\n" . +" tokenexpiredays: Number of days before REST API token will expire. The default is 1.\n" . " use 'never' if you want your token to never expire.\n" . " useflowcontrol: (yes/1 or no/0). If yes, the postscript processing on each node\n" . " contacts xcatd on the MN/SN using a lightweight UDP packet to wait\n" . @@ -1804,15 +1804,15 @@ zvmivp => { }, }, token => { - cols => [qw(tokenid username created access expire comments disable)], + cols => [qw(tokenid username expire created access comments disable)], keys => [qw(tokenid)], table_desc => 'The token of users for authentication.', descriptions => { tokenid => 'It is a UUID as an unified identify for the user.', username => 'The user name.', + expire => 'The expire time for this token.', created => 'Creation time for this token.', access => 'Last access time for this token.', - expire => 'The expire time for this token.', comments => 'Any user-provided notes.', disable => "Set to 'yes' or '1' to comment out this row.", }, diff --git a/perl-xCAT/xCAT/Utils.pm b/perl-xCAT/xCAT/Utils.pm index cc03a05b5..4130b3397 100644 --- a/perl-xCAT/xCAT/Utils.pm +++ b/perl-xCAT/xCAT/Utils.pm @@ -3894,6 +3894,42 @@ sub gettimezone #-------------------------------------------------------------------------------- +=head3 time2string + Return passed in time (in DateTime format) as a string in YYYY/MM/DD HH:MM:SS format + Arguments: + Unix DateTime as returned by time() for example + Optional Separator character for date, default is "/" + Returns: + String in YYYY/MM/DD HH:MM:SS format + Globals: + none + Error: + None + Example: + my $time_string = xCAT::Utils->time2string($time,"-"); + Comments: + none +=cut + +#-------------------------------------------------------------------------------- +sub time2string +{ + my $unixtime = shift; + my $date_separator; + if ($unixtime =~ /xCAT::Utils/) + { + $unixtime = shift; + $date_separator = shift // "/"; # Optional date separator, if not specified, default to "/" + } + my $time_separator = ":"; + + my ($sec, $min, $hour, $mday, $mon, $year) = localtime($unixtime); + $year += 1900; + $mon += 1; + return $year . $date_separator . $mon . $date_separator . $mday . " " . $hour . $time_separator . $min . $time_separator . $sec; +} +#-------------------------------------------------------------------------------- + =head3 specialservicemgr some special services cannot be processed in sysVinit, upstart and systemd framework, should be process here... Arguments: diff --git a/xCAT-server/lib/perl/xCAT/xcatd.pm b/xCAT-server/lib/perl/xCAT/xcatd.pm index 7e4c97c3f..e36e690e1 100644 --- a/xCAT-server/lib/perl/xCAT/xcatd.pm +++ b/xCAT-server/lib/perl/xCAT/xcatd.pm @@ -14,6 +14,7 @@ use xCAT::MsgUtils; use Data::Dumper; use xCAT::NodeRange; use xCAT::Utils; +use Scalar::Util qw/looks_like_number/; #-------------------------------------------------------------------------------- @@ -353,13 +354,14 @@ sub validate { return 0; } -#MG my $one_day = 86400; # one day in seconds my $days = 1; # default days for token expiration my $never_label = "never"; # this subroutine creates a new token in token table -# 1. clean up the expired token +# 1. If old style unix DateTime format token found in the token table +# if expired -> remove it +# if not expired -> replace unix DateTime expiration with new human readable format # 2. create a new token and add it to token table # # this subroutine is called after the account has been authorized @@ -374,21 +376,29 @@ sub gettoken { return undef; } my $tokens = $tokentb->getAllEntries; + + # Search for "old" style tokens containing unix DateTime format expiration date foreach my $token (@{$tokens}) { - # Clean the expired tokens - if (($token->{'expire'} ne $never_label) and (str2time($token->{'expire'}) < $current_time)) { - $tokentb->delEntries({ 'tokenid' => $token->{tokenid} }); + if ($token->{'expire'} and looks_like_number($token->{'expire'})) { + # Expiration field contains only digits -> this is a old style token with unix DateTime format + + if ($token->{'expire'} and ($token->{'expire'} < $current_time)) { + # Clean expired token with old unix DateTime format + $tokentb->delEntries({ tokenid => $token->{tokenid} }); + } else { + # Change non-expired old style token to new human readable format + $tokentb->setAttribs({ tokenid => $token->{tokenid}, username => $token->{'username'} }, {expire => xCAT::Utils->time2string($token->{'expire'}, "-")}); + } } } # create a new token id my $uuid = xCAT::Utils->genUUID(); # extract site table setting for number of days before token expires - my @entries = xCAT::TableUtils->get_site_attribute("expiretokendays"); - my $token_days = $entries[0]; + my $token_days = xCAT::TableUtils->get_site_attribute("tokenexpiredays"); my $expiretime = $current_time + $one_day; # default is one day - my $expire_time_string = timeToString($expiretime); + my $expire_time_string = xCAT::Utils->time2string($expiretime, "-"); if ($token_days and (uc($token_days) eq uc($never_label))) { # Tokens never expire $expiretime = $never_label; @@ -398,9 +408,9 @@ sub gettoken { # Use number of days from site table $days = $token_days; $expiretime = $current_time + $one_day * $days; - $expire_time_string = timeToString($expiretime); + $expire_time_string = xCAT::Utils->time2string($expiretime, "-"); } - my $access_time_string = timeToString($current_time); + my $access_time_string = xCAT::Utils->time2string($current_time, "-"); # create a new token and set its expiration and creation time $tokentb->setAttribs({ tokenid => $uuid, username => $user }, { expire => $expire_time_string, created => $access_time_string }); @@ -422,30 +432,32 @@ sub verifytoken { } my $token = $tokentb->getAttribs({ 'tokenid' => $tokenid }, ('username', 'expire')); if (defined($token) && defined($token->{'username'}) && defined($token->{'expire'})) { - # Clean the expired token and return - if (($token->{'expire'} ne $never_label) and (str2time($token->{'expire'}) < $current_time)) { - xCAT::MsgUtils->message("S", "MG (verify) Removing expired token " . $token->{tokenid}); - $tokentb->delEntries({ 'tokenid' => $token->{tokenid} }); - return undef; + + if ($token->{'expire'} and looks_like_number($token->{'expire'})) { + # Expiration field contains only digits -> this is a old style token with unix DateTime format + if ($token->{'expire'} and $token->{'expire'} < $current_time) { + # Clean expired token with old unix DateTime format + $tokentb->delEntries({ 'tokenid' => $token->{tokenid} }); + return undef; + } else { + # Change non-expired old style token to new human readable format + $tokentb->setAttribs({ tokenid => $tokenid, username => $token->{'username'} }, + {access => xCAT::Utils->time2string($current_time, "-"), + expire => xCAT::Utils->time2string($token->{'expire'}, "-")}); + return $token->{'username'}; + } } else { - # Store current access time - $tokentb->setAttribs({ tokenid => $tokenid, username => $token->{'username'} }, {access => timeToString($current_time)}); - return $token->{'username'}; + if ($token->{'expire'} and ($token->{'expire'} ne "never") and str2time($token->{'expire'}) < $current_time) { + # Expired new style token + return undef; + } else { + # Not expired new style token - update current access time + $tokentb->setAttribs({ tokenid => $tokenid, username => $token->{'username'} }, {access => xCAT::Utils->time2string($current_time, "-")}); + return $token->{'username'}; + } } } else { # Token entry was not found return undef; } -} - -# Return passed in time as a string in YYYY/MM/DD HH:MM:SS format -sub timeToString() { - my $unixtime = shift; - - my ($sec, $min, $hour, $mday, $mon, $year) = localtime($unixtime); - $year += 1900; - $mon += 1; - return "$year/$mon/$mday $hour:$min:$sec"; -} - 1; diff --git a/xCAT-server/sbin/xcatd b/xCAT-server/sbin/xcatd index 859192801..16c896718 100755 --- a/xCAT-server/sbin/xcatd +++ b/xCAT-server/sbin/xcatd @@ -2832,11 +2832,8 @@ sub service_connection { # If token expiration time was set to "never", return that to the user. $htime = $exptime; } else { - # Token expiration is a datetime, convert to readable string - my ($sec, $min, $hour, $mday, $mon, $year) = localtime($exptime); - $year += 1900; - $mon += 1; - $htime = "$year-$mon-$mday $hour:$min:$sec"; + # Token expiration is a unix DateTime, convert to readable string + $htime = xCAT::Utils->time2string($exptime, "-"); } $resp = { data => [ { token => [ { id => $tokenid, expire => $htime } ] } ] }; } else { diff --git a/xCAT-test/autotest/testcase/restapi/node/case0 b/xCAT-test/autotest/testcase/restapi/node/case0 deleted file mode 100644 index a1308afe4..000000000 --- a/xCAT-test/autotest/testcase/restapi/node/case0 +++ /dev/null @@ -1,242 +0,0 @@ -start:node_post -description: node_post -cmd:restapitest -m POST -r /nodes/node1 -d '{"groups":"all","mgt":"dfm","netboot":"yaboot"}' -check:rc==201 -end - -start:node_post2 -description: node_post2 -cmd:restapitest -m POST -r /nodes/node1 -d '{"groups":"all","mgt":"dfm","netboot":"yaboot"}' -check:rc==403 -cmdcheck:restapitest -o '{"errorcode":"1"}' -O == -end - - -start:node_put -description: node_put -cmd:restapitest -m PUT -r /nodes/node1 -d '{"mgt":"hmc","netboot":"xnba"}' -check:rc==200 -end - - - -start:nodes_get -description: nodes_get -cmd:restapitest -m GET -r /nodes -check:rc==200 -cmdcheck:restapitest -o '["node1"]' -O == -end - -start:node_get -description: node_get -cmd:restapitest -m GET -r /nodes/node1 -check:rc==200 -cmdcheck:restapitest -o '{"node1":{"netboot":"xnba"}}' -O == -end - -start:node_delete -description: node_delete -cmd:restapitest -m DELETE -r /nodes/node1 -check:rc==200 -end - -start:nodes_get2 -description: nodes_get2 -cmd:restapitest -m GET -r /nodes -check:rc==200 -cmdcheck:restapitest -o '["node1"]' -O != -end - -start:node_get2 -description: node_get2 -cmd:restapitest -m GET -r /nodes/node1 -check:rc==403 -cmdcheck:restapitest -o '{"errorcode":"1"}' -O == -end - -start:node_post3_for_get_test -description: node_post3_for_get_test -cmd:restapitest -m POST -r /nodes/node1 -d '{"groups":"all","mgt":"dfm","netboot":"yaboot"}' -check:rc==201 -end - -start:node_attr_get -description: node_get2 -cmd:restapitest -m GET -r /nodes/node1/attrs/mgt,groups,netboot -check:rc==200 -cmdcheck:restapitest -o '{"node1":{"netboot":"yaboot"}}' -O == -end - -start:node_makehosts -description: node_makehosts -cmd:restapitest -m POST -r /nodes/node1/host -check:rc==201 -end - -start:node_makedns -description: node_makehosts -cmd:restapitest -m POST -r /nodes/node1/dns -check:rc==201 -end - - -start:node_delete_dns -description: node_delete_dns -cmd:restapitest -m DELETE -r /nodes/node1/dns -check:rc==200 -end - -start:node_put -description: node_put -cmd:restapitest -m PUT -r /nodes/node1 -d '{"mac":"00:1a:64:54:14:80"}' -check:rc==200 -end - -start:node_makedhcp -description: node_makedhcp -cmd:restapitest -m POST -r /nodes/node1/dhcp -check:rc==201 -end - -start:node_delete_dhcp -description: node_delete_dhcp -cmd:restapitest -m DELETE -r /nodes/node1/dhcp -check:rc==200 -end - -start:node_state -description: node_state -cmd:restapitest -m GET -r /nodes/node1/nodestat -check:rc==200 -cmdcheck:restapitest -o '{"node1":{"nodestat":"ANY"}}' -O == -end - - -#start:node_post4_for_scan_test -#description: node_post4_for_scan_test -#cmd:restapitest -m POST -r /nodes/e108m6hmc02 -d '{"groups":"all,hmc","mgt":"hmc","hwtype":"hmc","mtm":"7042CR4","serial":"1050FBB","nodetype":"ppc"}' -#check:rc==201 -#end - -start:node_scan -description: node_scan -cmd:restapitest -m GET -r /nodes/__GETNODEATTR($$CN,hcp)__ -check:rc==200 -cmdcheck:restapitest -o '{"__GETNODEATTR($$CN,hcp)__":"ANY"}' -O == -end - - -start:node_power_get -description: node_power_get -cmd:restapitest -m GET -r /nodes/$$CN/power -check:rc==200 -cmdcheck:restapitest -o '{"$$CN":{"power":"ANY"}}' -O == -end - -start:node_power_put -description: node_power_reset -cmd:restapitest -m PUT -r /nodes/$$CN/power -d '{"action":"reset"}' -check:rc==200 -end - -#start:node_energy_put -#description: node_energy_put -#cmd:restapitest -m PUT -r /nodes/Vc68m5sn01/energy -d '{"cappingstatus":"on"}' -#check:rc==200 -#end - -#start:node_energy_get -#description: node_energy_get -#cmd:restapitest -m GET -r /nodes/Vc68m5sn01/energy -#check:rc==200 -#cmdcheck:restapitest -o '{"Vc68m5sn01":{"cappingmin":"on"}}' -O == -#end - -#start:node_energy_get_attr -#description: node_energy_get_attr -#cmd:restapitest -m GET -r /nodes/Vc68m5sn01/energy/cappingmaxmin,cappingstatus -#check:rc==200 -#cmdcheck:restapitest -o '{"Vc68m5sn01":{"cappingmin":"ANY"}}' -O == -#end - -#start:node_get_attr -#description: node_get_attr -#cmd:restapitest -m GET -r /nodes/Vc68m5sn01/sp/community -#check:rc==200 -#cmdcheck:restapitest -o '{"Vc68m5sn01":{"SP SNMP Community":"public"}}' -O == -#end - -#start:node_put_attr -#description: node_put_attr -#cmd:restapitest -m PUT -r /nodes/Vc68m5sn01/sp/community -d '{"value":"mycommunity"}'' -#check:rc==200 -#end - -#start:node_put_nextboot -#description: node_put_nextboot -#cmd:restapitest -m PUT -r /nodes/$$CN/nextboot -d '{"order":"net"}' -#check:rc==201 -#end - -#start:node_get_nextboot -#description: node_get_nextboot -#cmd:restapitest -m GET -r /nodes/Vc68m5sn01/nextboot -#check:rc==200 -#cmdcheck:restapitest -o '{"Vc68m5sn01":{"nextboot":"net"}}' -O == -#end - -start:node_put_bootstate -description: node_put_bootstate -cmd:restapitest -m PUT -r /nodes/Vc68m5sn01/bootstate -d '{"osimage":"rhels6.4-x86_64-install-compute"}' -check:rc==201 -end - -start:node_get_bootstate -description: node_get_bootstate -cmd:restapitest -m GET -r /nodes/$$CN/bootstate -check:rc==200 -cmdcheck:restapitest -o '{"$$CN":{"bootstat":"ANY"}}' -O == -end - -start:node_get_vitals -description: node_get_vitals -cmd:restapitest -m GET -r /nodes/Vc68m5sn01/vitals -check:rc==200 -cmdcheck:restapitest -o '{"Vc68m5sn01":{"SysBrd Fault":"0"}}' -O == -end - -start:node_get_vitals_attr -description: node_get_vitals_attr -cmd:restapitest -m GET -r /nodes/$$CN/vitals/all -check:rc==200 -cmdcheck:restapitest -o '{"$$CN":{"System Temperature":"ANY"}}' -O == -end - -start:node_get_inventory -description: node_get_inventory -cmd:restapitest -m GET -r /nodes/Vc68m5sn01/inventory -check:rc==200 -cmdcheck:restapitest -o '{"Vc68m5sn01":{"Power Supply 2 Board FRU Number":"94Y8105"}}' -O == -end - -start:node_get_inventory_attr -description: node_get_inventory_attr -cmd:restapitest -m GET -r /nodes/Vc68m5sn01/inventory/model -check:rc==200 -cmdcheck:restapitest -o '{"Vc68m5sn01":{"System Description":"System x3650 M4"}}' -O == -end - -#start:node_get_eventlog -#description: node_get_eventlog -#cmd:restapitest -m GET -r /nodes/Vc68m5sn01/eventlog -#check:rc==200 -#cmdcheck:restapitest -o '{"Vc68m5sn01":{"eventlog":"ANY"}}' -O == -#end - -start:node_post_nodecopy -description: node_post_nodecopy -cmd:restapitest -m POST -r /nodes/$$CN/nodecopy -d '{"src":["/etc/hosts","/etc/resolv.conf"],"target":"/tmp"}' -check:rc==201 -end - -