mirror of
https://github.com/xcat2/xcat-core.git
synced 2025-05-22 11:42:05 +00:00
Changes after review
This commit is contained in:
Mark Gurevich
parent
36b0b69cf4
commit
4c8c68efb3
@ -58,13 +58,13 @@ Then in the subsequent REST API access, the token can be used to replace the use
|
||||
|
||||
curl -X GET -k -H X-Auth-Token:5cabd675-bc2e-4318-b1d6-831fd1f32f97 'https://<FQDN of xCAT MN>/xcatws/<resource>?<parameters>
|
||||
|
||||
The default validity of a token is 1 day. This default can be changed by the setting of `expiretokendays` attribute in `site` table. ::
|
||||
The default validity of a token is 1 day. This default can be changed by the setting of `tokenexpiredays` attribute in `site` table. ::
|
||||
|
||||
chdef -t site clustersite expiretokendays=<days>
|
||||
chdef -t site clustersite tokenexpiredays=<days>
|
||||
|
||||
To make tokens valid forever use "never". ::
|
||||
|
||||
chdef -t site clustersite expiretokendays=never
|
||||
chdef -t site clustersite tokenexpiredays=never
|
||||
|
||||
If an old token has expired, you will get a 'Authentication failure' error. You will need to reacquire a token for your account.
|
||||
|
||||
|
||||
@ -429,7 +429,7 @@ site Attributes:
|
||||
--------------------
|
||||
XCAT DAEMON ATTRIBUTES
|
||||
--------------------
|
||||
expiretokendays: Number of days before REST API token will expire. The default is 1.
|
||||
tokenexpiredays: Number of days before REST API token will expire. The default is 1.
|
||||
use 'never' if you want your token to never expire.
|
||||
useflowcontrol: (yes/1 or no/0). If yes, the postscript processing on each node
|
||||
contacts xcatd on the MN/SN using a lightweight UDP packet to wait
|
||||
|
||||
@ -19,7 +19,7 @@ SYNOPSIS
|
||||
********
|
||||
|
||||
|
||||
\ **token Attributes:**\ \ *tokenid*\ , \ *username*\ , \ *created*\ , \ *access*\ , \ *expire*\ , \ *comments*\ , \ *disable*\
|
||||
\ **token Attributes:**\ \ *tokenid*\ , \ *username*\ , \ *expire*\ , \ *created*\ , \ *access*\ , \ *comments*\ , \ *disable*\
|
||||
|
||||
|
||||
***********
|
||||
@ -48,6 +48,12 @@ token Attributes:
|
||||
|
||||
|
||||
|
||||
\ **expire**\
|
||||
|
||||
The expire time for this token.
|
||||
|
||||
|
||||
|
||||
\ **created**\
|
||||
|
||||
Creation time for this token.
|
||||
@ -60,12 +66,6 @@ token Attributes:
|
||||
|
||||
|
||||
|
||||
\ **expire**\
|
||||
|
||||
The expire time for this token.
|
||||
|
||||
|
||||
|
||||
\ **comments**\
|
||||
|
||||
Any user-provided notes.
|
||||
|
||||
@ -1285,7 +1285,7 @@ passed as argument rather than by table value',
|
||||
" --------------------\n" .
|
||||
"XCAT DAEMON ATTRIBUTES\n" .
|
||||
" --------------------\n" .
|
||||
" expiretokendays: Number of days before REST API token will expire. The default is 1.\n" .
|
||||
" tokenexpiredays: Number of days before REST API token will expire. The default is 1.\n" .
|
||||
" use 'never' if you want your token to never expire.\n" .
|
||||
" useflowcontrol: (yes/1 or no/0). If yes, the postscript processing on each node\n" .
|
||||
" contacts xcatd on the MN/SN using a lightweight UDP packet to wait\n" .
|
||||
@ -1804,15 +1804,15 @@ zvmivp => {
|
||||
},
|
||||
},
|
||||
token => {
|
||||
cols => [qw(tokenid username created access expire comments disable)],
|
||||
cols => [qw(tokenid username expire created access comments disable)],
|
||||
keys => [qw(tokenid)],
|
||||
table_desc => 'The token of users for authentication.',
|
||||
descriptions => {
|
||||
tokenid => 'It is a UUID as an unified identify for the user.',
|
||||
username => 'The user name.',
|
||||
expire => 'The expire time for this token.',
|
||||
created => 'Creation time for this token.',
|
||||
access => 'Last access time for this token.',
|
||||
expire => 'The expire time for this token.',
|
||||
comments => 'Any user-provided notes.',
|
||||
disable => "Set to 'yes' or '1' to comment out this row.",
|
||||
},
|
||||
|
||||
@ -3894,6 +3894,42 @@ sub gettimezone
|
||||
|
||||
#--------------------------------------------------------------------------------
|
||||
|
||||
=head3 time2string
|
||||
Return passed in time (in DateTime format) as a string in YYYY/MM/DD HH:MM:SS format
|
||||
Arguments:
|
||||
Unix DateTime as returned by time() for example
|
||||
Optional Separator character for date, default is "/"
|
||||
Returns:
|
||||
String in YYYY/MM/DD HH:MM:SS format
|
||||
Globals:
|
||||
none
|
||||
Error:
|
||||
None
|
||||
Example:
|
||||
my $time_string = xCAT::Utils->time2string($time,"-");
|
||||
Comments:
|
||||
none
|
||||
=cut
|
||||
|
||||
#--------------------------------------------------------------------------------
|
||||
sub time2string
|
||||
{
|
||||
my $unixtime = shift;
|
||||
my $date_separator;
|
||||
if ($unixtime =~ /xCAT::Utils/)
|
||||
{
|
||||
$unixtime = shift;
|
||||
$date_separator = shift // "/"; # Optional date separator, if not specified, default to "/"
|
||||
}
|
||||
my $time_separator = ":";
|
||||
|
||||
my ($sec, $min, $hour, $mday, $mon, $year) = localtime($unixtime);
|
||||
$year += 1900;
|
||||
$mon += 1;
|
||||
return $year . $date_separator . $mon . $date_separator . $mday . " " . $hour . $time_separator . $min . $time_separator . $sec;
|
||||
}
|
||||
#--------------------------------------------------------------------------------
|
||||
|
||||
=head3 specialservicemgr
|
||||
some special services cannot be processed in sysVinit, upstart and systemd framework, should be process here...
|
||||
Arguments:
|
||||
|
||||
@ -14,6 +14,7 @@ use xCAT::MsgUtils;
|
||||
use Data::Dumper;
|
||||
use xCAT::NodeRange;
|
||||
use xCAT::Utils;
|
||||
use Scalar::Util qw/looks_like_number/;
|
||||
|
||||
#--------------------------------------------------------------------------------
|
||||
|
||||
@ -353,13 +354,14 @@ sub validate {
|
||||
return 0;
|
||||
}
|
||||
|
||||
#MG
|
||||
my $one_day = 86400; # one day in seconds
|
||||
my $days = 1; # default days for token expiration
|
||||
my $never_label = "never";
|
||||
|
||||
# this subroutine creates a new token in token table
|
||||
# 1. clean up the expired token
|
||||
# 1. If old style unix DateTime format token found in the token table
|
||||
# if expired -> remove it
|
||||
# if not expired -> replace unix DateTime expiration with new human readable format
|
||||
# 2. create a new token and add it to token table
|
||||
#
|
||||
# this subroutine is called after the account has been authorized
|
||||
@ -374,21 +376,29 @@ sub gettoken {
|
||||
return undef;
|
||||
}
|
||||
my $tokens = $tokentb->getAllEntries;
|
||||
|
||||
# Search for "old" style tokens containing unix DateTime format expiration date
|
||||
foreach my $token (@{$tokens}) {
|
||||
|
||||
# Clean the expired tokens
|
||||
if (($token->{'expire'} ne $never_label) and (str2time($token->{'expire'}) < $current_time)) {
|
||||
$tokentb->delEntries({ 'tokenid' => $token->{tokenid} });
|
||||
if ($token->{'expire'} and looks_like_number($token->{'expire'})) {
|
||||
# Expiration field contains only digits -> this is a old style token with unix DateTime format
|
||||
|
||||
if ($token->{'expire'} and ($token->{'expire'} < $current_time)) {
|
||||
# Clean expired token with old unix DateTime format
|
||||
$tokentb->delEntries({ tokenid => $token->{tokenid} });
|
||||
} else {
|
||||
# Change non-expired old style token to new human readable format
|
||||
$tokentb->setAttribs({ tokenid => $token->{tokenid}, username => $token->{'username'} }, {expire => xCAT::Utils->time2string($token->{'expire'}, "-")});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# create a new token id
|
||||
my $uuid = xCAT::Utils->genUUID();
|
||||
# extract site table setting for number of days before token expires
|
||||
my @entries = xCAT::TableUtils->get_site_attribute("expiretokendays");
|
||||
my $token_days = $entries[0];
|
||||
my $token_days = xCAT::TableUtils->get_site_attribute("tokenexpiredays");
|
||||
my $expiretime = $current_time + $one_day; # default is one day
|
||||
my $expire_time_string = timeToString($expiretime);
|
||||
my $expire_time_string = xCAT::Utils->time2string($expiretime, "-");
|
||||
if ($token_days and (uc($token_days) eq uc($never_label))) {
|
||||
# Tokens never expire
|
||||
$expiretime = $never_label;
|
||||
@ -398,9 +408,9 @@ sub gettoken {
|
||||
# Use number of days from site table
|
||||
$days = $token_days;
|
||||
$expiretime = $current_time + $one_day * $days;
|
||||
$expire_time_string = timeToString($expiretime);
|
||||
$expire_time_string = xCAT::Utils->time2string($expiretime, "-");
|
||||
}
|
||||
my $access_time_string = timeToString($current_time);
|
||||
my $access_time_string = xCAT::Utils->time2string($current_time, "-");
|
||||
# create a new token and set its expiration and creation time
|
||||
$tokentb->setAttribs({ tokenid => $uuid, username => $user },
|
||||
{ expire => $expire_time_string, created => $access_time_string });
|
||||
@ -422,30 +432,32 @@ sub verifytoken {
|
||||
}
|
||||
my $token = $tokentb->getAttribs({ 'tokenid' => $tokenid }, ('username', 'expire'));
|
||||
if (defined($token) && defined($token->{'username'}) && defined($token->{'expire'})) {
|
||||
# Clean the expired token and return
|
||||
if (($token->{'expire'} ne $never_label) and (str2time($token->{'expire'}) < $current_time)) {
|
||||
xCAT::MsgUtils->message("S", "MG (verify) Removing expired token " . $token->{tokenid});
|
||||
$tokentb->delEntries({ 'tokenid' => $token->{tokenid} });
|
||||
return undef;
|
||||
|
||||
if ($token->{'expire'} and looks_like_number($token->{'expire'})) {
|
||||
# Expiration field contains only digits -> this is a old style token with unix DateTime format
|
||||
if ($token->{'expire'} and $token->{'expire'} < $current_time) {
|
||||
# Clean expired token with old unix DateTime format
|
||||
$tokentb->delEntries({ 'tokenid' => $token->{tokenid} });
|
||||
return undef;
|
||||
} else {
|
||||
# Change non-expired old style token to new human readable format
|
||||
$tokentb->setAttribs({ tokenid => $tokenid, username => $token->{'username'} },
|
||||
{access => xCAT::Utils->time2string($current_time, "-"),
|
||||
expire => xCAT::Utils->time2string($token->{'expire'}, "-")});
|
||||
return $token->{'username'};
|
||||
}
|
||||
} else {
|
||||
# Store current access time
|
||||
$tokentb->setAttribs({ tokenid => $tokenid, username => $token->{'username'} }, {access => timeToString($current_time)});
|
||||
return $token->{'username'};
|
||||
if ($token->{'expire'} and ($token->{'expire'} ne "never") and str2time($token->{'expire'}) < $current_time) {
|
||||
# Expired new style token
|
||||
return undef;
|
||||
} else {
|
||||
# Not expired new style token - update current access time
|
||||
$tokentb->setAttribs({ tokenid => $tokenid, username => $token->{'username'} }, {access => xCAT::Utils->time2string($current_time, "-")});
|
||||
return $token->{'username'};
|
||||
}
|
||||
}
|
||||
} else {
|
||||
# Token entry was not found
|
||||
return undef;
|
||||
}
|
||||
}
|
||||
|
||||
# Return passed in time as a string in YYYY/MM/DD HH:MM:SS format
|
||||
sub timeToString() {
|
||||
my $unixtime = shift;
|
||||
|
||||
my ($sec, $min, $hour, $mday, $mon, $year) = localtime($unixtime);
|
||||
$year += 1900;
|
||||
$mon += 1;
|
||||
return "$year/$mon/$mday $hour:$min:$sec";
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
@ -2832,11 +2832,8 @@ sub service_connection {
|
||||
# If token expiration time was set to "never", return that to the user.
|
||||
$htime = $exptime;
|
||||
} else {
|
||||
# Token expiration is a datetime, convert to readable string
|
||||
my ($sec, $min, $hour, $mday, $mon, $year) = localtime($exptime);
|
||||
$year += 1900;
|
||||
$mon += 1;
|
||||
$htime = "$year-$mon-$mday $hour:$min:$sec";
|
||||
# Token expiration is a unix DateTime, convert to readable string
|
||||
$htime = xCAT::Utils->time2string($exptime, "-");
|
||||
}
|
||||
$resp = { data => [ { token => [ { id => $tokenid, expire => $htime } ] } ] };
|
||||
} else {
|
||||
|
||||
@ -1,242 +0,0 @@
|
||||
start:node_post
|
||||
description: node_post
|
||||
cmd:restapitest -m POST -r /nodes/node1 -d '{"groups":"all","mgt":"dfm","netboot":"yaboot"}'
|
||||
check:rc==201
|
||||
end
|
||||
|
||||
start:node_post2
|
||||
description: node_post2
|
||||
cmd:restapitest -m POST -r /nodes/node1 -d '{"groups":"all","mgt":"dfm","netboot":"yaboot"}'
|
||||
check:rc==403
|
||||
cmdcheck:restapitest -o '{"errorcode":"1"}' -O ==
|
||||
end
|
||||
|
||||
|
||||
start:node_put
|
||||
description: node_put
|
||||
cmd:restapitest -m PUT -r /nodes/node1 -d '{"mgt":"hmc","netboot":"xnba"}'
|
||||
check:rc==200
|
||||
end
|
||||
|
||||
|
||||
|
||||
start:nodes_get
|
||||
description: nodes_get
|
||||
cmd:restapitest -m GET -r /nodes
|
||||
check:rc==200
|
||||
cmdcheck:restapitest -o '["node1"]' -O ==
|
||||
end
|
||||
|
||||
start:node_get
|
||||
description: node_get
|
||||
cmd:restapitest -m GET -r /nodes/node1
|
||||
check:rc==200
|
||||
cmdcheck:restapitest -o '{"node1":{"netboot":"xnba"}}' -O ==
|
||||
end
|
||||
|
||||
start:node_delete
|
||||
description: node_delete
|
||||
cmd:restapitest -m DELETE -r /nodes/node1
|
||||
check:rc==200
|
||||
end
|
||||
|
||||
start:nodes_get2
|
||||
description: nodes_get2
|
||||
cmd:restapitest -m GET -r /nodes
|
||||
check:rc==200
|
||||
cmdcheck:restapitest -o '["node1"]' -O !=
|
||||
end
|
||||
|
||||
start:node_get2
|
||||
description: node_get2
|
||||
cmd:restapitest -m GET -r /nodes/node1
|
||||
check:rc==403
|
||||
cmdcheck:restapitest -o '{"errorcode":"1"}' -O ==
|
||||
end
|
||||
|
||||
start:node_post3_for_get_test
|
||||
description: node_post3_for_get_test
|
||||
cmd:restapitest -m POST -r /nodes/node1 -d '{"groups":"all","mgt":"dfm","netboot":"yaboot"}'
|
||||
check:rc==201
|
||||
end
|
||||
|
||||
start:node_attr_get
|
||||
description: node_get2
|
||||
cmd:restapitest -m GET -r /nodes/node1/attrs/mgt,groups,netboot
|
||||
check:rc==200
|
||||
cmdcheck:restapitest -o '{"node1":{"netboot":"yaboot"}}' -O ==
|
||||
end
|
||||
|
||||
start:node_makehosts
|
||||
description: node_makehosts
|
||||
cmd:restapitest -m POST -r /nodes/node1/host
|
||||
check:rc==201
|
||||
end
|
||||
|
||||
start:node_makedns
|
||||
description: node_makehosts
|
||||
cmd:restapitest -m POST -r /nodes/node1/dns
|
||||
check:rc==201
|
||||
end
|
||||
|
||||
|
||||
start:node_delete_dns
|
||||
description: node_delete_dns
|
||||
cmd:restapitest -m DELETE -r /nodes/node1/dns
|
||||
check:rc==200
|
||||
end
|
||||
|
||||
start:node_put
|
||||
description: node_put
|
||||
cmd:restapitest -m PUT -r /nodes/node1 -d '{"mac":"00:1a:64:54:14:80"}'
|
||||
check:rc==200
|
||||
end
|
||||
|
||||
start:node_makedhcp
|
||||
description: node_makedhcp
|
||||
cmd:restapitest -m POST -r /nodes/node1/dhcp
|
||||
check:rc==201
|
||||
end
|
||||
|
||||
start:node_delete_dhcp
|
||||
description: node_delete_dhcp
|
||||
cmd:restapitest -m DELETE -r /nodes/node1/dhcp
|
||||
check:rc==200
|
||||
end
|
||||
|
||||
start:node_state
|
||||
description: node_state
|
||||
cmd:restapitest -m GET -r /nodes/node1/nodestat
|
||||
check:rc==200
|
||||
cmdcheck:restapitest -o '{"node1":{"nodestat":"ANY"}}' -O ==
|
||||
end
|
||||
|
||||
|
||||
#start:node_post4_for_scan_test
|
||||
#description: node_post4_for_scan_test
|
||||
#cmd:restapitest -m POST -r /nodes/e108m6hmc02 -d '{"groups":"all,hmc","mgt":"hmc","hwtype":"hmc","mtm":"7042CR4","serial":"1050FBB","nodetype":"ppc"}'
|
||||
#check:rc==201
|
||||
#end
|
||||
|
||||
start:node_scan
|
||||
description: node_scan
|
||||
cmd:restapitest -m GET -r /nodes/__GETNODEATTR($$CN,hcp)__
|
||||
check:rc==200
|
||||
cmdcheck:restapitest -o '{"__GETNODEATTR($$CN,hcp)__":"ANY"}' -O ==
|
||||
end
|
||||
|
||||
|
||||
start:node_power_get
|
||||
description: node_power_get
|
||||
cmd:restapitest -m GET -r /nodes/$$CN/power
|
||||
check:rc==200
|
||||
cmdcheck:restapitest -o '{"$$CN":{"power":"ANY"}}' -O ==
|
||||
end
|
||||
|
||||
start:node_power_put
|
||||
description: node_power_reset
|
||||
cmd:restapitest -m PUT -r /nodes/$$CN/power -d '{"action":"reset"}'
|
||||
check:rc==200
|
||||
end
|
||||
|
||||
#start:node_energy_put
|
||||
#description: node_energy_put
|
||||
#cmd:restapitest -m PUT -r /nodes/Vc68m5sn01/energy -d '{"cappingstatus":"on"}'
|
||||
#check:rc==200
|
||||
#end
|
||||
|
||||
#start:node_energy_get
|
||||
#description: node_energy_get
|
||||
#cmd:restapitest -m GET -r /nodes/Vc68m5sn01/energy
|
||||
#check:rc==200
|
||||
#cmdcheck:restapitest -o '{"Vc68m5sn01":{"cappingmin":"on"}}' -O ==
|
||||
#end
|
||||
|
||||
#start:node_energy_get_attr
|
||||
#description: node_energy_get_attr
|
||||
#cmd:restapitest -m GET -r /nodes/Vc68m5sn01/energy/cappingmaxmin,cappingstatus
|
||||
#check:rc==200
|
||||
#cmdcheck:restapitest -o '{"Vc68m5sn01":{"cappingmin":"ANY"}}' -O ==
|
||||
#end
|
||||
|
||||
#start:node_get_attr
|
||||
#description: node_get_attr
|
||||
#cmd:restapitest -m GET -r /nodes/Vc68m5sn01/sp/community
|
||||
#check:rc==200
|
||||
#cmdcheck:restapitest -o '{"Vc68m5sn01":{"SP SNMP Community":"public"}}' -O ==
|
||||
#end
|
||||
|
||||
#start:node_put_attr
|
||||
#description: node_put_attr
|
||||
#cmd:restapitest -m PUT -r /nodes/Vc68m5sn01/sp/community -d '{"value":"mycommunity"}''
|
||||
#check:rc==200
|
||||
#end
|
||||
|
||||
#start:node_put_nextboot
|
||||
#description: node_put_nextboot
|
||||
#cmd:restapitest -m PUT -r /nodes/$$CN/nextboot -d '{"order":"net"}'
|
||||
#check:rc==201
|
||||
#end
|
||||
|
||||
#start:node_get_nextboot
|
||||
#description: node_get_nextboot
|
||||
#cmd:restapitest -m GET -r /nodes/Vc68m5sn01/nextboot
|
||||
#check:rc==200
|
||||
#cmdcheck:restapitest -o '{"Vc68m5sn01":{"nextboot":"net"}}' -O ==
|
||||
#end
|
||||
|
||||
start:node_put_bootstate
|
||||
description: node_put_bootstate
|
||||
cmd:restapitest -m PUT -r /nodes/Vc68m5sn01/bootstate -d '{"osimage":"rhels6.4-x86_64-install-compute"}'
|
||||
check:rc==201
|
||||
end
|
||||
|
||||
start:node_get_bootstate
|
||||
description: node_get_bootstate
|
||||
cmd:restapitest -m GET -r /nodes/$$CN/bootstate
|
||||
check:rc==200
|
||||
cmdcheck:restapitest -o '{"$$CN":{"bootstat":"ANY"}}' -O ==
|
||||
end
|
||||
|
||||
start:node_get_vitals
|
||||
description: node_get_vitals
|
||||
cmd:restapitest -m GET -r /nodes/Vc68m5sn01/vitals
|
||||
check:rc==200
|
||||
cmdcheck:restapitest -o '{"Vc68m5sn01":{"SysBrd Fault":"0"}}' -O ==
|
||||
end
|
||||
|
||||
start:node_get_vitals_attr
|
||||
description: node_get_vitals_attr
|
||||
cmd:restapitest -m GET -r /nodes/$$CN/vitals/all
|
||||
check:rc==200
|
||||
cmdcheck:restapitest -o '{"$$CN":{"System Temperature":"ANY"}}' -O ==
|
||||
end
|
||||
|
||||
start:node_get_inventory
|
||||
description: node_get_inventory
|
||||
cmd:restapitest -m GET -r /nodes/Vc68m5sn01/inventory
|
||||
check:rc==200
|
||||
cmdcheck:restapitest -o '{"Vc68m5sn01":{"Power Supply 2 Board FRU Number":"94Y8105"}}' -O ==
|
||||
end
|
||||
|
||||
start:node_get_inventory_attr
|
||||
description: node_get_inventory_attr
|
||||
cmd:restapitest -m GET -r /nodes/Vc68m5sn01/inventory/model
|
||||
check:rc==200
|
||||
cmdcheck:restapitest -o '{"Vc68m5sn01":{"System Description":"System x3650 M4"}}' -O ==
|
||||
end
|
||||
|
||||
#start:node_get_eventlog
|
||||
#description: node_get_eventlog
|
||||
#cmd:restapitest -m GET -r /nodes/Vc68m5sn01/eventlog
|
||||
#check:rc==200
|
||||
#cmdcheck:restapitest -o '{"Vc68m5sn01":{"eventlog":"ANY"}}' -O ==
|
||||
#end
|
||||
|
||||
start:node_post_nodecopy
|
||||
description: node_post_nodecopy
|
||||
cmd:restapitest -m POST -r /nodes/$$CN/nodecopy -d '{"src":["/etc/hosts","/etc/resolv.conf"],"target":"/tmp"}'
|
||||
check:rc==201
|
||||
end
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user