objects: Remove ConsoleAuthToken.to_dict

This is only used in three places now, each of which can be removed.

Part of blueprint remove-consoleauth

Change-Id: I89df8f8fa111b730ddd0aa73ae09a8cd5d152dad
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This commit is contained in:
Stephen Finucane 2019-04-16 11:26:23 +01:00
parent bca4fdec9a
commit 0c7262cce4
4 changed files with 41 additions and 57 deletions

View File

@ -49,24 +49,25 @@ class ConsoleAuthTokensController(wsgi.Controller):
# with one instance, which can only be in one cell.
for result in results.values():
if not nova_context.is_cell_failure_sentinel(result):
connect_info = result.to_dict()
connect_info = result
break
if not connect_info:
raise webob.exc.HTTPNotFound(explanation=_("Token not found"))
console_type = connect_info.get('console_type')
console_type = connect_info.console_type
if rdp_only and console_type != "rdp-html5":
raise webob.exc.HTTPUnauthorized(
explanation=_("The requested console type details are not "
"accessible"))
return {'console':
{i: connect_info[i]
for i in ['instance_uuid', 'host', 'port',
'internal_access_path']
if i in connect_info}}
return {'console': {
'instance_uuid': connect_info.instance_uuid,
'host': connect_info.host,
'port': connect_info.port,
'internal_access_path': connect_info.internal_access_path,
}}
@wsgi.Controller.api_version("2.1", "2.30")
@wsgi.expected_errors((400, 401, 404))

View File

@ -95,13 +95,14 @@ class NovaProxyRequestHandlerBase(object):
# deployments due to DNS configuration and break VNC access completely
return str(self.client_address[0])
def verify_origin_proto(self, connection_info, origin_proto):
access_url = connection_info.get('access_url')
if not access_url:
detail = _("No access_url in connection_info. "
"Cannot validate protocol")
def verify_origin_proto(self, connect_info, origin_proto):
if 'access_url_base' not in connect_info:
detail = _("No access_url_base in connect_info. "
"Cannot validate protocol")
raise exception.ValidationError(detail=detail)
expected_protos = [urlparse.urlparse(access_url).scheme]
expected_protos = [
urlparse.urlparse(connect_info.access_url_base).scheme]
# NOTE: For serial consoles the expected protocol could be ws or
# wss which correspond to http and https respectively in terms of
# security.
@ -129,11 +130,11 @@ class NovaProxyRequestHandlerBase(object):
# NOTE(PaulMurray) ConsoleAuthToken.validate validates the token.
# We call the compute manager directly to check the console port
# is correct.
connect_info = objects.ConsoleAuthToken.validate(ctxt, token).to_dict()
connect_info = objects.ConsoleAuthToken.validate(ctxt, token)
valid_port = self._check_console_port(
ctxt, connect_info['instance_uuid'], connect_info['port'],
connect_info['console_type'])
ctxt, connect_info.instance_uuid, connect_info.port,
connect_info.console_type)
if not valid_port:
raise exception.InvalidToken(token='***')
@ -216,8 +217,8 @@ class NovaProxyRequestHandlerBase(object):
raise exception.ValidationError(detail=detail)
self.msg(_('connect info: %s'), str(connect_info))
host = connect_info['host']
port = int(connect_info['port'])
host = connect_info.host
port = connect_info.port
# Connect to the target
self.msg(_("connecting to: %(host)s:%(port)s") % {'host': host,
@ -225,20 +226,21 @@ class NovaProxyRequestHandlerBase(object):
tsock = self.socket(host, port, connect=True)
# Handshake as necessary
if connect_info.get('internal_access_path'):
tsock.send(encodeutils.safe_encode(
"CONNECT %s HTTP/1.1\r\n\r\n" %
connect_info['internal_access_path']))
end_token = "\r\n\r\n"
while True:
data = tsock.recv(4096, socket.MSG_PEEK)
token_loc = data.find(end_token)
if token_loc != -1:
if data.split("\r\n")[0].find("200") == -1:
raise exception.InvalidConnectionInfo()
# remove the response from recv buffer
tsock.recv(token_loc + len(end_token))
break
if 'internal_access_path' in connect_info:
path = connect_info.internal_access_path
if path:
tsock.send(encodeutils.safe_encode(
'CONNECT %s HTTP/1.1\r\n\r\n' % path))
end_token = "\r\n\r\n"
while True:
data = tsock.recv(4096, socket.MSG_PEEK)
token_loc = data.find(end_token)
if token_loc != -1:
if data.split("\r\n")[0].find("200") == -1:
raise exception.InvalidConnectionInfo()
# remove the response from recv buffer
tsock.recv(token_loc + len(end_token))
break
if self.server.security_proxy is not None:
tenant_sock = TenantSock(self)

View File

@ -77,24 +77,6 @@ class ConsoleAuthToken(base.NovaTimestampObject, base.NovaObject):
obj.obj_reset_changes()
return obj
def to_dict(self):
"""Convert to a dict representation."""
# NOTE(PaulMurray) For compatibility while there is code that
# expects the dict representation returned by consoleauth.
# TODO(PaulMurray) Remove this function when the code no
# longer expects the consoleauth dict representation
connect_info = {}
connect_info['token'] = self.token,
connect_info['instance_uuid'] = self.instance_uuid
connect_info['console_type'] = self.console_type
connect_info['host'] = self.host
connect_info['port'] = self.port
if 'internal_access_path' in self:
connect_info['internal_access_path'] = self.internal_access_path
if 'access_url_base' in self:
connect_info['access_url'] = self.access_url
return connect_info
@base.remotable
def authorize(self, ttl):
"""Authorise the console token and store in the database.

View File

@ -64,15 +64,15 @@ class XCPVNCProxy(object):
def handshake(self, req, connect_info, sockets):
"""Execute hypervisor-specific vnc auth handshaking (if needed)."""
host = connect_info['host']
port = int(connect_info['port'])
host = connect_info.host
port = connect_info.port
server = eventlet.connect((host, port))
# Handshake as necessary
if connect_info.get('internal_access_path'):
server.sendall("CONNECT %s HTTP/1.1\r\n\r\n" %
connect_info['internal_access_path'])
if 'internal_access_path' in connect_info:
path = connect_info.internal_access_path
server.sendall('CONNECT %s HTTP/1.1\r\n\r\n' % path)
data = ""
while True:
@ -132,8 +132,7 @@ class XCPVNCProxy(object):
ctxt = context.get_admin_context()
try:
connect_info = objects.ConsoleAuthToken.validate(
ctxt, token).to_dict()
connect_info = objects.ConsoleAuthToken.validate(ctxt, token)
except exception.InvalidToken:
LOG.info("Request made with invalid token: %s", req)
start_response('401 Not Authorized',