Add console auth tokens db api methods

Console auth tokens will be saved in the database
instead of in memory in a console auth server.

Adding the db api methods to create token records,
get them and delete all tokens for an instance
in this patch.

The following patch in the series will add the console
auth token object.

Change-Id: I881faa62f3be4986b38d11c4ac059672ae45c11f
Co-Authored-By: Eli Qiao <qiaoliyong@gmail.com>
partially-implements: blueprint convert-consoles-to-objects
This commit is contained in:
Paul Murray 2016-05-23 15:23:18 +01:00
parent a90f436b34
commit 2b07626f49
3 changed files with 86 additions and 0 deletions

View File

@ -2045,3 +2045,39 @@ def instance_tag_delete_all(context, instance_uuid):
def instance_tag_exists(context, instance_uuid, tag): def instance_tag_exists(context, instance_uuid, tag):
"""Check if specified tag exist on the instance.""" """Check if specified tag exist on the instance."""
return IMPL.instance_tag_exists(context, instance_uuid, tag) return IMPL.instance_tag_exists(context, instance_uuid, tag)
####################
def console_auth_token_create(context, values):
"""Create a console authorization."""
return IMPL.console_auth_token_create(context, values)
def console_auth_token_get_valid(context, token_hash, instance_uuid):
"""Get a valid console authorization by token_hash and instance_uuid.
The console authorizations expire at the time specified by their
'expires' column. An expired console auth token will not be returned
to the caller - it is treated as if it does not exist.
"""
return IMPL.console_auth_token_get_valid(context,
token_hash,
instance_uuid)
def console_auth_token_destroy_all_by_instance(context, instance_uuid):
"""Delete all console authorizations belonging to the instance."""
return IMPL.console_auth_token_destroy_all_by_instance(context,
instance_uuid)
def console_auth_token_destroy_expired_by_host(context, host):
"""Delete expired console authorizations belonging to the host.
The console authorizations expire at the time specified by their
'expires' column. This function is used to garbage collect expired
tokens associated with the given host.
"""
return IMPL.console_auth_token_destroy_expired_by_host(context, host)

View File

@ -6803,3 +6803,40 @@ def instance_tag_exists(context, instance_uuid, tag):
q = context.session.query(models.Tag).filter_by( q = context.session.query(models.Tag).filter_by(
resource_id=instance_uuid, tag=tag) resource_id=instance_uuid, tag=tag)
return context.session.query(q.exists()).scalar() return context.session.query(q.exists()).scalar()
####################
@pick_context_manager_writer
def console_auth_token_create(context, values):
instance_uuid = values.get('instance_uuid')
_check_instance_exists_in_project(context, instance_uuid)
token_ref = models.ConsoleAuthToken()
token_ref.update(values)
context.session.add(token_ref)
return token_ref
@pick_context_manager_reader
def console_auth_token_get_valid(context, token_hash, instance_uuid):
_check_instance_exists_in_project(context, instance_uuid)
return context.session.query(models.ConsoleAuthToken).\
filter_by(token_hash=token_hash).\
filter_by(instance_uuid=instance_uuid).\
filter(models.ConsoleAuthToken.expires > timeutils.utcnow_ts()).\
first()
@pick_context_manager_writer
def console_auth_token_destroy_all_by_instance(context, instance_uuid):
context.session.query(models.ConsoleAuthToken).\
filter_by(instance_uuid=instance_uuid).delete()
@pick_context_manager_writer
def console_auth_token_destroy_expired_by_host(context, host):
context.session.query(models.ConsoleAuthToken).\
filter_by(host=host).\
filter(models.ConsoleAuthToken.expires <= timeutils.utcnow_ts()).\
delete()

View File

@ -1211,6 +1211,19 @@ def get_hash_str(base_str):
return hashlib.md5(base_str).hexdigest() return hashlib.md5(base_str).hexdigest()
def get_sha256_str(base_str):
"""Returns string that represents sha256 hash of base_str (in hex format).
sha1 and md5 are known to be breakable, so sha256 is a better option
when the hash is being used for security purposes. If hashing passwords
or anything else that needs to be retained for a long period a salted
hash is better.
"""
if isinstance(base_str, six.text_type):
base_str = base_str.encode('utf-8')
return hashlib.sha256(base_str).hexdigest()
def filter_and_format_resource_metadata(resource_type, resource_list, def filter_and_format_resource_metadata(resource_type, resource_list,
search_filts, metadata_type=None): search_filts, metadata_type=None):
"""Get all metadata for a list of resources after filtering. """Get all metadata for a list of resources after filtering.