x/cloudbase-init
Code Issues Proposed changes
bb2e3484d6
cloudbase-init/cloudbaseinit/metadata/services/maasservice.py
Alexandru Coman 7078b58038
Handle [SSL: CERTIFICATE_VERIFY_FAILED] exception 
This patch removes all the duplicated code blocks
related to HTTP requests, improves the way that
the exceptions are handled and adds a new base class
for all the metadata providers which use HTTP(S)
protocol in order to serve information.

Change-Id: Ib36b0cf592310bb1e6cc4aec4fc2b9b5f29f1759
Co-Authored-By: Alexandru Tudose <atudose@cloudbasesolutions.com>
2016-09-06 09:59:55 +03:00

111 lines
4.1 KiB
Python
Raw Blame History

# Copyright 2014 Cloudbase Solutions Srl
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import re
from oauthlib import oauth1
from oslo_log import log as oslo_logging
import requests
from cloudbaseinit import conf as cloudbaseinit_conf
from cloudbaseinit.metadata.services import base
from cloudbaseinit.utils import x509constants
CONF = cloudbaseinit_conf.CONF
LOG = oslo_logging.getLogger(__name__)
class _Realm(str):
# There's a bug in oauthlib which ignores empty realm strings,
# by checking that the given realm is always True.
# This string class always returns True in a boolean context,
# making sure that an empty realm can be used by oauthlib.
def __bool__(self):
return True
__nonzero__ = __bool__
class MaaSHttpService(base.BaseHTTPMetadataService):
_METADATA_2012_03_01 = '2012-03-01'
def __init__(self):
super(MaaSHttpService, self).__init__(
base_url=CONF.maas.metadata_base_url,
https_allow_insecure=CONF.maas.https_allow_insecure,
https_ca_bundle=CONF.maas.https_ca_bundle)
self._enable_retry = True
self._metadata_version = self._METADATA_2012_03_01
def load(self):
super(MaaSHttpService, self).load()
if not CONF.maas.metadata_base_url:
LOG.debug('MaaS metadata url not set')
else:
try:
self._get_cache_data('%s/meta-data/' % self._metadata_version)
return True
except Exception as ex:
LOG.exception(ex)
LOG.debug('Metadata not found at URL \'%s\'' %
CONF.maas.metadata_base_url)
return False
def _get_oauth_headers(self, url):
LOG.debug("Getting authorization headers for %s.", url)
client = oauth1.Client(
CONF.maas.oauth_consumer_key,
client_secret=CONF.maas.oauth_consumer_secret,
resource_owner_key=CONF.maas.oauth_token_key,
resource_owner_secret=CONF.maas.oauth_token_secret,
signature_method=oauth1.SIGNATURE_PLAINTEXT)
realm = _Realm("")
headers = client.sign(url, realm=realm)[1]
return headers
def _http_request(self, url, data=None, headers=None):
"""Get content for received url."""
if not url.startswith("http"):
url = requests.compat.urljoin(self._base_url, url)
headers = {} if headers is None else headers
headers.update(self._get_oauth_headers(url))
return super(MaaSHttpService, self)._http_request(url, data, headers)
def get_host_name(self):
return self._get_cache_data('%s/meta-data/local-hostname' %
self._metadata_version, decode=True)
def get_instance_id(self):
return self._get_cache_data('%s/meta-data/instance-id' %
self._metadata_version, decode=True)
def get_public_keys(self):
return self._get_cache_data('%s/meta-data/public-keys' %
self._metadata_version,
decode=True).splitlines()
def get_client_auth_certs(self):
certs_data = self._get_cache_data('%s/meta-data/x509' %
self._metadata_version,
decode=True)
pattern = r"{begin}[\s\S]+?{end}".format(
begin=x509constants.PEM_HEADER,
end=x509constants.PEM_FOOTER)
return re.findall(pattern, certs_data)
def get_user_data(self):
return self._get_cache_data('%s/user-data' % self._metadata_version)
View Git Blame Copy Permalink