Remove message signing in API plugin (after discussion with ceilometer team).
Signing doesn't prevent replay attacks. Use HTTPS to not reinvent the wheel. Remove ceilometer-pollster directory (it has been merged with Ceilometer).
This commit is contained in:
parent
43d9a2c029
commit
7d294500da
|
@ -1,9 +0,0 @@
|
|||
#### With Devstack ####
|
||||
|
||||
Copy "kwapi" to /opt/stack/ceilometer/ceilometer/.
|
||||
|
||||
Modify /opt/stack/ceilometer/setup.py:
|
||||
[ceilometer.poll.central]
|
||||
kwapi = ceilometer.kwapi.kwapi:KwapiPollster
|
||||
|
||||
Run "sudo easy_install /opt/stack/ceilometer/".
|
|
@ -1,80 +0,0 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
|
||||
from keystoneclient.v2_0 import client as ksclient
|
||||
import requests
|
||||
|
||||
from ceilometer import counter
|
||||
from ceilometer import meter
|
||||
from ceilometer.central import plugin
|
||||
from ceilometer.openstack.common import cfg
|
||||
from ceilometer.openstack.common import log
|
||||
from ceilometer.openstack.common import timeutils
|
||||
|
||||
class KwapiClient():
|
||||
"""Kwapi API client."""
|
||||
|
||||
def __init__(self, url, token=None):
|
||||
"""Initializes client."""
|
||||
self.url = url
|
||||
self.token = token
|
||||
|
||||
def list_probes(self):
|
||||
"""Returns a list of dicts describing all probes."""
|
||||
probes_url = self.url + '/probes/'
|
||||
headers = {}
|
||||
if self.token is not None:
|
||||
headers = {'X-Auth-Token': self.token}
|
||||
request = requests.get(probes_url, headers=headers)
|
||||
message = request.json
|
||||
|
||||
probe_list = []
|
||||
|
||||
if meter.verify_signature(message, cfg.CONF['metering_secret']):
|
||||
probes = message['probes']
|
||||
for key, value in probes.iteritems():
|
||||
probe_dict = value
|
||||
probe_dict['id'] = key
|
||||
probe_list.append(probe_dict)
|
||||
|
||||
return probe_list
|
||||
|
||||
class _Base(plugin.CentralPollster):
|
||||
"""Base class for the Kwapi pollster, derived from CentralPollster."""
|
||||
|
||||
@staticmethod
|
||||
def get_kwapi_client():
|
||||
"""Returns a KwapiClient configured with the proper url and token."""
|
||||
keystone = ksclient.Client(username=cfg.CONF.os_username,
|
||||
password=cfg.CONF.os_password,
|
||||
tenant_id=cfg.CONF.os_tenant_id,
|
||||
tenant_name=cfg.CONF.os_tenant_name,
|
||||
auth_url=cfg.CONF.os_auth_url)
|
||||
endpoint = keystone.service_catalog.url_for(service_type='metering', endpoint_type='internalURL')
|
||||
return KwapiClient(endpoint, keystone.auth_token)
|
||||
|
||||
def iter_probes(self):
|
||||
"""Iterate over all probes."""
|
||||
client = self.get_kwapi_client()
|
||||
return client.list_probes()
|
||||
|
||||
class KwapiPollster(_Base):
|
||||
"""Kwapi pollster derived from the base class."""
|
||||
|
||||
LOG = log.getLogger(__name__ + '.kwapi')
|
||||
|
||||
def get_counters(self, manager, context):
|
||||
"""Returns all counters."""
|
||||
for probe in self.iter_probes():
|
||||
yield counter.Counter(
|
||||
name='kwapi',
|
||||
type=counter.TYPE_CUMULATIVE,
|
||||
volume=probe['kwh'],
|
||||
user_id=None,
|
||||
project_id=None,
|
||||
resource_id=probe['id'],
|
||||
timestamp=timeutils.utcnow().isoformat(),
|
||||
resource_metadata={
|
||||
'timestamp': probe['timestamp'],
|
||||
'w': probe['w']
|
||||
}
|
||||
)
|
|
@ -8,7 +8,6 @@ acl_auth_url = http://10.0.0.2:5000/v2.0
|
|||
|
||||
# Signature
|
||||
signature_checking = true
|
||||
api_metering_secret = change this or be hacked
|
||||
driver_metering_secret = Change This Or Be Hacked
|
||||
|
||||
# Communication
|
||||
|
|
|
@ -8,15 +8,6 @@ import hmac
|
|||
import flask
|
||||
|
||||
from kwapi.openstack.common import cfg
|
||||
from kwapi import security
|
||||
|
||||
v1_opts = [
|
||||
cfg.StrOpt('api_metering_secret',
|
||||
required=True,
|
||||
),
|
||||
]
|
||||
|
||||
cfg.CONF.register_opts(v1_opts)
|
||||
|
||||
blueprint = flask.Blueprint('v1', __name__)
|
||||
|
||||
|
@ -30,7 +21,6 @@ def list_probes_ids():
|
|||
"""Returns all known probes IDs."""
|
||||
message = {}
|
||||
message['probe_ids'] = flask.request.database.keys()
|
||||
security.append_signature(message, cfg.CONF.api_metering_secret)
|
||||
return flask.jsonify(message)
|
||||
|
||||
@blueprint.route('/probes/')
|
||||
|
@ -38,7 +28,6 @@ def list_probes():
|
|||
"""Returns all information about all known probes."""
|
||||
message = {}
|
||||
message['probes'] = flask.request.database
|
||||
security.append_signature(message, cfg.CONF.api_metering_secret)
|
||||
return flask.jsonify(message)
|
||||
|
||||
@blueprint.route('/probes/<probe>/')
|
||||
|
@ -49,7 +38,6 @@ def probe_info(probe):
|
|||
message[probe] = flask.request.database[probe]
|
||||
except KeyError:
|
||||
flask.abort(404)
|
||||
security.append_signature(message, cfg.CONF.api_metering_secret)
|
||||
return flask.jsonify(message)
|
||||
|
||||
@blueprint.route('/probes/<probe>/<meter>/')
|
||||
|
@ -60,5 +48,4 @@ def probe_value(probe, meter):
|
|||
message[probe] = {meter: flask.request.database[probe][meter]}
|
||||
except KeyError:
|
||||
flask.abort(404)
|
||||
security.append_signature(message, cfg.CONF.api_metering_secret)
|
||||
return flask.jsonify(message)
|
||||
|
|
Loading…
Reference in New Issue