pyceo/ceo_common/model/HTTPClient.py

import flask
import gssapi
import requests
from requests_gssapi import HTTPSPNEGOAuth
from zope import component
from zope.interface import implementer

from ceo_common.interfaces import IConfig, IHTTPClient


@implementer(IHTTPClient)
class HTTPClient:
    def __init__(self):
        # Determine how to connect to other ceod instances
        cfg = component.getUtility(IConfig)
        if cfg.get('ceod_use_https'):
            self.scheme = 'https'
        else:
            self.scheme = 'http'
        self.ceod_port = cfg.get('ceod_port')
        self.base_domain = cfg.get('base_domain')

    def request(self, host: str, api_path: str, method: str, delegate: bool, **kwargs):
        # always use the FQDN
        if '.' not in host:
            host = host + '.' + self.base_domain

        # SPNEGO
        spnego_kwargs = {
            'opportunistic_auth': True,
            'target_name': gssapi.Name('ceod/' + host),
        }
        if flask.has_request_context() and 'client_creds' in flask.g:
            # This is reached when we are the server and the client has forwarded
            # their credentials to us.
            spnego_kwargs['creds'] = flask.g.client_creds
        if delegate:
            # This is reached when we are the client and we want to forward our
            # credentials to the server.
            spnego_kwargs['delegate'] = True
        auth = HTTPSPNEGOAuth(**spnego_kwargs)

        return requests.request(
            method,
            f'{self.scheme}://{host}:{self.ceod_port}{api_path}',
            auth=auth, **kwargs,
        )

    def get(self, host: str, api_path: str, delegate: bool = True, **kwargs):
        return self.request(host, api_path, 'GET', delegate, **kwargs)

    def post(self, host: str, api_path: str, delegate: bool = True, **kwargs):
        return self.request(host, api_path, 'POST', delegate, **kwargs)

    def patch(self, host: str, api_path: str, delegate: bool = True, **kwargs):
        return self.request(host, api_path, 'PATCH', delegate, **kwargs)

    def delete(self, host: str, api_path: str, delegate: bool = True, **kwargs):
        return self.request(host, api_path, 'DELETE', delegate, **kwargs)
use GSSAPI delegation 2021-08-25 22:19:18 -04:00			`import flask`
add app factory 2021-07-24 17:09:10 -04:00			`import gssapi`
			`import requests`
			`from requests_gssapi import HTTPSPNEGOAuth`
			`from zope import component`
			`from zope.interface import implementer`

implement /api/groups endpoints 2021-08-18 19:48:17 -04:00			`from ceo_common.interfaces import IConfig, IHTTPClient`
add app factory 2021-07-24 17:09:10 -04:00

			`@implementer(IHTTPClient)`
			`class HTTPClient:`
			`def __init__(self):`
			`# Determine how to connect to other ceod instances`
			`cfg = component.getUtility(IConfig)`
			`if cfg.get('ceod_use_https'):`
			`self.scheme = 'https'`
			`else:`
			`self.scheme = 'http'`
			`self.ceod_port = cfg.get('ceod_port')`
use ConfigParser 2021-08-03 19:19:33 -04:00			`self.base_domain = cfg.get('base_domain')`
add app factory 2021-07-24 17:09:10 -04:00
use GSSAPI delegation 2021-08-25 22:19:18 -04:00			`def request(self, host: str, api_path: str, method: str, delegate: bool, **kwargs):`
use our own SPNEGO implementation 2021-08-21 02:27:33 -04:00			`# always use the FQDN`
			`if '.' not in host:`
			`host = host + '.' + self.base_domain`
add members CLI 2021-08-23 09:59:01 -04:00
			`# SPNEGO`
use GSSAPI delegation 2021-08-25 22:19:18 -04:00			`spnego_kwargs = {`
			`'opportunistic_auth': True,`
			`'target_name': gssapi.Name('ceod/' + host),`
			`}`
			`if flask.has_request_context() and 'client_creds' in flask.g:`
			`# This is reached when we are the server and the client has forwarded`
			`# their credentials to us.`
			`spnego_kwargs['creds'] = flask.g.client_creds`
			`if delegate:`
			`# This is reached when we are the client and we want to forward our`
			`# credentials to the server.`
			`spnego_kwargs['delegate'] = True`
			`auth = HTTPSPNEGOAuth(**spnego_kwargs)`
add members CLI 2021-08-23 09:59:01 -04:00
add app factory 2021-07-24 17:09:10 -04:00			`return requests.request(`
			`method,`
			`f'{self.scheme}://{host}:{self.ceod_port}{api_path}',`
use GSSAPI delegation 2021-08-25 22:19:18 -04:00			`auth=auth, **kwargs,`
add app factory 2021-07-24 17:09:10 -04:00			`)`

use GSSAPI delegation 2021-08-25 22:19:18 -04:00			`def get(self, host: str, api_path: str, delegate: bool = True, **kwargs):`
			`return self.request(host, api_path, 'GET', delegate, **kwargs)`
add members CLI 2021-08-23 09:59:01 -04:00
use GSSAPI delegation 2021-08-25 22:19:18 -04:00			`def post(self, host: str, api_path: str, delegate: bool = True, **kwargs):`
			`return self.request(host, api_path, 'POST', delegate, **kwargs)`
add app factory 2021-07-24 17:09:10 -04:00
use GSSAPI delegation 2021-08-25 22:19:18 -04:00			`def patch(self, host: str, api_path: str, delegate: bool = True, **kwargs):`
			`return self.request(host, api_path, 'PATCH', delegate, **kwargs)`
add app factory 2021-07-24 17:09:10 -04:00
use GSSAPI delegation 2021-08-25 22:19:18 -04:00			`def delete(self, host: str, api_path: str, delegate: bool = True, **kwargs):`
			`return self.request(host, api_path, 'DELETE', delegate, **kwargs)`