57 lines
1.8 KiB
Python
57 lines
1.8 KiB
Python
import socket
|
|
|
|
from flask import g
|
|
import gssapi
|
|
from gssapi.raw.exceptions import ExpiredCredentialsError
|
|
import requests
|
|
from requests_gssapi import HTTPSPNEGOAuth
|
|
from zope import component
|
|
from zope.interface import implementer
|
|
|
|
from ceo_common.interfaces import IConfig, IKerberosService, IHTTPClient
|
|
|
|
|
|
@implementer(IHTTPClient)
|
|
class HTTPClient:
|
|
def __init__(self):
|
|
# Determine how to connect to other ceod instances
|
|
cfg = component.getUtility(IConfig)
|
|
if cfg.get('ceod_use_https'):
|
|
self.scheme = 'https'
|
|
else:
|
|
self.scheme = 'http'
|
|
self.ceod_port = cfg.get('ceod_port')
|
|
self.base_domain = cfg.get('base_domain')
|
|
|
|
self.krb_realm = cfg.get('ldap_sasl_realm')
|
|
|
|
def request(self, host: str, api_path: str, method='GET', **kwargs):
|
|
principal = g.sasl_user
|
|
if '@' not in principal:
|
|
principal = principal + '@' + self.krb_realm
|
|
gssapi_name = gssapi.Name(principal)
|
|
creds = gssapi.Credentials(name=gssapi_name, usage='initiate')
|
|
auth = HTTPSPNEGOAuth(
|
|
opportunistic_auth=True,
|
|
target_name='ceod',
|
|
creds=creds,
|
|
)
|
|
# always use the FQDN, for HTTPS purposes
|
|
if '.' not in host:
|
|
host = host + '.' + self.base_domain
|
|
return requests.request(
|
|
method,
|
|
f'{self.scheme}://{host}:{self.ceod_port}{api_path}',
|
|
auth=auth,
|
|
**kwargs,
|
|
)
|
|
|
|
def get(self, host: str, api_path: str, **kwargs):
|
|
return self.request(host, api_path, 'GET', **kwargs)
|
|
|
|
def post(self, host: str, api_path: str, **kwargs):
|
|
return self.request(host, api_path, 'POST', **kwargs)
|
|
|
|
def delete(self, host: str, api_path: str, **kwargs):
|
|
return self.request(host, api_path, 'DELETE', **kwargs)
|