From 703d62404fd06390ceeef59aeed81778167a0736 Mon Sep 17 00:00:00 2001 From: Samuzzal Choudhury Date: Mon, 11 Jun 2018 13:06:43 +0530 Subject: [PATCH 01/15] Added endpoint to scan user notification and notify users --- src/rest_api.py | 81 ++++++++++++++++++++++++++++++++++++++++++++++++- src/utils.py | 9 ++++++ 2 files changed, 89 insertions(+), 1 deletion(-) diff --git a/src/rest_api.py b/src/rest_api.py index f97b1f2..a79ddb7 100644 --- a/src/rest_api.py +++ b/src/rest_api.py @@ -2,7 +2,8 @@ import flask from flask import Flask, request from flask_cors import CORS -from utils import DatabaseIngestion, scan_repo, validate_request_data, retrieve_worker_result +from utils import DatabaseIngestion, scan_repo, validate_request_data,\ + retrieve_worker_result, alert_user from f8a_worker.setup_celery import init_selinon from auth import login_required from exceptions import HTTPError @@ -135,6 +136,84 @@ def report(): return flask.jsonify(response), 404 +@app.route('/api/v1/user-repo/scan', methods=['POST']) +@login_required +def user_repo_scan(): + """ + Endpoint for scanning an OSIO user's repository. + + Runs a scan to find out security vulnerability in a user's repository + """ + resp_dict = { + "status": "success", + "summary": "" + } + + # Request validation section + input_json = request.get_json() + if request.content_type != 'application/json': + resp_dict["success"] = False + resp_dict["summary"] = "Set content type to application/json" + return flask.jsonify(resp_dict), 400 + + validate_string = "{} cannot be empty" + if 'git-url' not in input_json: + validate_string = validate_string.format("git-url") + return False, validate_string + + # Call the worker flow to run a user repository scan asynchronously + status = alert_user(input_json) + if status is not True: + resp_dict["status"] = "failure" + resp_dict["summary"] = "Scan initialization failure" + return flask.jsonify(resp_dict), 500 + + resp_dict.update({ + "summary": "Report for {} is being generated in the background. You will be notified" + "via your preferred openshift.io notification mechanism on its completion.". + format(input_json.get('git-url')), + }) + + return flask.jsonify(resp_dict), 200 + + +@app.route('/api/v1/user-repo/notify', methods=['POST']) +@login_required +def user_repo_scan(): + """ + Endpoint for scanning an OSIO user's repository. + + Runs a scan to find out security vulnerability in a user's repository + """ + # Request validation section + input_json = request.get_json() + resp_dict = {} + if request.content_type != 'application/json': + resp_dict["success"] = False + resp_dict["summary"] = "Set content type to application/json" + return flask.jsonify(resp_dict), 400 + + validate_string = "{} cannot be empty" + if 'vulnerable-components' not in input_json: + validate_string = validate_string.format("vulnerable-components") + return False, validate_string + + # Call the worker flow to run a user repository scan asynchronously + status = alert_user(input_json, skip_dep_tree=True) + if status is not True: + resp_dict["status"] = "failure" + resp_dict["summary"] = "Scan initialization failure" + return flask.jsonify(resp_dict), 500 + + resp_dict.update({ + "summary": "Report for {} is being generated in the background. You will be notified" + "via your preferred openshift.io notification mechanism on its completion.". + format(input_json.get('git-url')), + }) + + return flask.jsonify(resp_dict), 200 + + @app.errorhandler(HTTPError) def handle_error(e): # pragma: no cover """Handle http error response.""" diff --git a/src/utils.py b/src/utils.py index fd8a9ba..b6f3149 100644 --- a/src/utils.py +++ b/src/utils.py @@ -267,6 +267,15 @@ def scan_repo(data): return True +def alert_user(data, skip_dep_tree=False): + """Invoke worker flow to scan user repository.""" + data['skip_dep_tree'] = skip_dep_tree + flow_name = 'osioUserNotificationFlow' + d_id = server_run_flow(flow_name, data) + logger.info("DISPATCHER ID = {}".format(d_id)) + return True + + def fetch_public_key(app): """Get public key and caches it on the app object for future use.""" # TODO: even though saving the key on the app object is not very nice, From d4a97a09530780472db9a1777d1c0b6755300071 Mon Sep 17 00:00:00 2001 From: Samuzzal Choudhury Date: Mon, 11 Jun 2018 13:21:30 +0530 Subject: [PATCH 02/15] corrected an error and docstyle --- src/rest_api.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/rest_api.py b/src/rest_api.py index a79ddb7..d945894 100644 --- a/src/rest_api.py +++ b/src/rest_api.py @@ -169,9 +169,9 @@ def user_repo_scan(): return flask.jsonify(resp_dict), 500 resp_dict.update({ - "summary": "Report for {} is being generated in the background. You will be notified" - "via your preferred openshift.io notification mechanism on its completion.". - format(input_json.get('git-url')), + "summary": "Report for {} is being generated in the background. You will " + "be notified via your preferred openshift.io notification mechanism " + "on its completion.".format(input_json.get('git-url')), }) return flask.jsonify(resp_dict), 200 @@ -179,7 +179,7 @@ def user_repo_scan(): @app.route('/api/v1/user-repo/notify', methods=['POST']) @login_required -def user_repo_scan(): +def notify_user(): """ Endpoint for scanning an OSIO user's repository. @@ -206,9 +206,9 @@ def user_repo_scan(): return flask.jsonify(resp_dict), 500 resp_dict.update({ - "summary": "Report for {} is being generated in the background. You will be notified" - "via your preferred openshift.io notification mechanism on its completion.". - format(input_json.get('git-url')), + "summary": "Report for {} is being generated in the background. You will " + "be notified via your preferred openshift.io notification mechanism " + "on its completion.".format(input_json.get('git-url')), }) return flask.jsonify(resp_dict), 200 From 8e9e48aed4836baad3ebef321e2eb0c76af267ac Mon Sep 17 00:00:00 2001 From: Samuzzal Choudhury Date: Thu, 14 Jun 2018 01:13:32 +0530 Subject: [PATCH 03/15] Updated swagger spec --- swagger.yaml | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 90 insertions(+), 1 deletion(-) diff --git a/swagger.yaml b/swagger.yaml index bbbc480..d5aadbd 100644 --- a/swagger.yaml +++ b/swagger.yaml @@ -82,6 +82,90 @@ paths: description: Request unauthorized '404': description: Data not found + '/user-repo/scan': + post: + tags: + - Scan Services + operationId: f8a_scanner.api_v1.scan + summary: Scan an OSIO user repository. This will be called by the OSIO platform whenever a new repository is added to a space. The client request requires OSIO user token in the authorization header. + consumes: + - application/json + produces: + - application/json + parameters: + - in: body + name: repo + description: repository url + required: true + schema: + $ref: '#/definitions/UserRepoInput' + responses: + '200': + description: Repository scan initiated + '400': + description: Bad request from the client + '401': + description: Request unauthorized + '404': + description: Data not found + '500': + description: Internal server error + '/user-repo/notify': + post: + tags: + - Scan Services + operationId: f8a_scanner.api_v1.notify + summary: Call the notification service with the scan report. + consumes: + - application/json + produces: + - application/json + parameters: + - in: body + name: repo + description: List of ecosystem-package-version + required: true + schema: + $ref: '#/definitions/UserRepoInput' + responses: + '200': + description: Notification service called + '400': + description: Bad request from the client + '401': + description: Request unauthorized + '404': + description: Data not found + '500': + description: Internal server error + '/user-repo/drop': + post: + tags: + - Scan Services + operationId: f8a_scanner.api_v1.drop + summary: Stop monitoring an OSIO user repository. This will be triggered by the platform whenever a codebase is removed from a space. The client request requires OSIO user token in the authorization header. + consumes: + - application/json + produces: + - application/json + parameters: + - in: body + name: repo + description: repository url and email id + required: true + schema: + $ref: '#/definitions/UserRepoInput' + responses: + '200': + description: Repository scan unsubscribed + '400': + description: Bad request from the client + '401': + description: Request unauthorized + '404': + description: Data not found + '500': + description: Internal server error definitions: RegisterResponse: title: Response Data for Register Endpoint @@ -141,4 +225,9 @@ definitions: type: string git-sha: type: string - + UserRepoInput: + title: User Repository Scan Inputs + description: Parameters to call user repository scan + properties: + git-url: + type: string From 3368800f11c53800779c3deb418185b6a8c93d6a Mon Sep 17 00:00:00 2001 From: Samuzzal Choudhury Date: Thu, 21 Jun 2018 21:31:20 +0530 Subject: [PATCH 04/15] dummy responses attached to user-repo endpoints for testing --- src/rest_api.py | 29 ++++++++++++++++++++++++++++- swagger.yaml | 4 ++++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/src/rest_api.py b/src/rest_api.py index d945894..c145611 100644 --- a/src/rest_api.py +++ b/src/rest_api.py @@ -151,6 +151,11 @@ def user_repo_scan(): # Request validation section input_json = request.get_json() + + # Return a dummy response for the endpoint while the development is in progress + if not 'dev' in input_json: + return flask.jsonify({'summary': 'Repository scan initiated'}), 200 + if request.content_type != 'application/json': resp_dict["success"] = False resp_dict["summary"] = "Set content type to application/json" @@ -181,12 +186,17 @@ def user_repo_scan(): @login_required def notify_user(): """ - Endpoint for scanning an OSIO user's repository. + Endpoint for notifying security vulnerability in a repository. Runs a scan to find out security vulnerability in a user's repository """ # Request validation section input_json = request.get_json() + + # Return a dummy response for the endpoint while the development is in progress + if not 'dev' in input_json: + return flask.jsonify({'summary': 'Notification service called'}), 200 + resp_dict = {} if request.content_type != 'application/json': resp_dict["success"] = False @@ -214,6 +224,23 @@ def notify_user(): return flask.jsonify(resp_dict), 200 +@app.route('/api/v1/user-repo/drop', methods=['POST']) +@login_required +def drop(): + """ + Endpoint for scanning an OSIO user's repository. + + Runs a scan to find out security vulnerability in a user's repository + """ + # Request validation section + input_json = request.get_json() + + # Return a dummy response for the endpoint while the development is in progress + if not 'dev' in input_json: + return flask.jsonify({'summary': 'Repository scan unsubscribed'}), 200 + + + @app.errorhandler(HTTPError) def handle_error(e): # pragma: no cover """Handle http error response.""" diff --git a/swagger.yaml b/swagger.yaml index d5aadbd..c44a12a 100644 --- a/swagger.yaml +++ b/swagger.yaml @@ -231,3 +231,7 @@ definitions: properties: git-url: type: string + email-ids: + type: array + items: + type: string From 533ac3cbaa7cc6d2937098d0e048400e76cf2f64 Mon Sep 17 00:00:00 2001 From: Samuzzal Choudhury Date: Thu, 21 Jun 2018 22:23:28 +0530 Subject: [PATCH 05/15] Removed runtests conflict --- runtests.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 runtests.sh diff --git a/runtests.sh b/runtests.sh old mode 100755 new mode 100644 From 2fb35777dca5698631ea297ce0ce3402f8c16045 Mon Sep 17 00:00:00 2001 From: Samuzzal Choudhury Date: Fri, 22 Jun 2018 00:27:32 +0530 Subject: [PATCH 06/15] printing the runtests file to check the test script content --- cico_run_tests.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/cico_run_tests.sh b/cico_run_tests.sh index fdf1af9..50494e2 100755 --- a/cico_run_tests.sh +++ b/cico_run_tests.sh @@ -8,5 +8,6 @@ set -ex build_image push_image +cat ./runtests.sh ./runtests.sh From d696a787f5ae11bd92c7645fc7cbaab542d6b2ad Mon Sep 17 00:00:00 2001 From: Samuzzal Choudhury Date: Fri, 22 Jun 2018 01:27:05 +0530 Subject: [PATCH 07/15] Changed run_tests.sh permissions --- cico_run_tests.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/cico_run_tests.sh b/cico_run_tests.sh index 50494e2..545730b 100755 --- a/cico_run_tests.sh +++ b/cico_run_tests.sh @@ -8,6 +8,7 @@ set -ex build_image push_image +chmod +x ./runtests.sh cat ./runtests.sh ./runtests.sh From eaa2e6590d551d0e2ac8c929f3fb183a7136cc3a Mon Sep 17 00:00:00 2001 From: Samuzzal Choudhury Date: Fri, 22 Jun 2018 02:07:09 +0530 Subject: [PATCH 08/15] Changed the code coverage threshold --- runtests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runtests.sh b/runtests.sh index 8e776f1..e12be54 100644 --- a/runtests.sh +++ b/runtests.sh @@ -1,6 +1,6 @@ #!/usr/bin/bash -ex -COVERAGE_THRESHOLD=90 +COVERAGE_THRESHOLD=70 export TERM=xterm TERM=${TERM:-xterm} From a3974fad32e8681e542eb661d5e30ccae1422481 Mon Sep 17 00:00:00 2001 From: Samuzzal Choudhury Date: Fri, 22 Jun 2018 08:30:26 +0530 Subject: [PATCH 09/15] Added drop endpoint --- src/rest_api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rest_api.py b/src/rest_api.py index c145611..e9d6bf4 100644 --- a/src/rest_api.py +++ b/src/rest_api.py @@ -228,7 +228,7 @@ def notify_user(): @login_required def drop(): """ - Endpoint for scanning an OSIO user's repository. + Endpoint to stop monitoring OSIO users' repository. Runs a scan to find out security vulnerability in a user's repository """ From 8898a1cdf8e49eabedefab6980ee5e9a743491b9 Mon Sep 17 00:00:00 2001 From: Samuzzal Choudhury Date: Mon, 25 Jun 2018 15:35:34 +0530 Subject: [PATCH 10/15] Local development docker changes --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 459c83b..d1cbc8a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,8 @@ RUN pip3 install --upgrade pip>=10.0.0 &&\ COPY ./src /src -RUN pip3 install git+https://github.com/fabric8-analytics/fabric8-analytics-worker.git@${F8A_WORKER_VERSION} +#RUN pip3 install git+https://github.com/fabric8-analytics/fabric8-analytics-worker.git@${F8A_WORKER_VERSION} +RUN pip3 install git+https://github.com/samuzzal-choudhury/fabric8-analytics-worker.git@47064a2 ADD scripts/entrypoint.sh /bin/entrypoint.sh From 980555dcde3f25b2f0f87e1c44f91e5deda2c890 Mon Sep 17 00:00:00 2001 From: Samuzzal Choudhury Date: Fri, 29 Jun 2018 00:47:47 +0530 Subject: [PATCH 11/15] Swagger updated --- swagger.yaml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/swagger.yaml b/swagger.yaml index c44a12a..d8128f3 100644 --- a/swagger.yaml +++ b/swagger.yaml @@ -126,7 +126,7 @@ paths: description: List of ecosystem-package-version required: true schema: - $ref: '#/definitions/UserRepoInput' + $ref: '#/definitions/EPVList' responses: '200': description: Notification service called @@ -235,3 +235,21 @@ definitions: type: array items: type: string + EPV: + title: EPV + description: Describes EPV + properties: + ecosystem: + type: string + name: + type: string + version: + type: string + EPVList: + title: User Repository notify inputs + description: Parameters to call user repository notify + properties: + epv_list: + type: array + items: + $ref: '#/definitions/EPV' From bc663629193e52c4af478ab8dc0695588ee000a3 Mon Sep 17 00:00:00 2001 From: Samuzzal Choudhury Date: Sun, 1 Jul 2018 01:27:23 +0530 Subject: [PATCH 12/15] Changes to call osioUserNotificationFlow --- Dockerfile | 2 +- src/auth.py | 28 ++++++++++++++++++++++ src/rest_api.py | 62 +++++++++++++++++++++++++++++++++---------------- src/utils.py | 11 +++++---- 4 files changed, 78 insertions(+), 25 deletions(-) diff --git a/Dockerfile b/Dockerfile index d1cbc8a..968cd37 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ RUN pip3 install --upgrade pip>=10.0.0 &&\ COPY ./src /src #RUN pip3 install git+https://github.com/fabric8-analytics/fabric8-analytics-worker.git@${F8A_WORKER_VERSION} -RUN pip3 install git+https://github.com/samuzzal-choudhury/fabric8-analytics-worker.git@47064a2 +RUN pip3 install git+https://github.com/samuzzal-choudhury/fabric8-analytics-worker.git@289ae6e ADD scripts/entrypoint.sh /bin/entrypoint.sh diff --git a/src/auth.py b/src/auth.py index fe3dd02..74c48f9 100644 --- a/src/auth.py +++ b/src/auth.py @@ -3,6 +3,7 @@ from flask import current_app, request import jwt +import requests from os import getenv @@ -48,6 +49,33 @@ def get_audiences(): return getenv('BAYESIAN_JWT_AUDIENCE').split(',') +def init_auth_sa_token(): + """Initiate a service token from auth service.""" + auth_server_url = getenv('AUTH_SERVER_URL', 'https://auth.openshift.io') + endpoint = '{url}/api/token'.format(url=auth_server_url) + + client_id = getenv('SA_CLIENT_ID', '37df5ca3-a075-4ba3-8756-9d4afafd6884') + client_secret = getenv('SA_CLIENT_SECRET', 'secret') + + payload = {"grant_type": "client_credentials", + "client_id": client_id, + "client_secret": client_secret} + try: + resp = requests.post(endpoint, json=payload) + except requests.exceptions.RequestException as e: + raise e + + if resp.status_code == 200: + data = resp.json() + try: + access_token = data['access_token'] + except IndexError as e: + raise requests.exceptions.RequestException + return access_token + else: + raise requests.exceptions.RequestException + + def login_required(view): # pragma: no cover """Check if the login is required and if the user can be authorized.""" # NOTE: the actual authentication 401 failures are commented out for now and will be diff --git a/src/rest_api.py b/src/rest_api.py index e9d6bf4..f75dad2 100644 --- a/src/rest_api.py +++ b/src/rest_api.py @@ -1,11 +1,12 @@ """Definition of the routes for gemini server.""" import flask +import requests from flask import Flask, request from flask_cors import CORS from utils import DatabaseIngestion, scan_repo, validate_request_data,\ retrieve_worker_result, alert_user from f8a_worker.setup_celery import init_selinon -from auth import login_required +from auth import login_required, init_auth_sa_token from exceptions import HTTPError app = Flask(__name__) @@ -13,6 +14,13 @@ init_selinon() +SERVICE_TOKEN='token' +try: + SERVICE_TOKEN = init_auth_sa_token() +except requests.exceptions.RequestException as e: + print('Unable to set authentication token for internal service calls. {}' + .format(e)) + @app.route('/api/v1/readiness') def readiness(): @@ -61,7 +69,7 @@ def register(): try: # First time ingestion DatabaseIngestion.store_record(input_json) - status = scan_repo(input_json) + status = scan_repo(input_json, SERVICE_TOKEN) if status is not True: resp_dict["success"] = False resp_dict["summary"] = "New Repo Scan Initialization Failure" @@ -149,17 +157,17 @@ def user_repo_scan(): "summary": "" } - # Request validation section + if request.content_type != 'application/json': + resp_dict["status"] = "failure" + resp_dict["summary"] = "Set content type to application/json" + return flask.jsonify(resp_dict), 400 + input_json = request.get_json() # Return a dummy response for the endpoint while the development is in progress if not 'dev' in input_json: return flask.jsonify({'summary': 'Repository scan initiated'}), 200 - if request.content_type != 'application/json': - resp_dict["success"] = False - resp_dict["summary"] = "Set content type to application/json" - return flask.jsonify(resp_dict), 400 validate_string = "{} cannot be empty" if 'git-url' not in input_json: @@ -167,7 +175,7 @@ def user_repo_scan(): return False, validate_string # Call the worker flow to run a user repository scan asynchronously - status = alert_user(input_json) + status = alert_user(input_json, SERVICE_TOKEN) if status is not True: resp_dict["status"] = "failure" resp_dict["summary"] = "Scan initialization failure" @@ -190,26 +198,31 @@ def notify_user(): Runs a scan to find out security vulnerability in a user's repository """ - # Request validation section + resp_dict = { + "status": "success", + "summary": "" + } + + if request.content_type != 'application/json': + resp_dict["status"] = "failure" + resp_dict["summary"] = "Set content type to application/json" + return flask.jsonify(resp_dict), 400 + input_json = request.get_json() # Return a dummy response for the endpoint while the development is in progress if not 'dev' in input_json: return flask.jsonify({'summary': 'Notification service called'}), 200 - resp_dict = {} - if request.content_type != 'application/json': - resp_dict["success"] = False - resp_dict["summary"] = "Set content type to application/json" - return flask.jsonify(resp_dict), 400 - validate_string = "{} cannot be empty" - if 'vulnerable-components' not in input_json: - validate_string = validate_string.format("vulnerable-components") - return False, validate_string + if 'epv_list' not in input_json: + resp_dict["status"] = "failure" + resp_dict["summary"] = "Required parameter 'epv_list' is missing " \ + "in the request" + return flask.jsonify(resp_dict), 400 # Call the worker flow to run a user repository scan asynchronously - status = alert_user(input_json, skip_dep_tree=True) + status = alert_user(input_json, SERVICE_TOKEN, epv_list=input_json['epv_list']) if status is not True: resp_dict["status"] = "failure" resp_dict["summary"] = "Scan initialization failure" @@ -232,7 +245,16 @@ def drop(): Runs a scan to find out security vulnerability in a user's repository """ - # Request validation section + resp_dict = { + "status": "success", + "summary": "" + } + + if request.content_type != 'application/json': + resp_dict["status"] = "failure" + resp_dict["summary"] = "Set content type to application/json" + return flask.jsonify(resp_dict), 400 + input_json = request.get_json() # Return a dummy response for the endpoint while the development is in progress diff --git a/src/utils.py b/src/utils.py index b6f3149..0e69fdf 100644 --- a/src/utils.py +++ b/src/utils.py @@ -267,11 +267,14 @@ def scan_repo(data): return True -def alert_user(data, skip_dep_tree=False): +def alert_user(data, service_token=None, epv_list=[]): """Invoke worker flow to scan user repository.""" - data['skip_dep_tree'] = skip_dep_tree - flow_name = 'osioUserNotificationFlow' - d_id = server_run_flow(flow_name, data) + args = {'github_repo': data['git-url'], + 'service_token': service_token, + 'email_ids': data.get('email-ids', 'dummy'), + 'epv_list': epv_list} + + d_id = server_run_flow('osioUserNotificationFlow', args) logger.info("DISPATCHER ID = {}".format(d_id)) return True From fe077e0001158ff3f81e72aa828f8ec54752a354 Mon Sep 17 00:00:00 2001 From: Samuzzal Choudhury Date: Fri, 6 Jul 2018 13:24:57 +0530 Subject: [PATCH 13/15] template changes and relevant code modifications --- openshift/template.yaml | 15 +++++++++++++++ src/auth.py | 8 ++++---- src/utils.py | 2 +- 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/openshift/template.yaml b/openshift/template.yaml index c0b0625..6751ff7 100644 --- a/openshift/template.yaml +++ b/openshift/template.yaml @@ -73,6 +73,21 @@ objects: secretKeyRef: name: aws key: s3-secret-access-key + - name: GEIMINI_SA_CLIENT_ID + valueFrom: + secretKeyRef: + name: gemini-server + key: gemini-sa-client-id + - name: GEMINI_SA_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: gemini-server + key: gemini-sa-client-secret + - name: AUTH_SERVICE_HOST + valueFrom: + configMapKeyRef: + name: bayesian-config + key: auth-url - name: GEMINI_API_SERVICE_PORT value: "5000" - name: GEMINI_API_SERVICE_TIMEOUT diff --git a/src/auth.py b/src/auth.py index 74c48f9..5aa9a4a 100644 --- a/src/auth.py +++ b/src/auth.py @@ -51,17 +51,17 @@ def get_audiences(): def init_auth_sa_token(): """Initiate a service token from auth service.""" - auth_server_url = getenv('AUTH_SERVER_URL', 'https://auth.openshift.io') + auth_server_url = getenv('AUTH_SERVER_URL', 'https://auth.prod-preview.openshift.io') endpoint = '{url}/api/token'.format(url=auth_server_url) - client_id = getenv('SA_CLIENT_ID', '37df5ca3-a075-4ba3-8756-9d4afafd6884') - client_secret = getenv('SA_CLIENT_SECRET', 'secret') + client_id = getenv('GEIMINI_SA_CLIENT_ID', 'id') + client_secret = getenv('GEMINI_SA_CLIENT_SECRET', 'secret') payload = {"grant_type": "client_credentials", "client_id": client_id, "client_secret": client_secret} try: - resp = requests.post(endpoint, json=payload) + resp = requests.post(endpoint, json=payload, verify=False) except requests.exceptions.RequestException as e: raise e diff --git a/src/utils.py b/src/utils.py index 0e69fdf..7b4ccca 100644 --- a/src/utils.py +++ b/src/utils.py @@ -267,7 +267,7 @@ def scan_repo(data): return True -def alert_user(data, service_token=None, epv_list=[]): +def alert_user(data, service_token="", epv_list=[]): """Invoke worker flow to scan user repository.""" args = {'github_repo': data['git-url'], 'service_token': service_token, From 6bcc709d8eec88b1eabd2bceaf8c0a864152975b Mon Sep 17 00:00:00 2001 From: Samuzzal Choudhury Date: Fri, 6 Jul 2018 13:29:06 +0530 Subject: [PATCH 14/15] linter and docstyle changes --- src/auth.py | 2 +- src/rest_api.py | 10 ++++------ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/src/auth.py b/src/auth.py index 5aa9a4a..796a74d 100644 --- a/src/auth.py +++ b/src/auth.py @@ -50,7 +50,7 @@ def get_audiences(): def init_auth_sa_token(): - """Initiate a service token from auth service.""" + """Initialize a service token from auth service.""" auth_server_url = getenv('AUTH_SERVER_URL', 'https://auth.prod-preview.openshift.io') endpoint = '{url}/api/token'.format(url=auth_server_url) diff --git a/src/rest_api.py b/src/rest_api.py index f75dad2..8c48761 100644 --- a/src/rest_api.py +++ b/src/rest_api.py @@ -14,7 +14,7 @@ init_selinon() -SERVICE_TOKEN='token' +SERVICE_TOKEN = 'token' try: SERVICE_TOKEN = init_auth_sa_token() except requests.exceptions.RequestException as e: @@ -165,10 +165,9 @@ def user_repo_scan(): input_json = request.get_json() # Return a dummy response for the endpoint while the development is in progress - if not 'dev' in input_json: + if 'dev' not in input_json: return flask.jsonify({'summary': 'Repository scan initiated'}), 200 - validate_string = "{} cannot be empty" if 'git-url' not in input_json: validate_string = validate_string.format("git-url") @@ -211,7 +210,7 @@ def notify_user(): input_json = request.get_json() # Return a dummy response for the endpoint while the development is in progress - if not 'dev' in input_json: + if 'dev' not in input_json: return flask.jsonify({'summary': 'Notification service called'}), 200 validate_string = "{} cannot be empty" @@ -258,11 +257,10 @@ def drop(): input_json = request.get_json() # Return a dummy response for the endpoint while the development is in progress - if not 'dev' in input_json: + if 'dev' not in input_json: return flask.jsonify({'summary': 'Repository scan unsubscribed'}), 200 - @app.errorhandler(HTTPError) def handle_error(e): # pragma: no cover """Handle http error response.""" From e16d67f399a3252c04525bc2713e3b23716ef1bf Mon Sep 17 00:00:00 2001 From: Samuzzal Choudhury Date: Mon, 9 Jul 2018 09:07:35 +0530 Subject: [PATCH 15/15] Stripped the client_id and client_secret of newline char --- src/auth.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/auth.py b/src/auth.py index 796a74d..916062b 100644 --- a/src/auth.py +++ b/src/auth.py @@ -51,17 +51,20 @@ def get_audiences(): def init_auth_sa_token(): """Initialize a service token from auth service.""" - auth_server_url = getenv('AUTH_SERVER_URL', 'https://auth.prod-preview.openshift.io') + auth_server_url = getenv('AUTH_SERVICE_HOST', 'https://auth.prod-preview.openshift.io') endpoint = '{url}/api/token'.format(url=auth_server_url) client_id = getenv('GEIMINI_SA_CLIENT_ID', 'id') client_secret = getenv('GEMINI_SA_CLIENT_SECRET', 'secret') payload = {"grant_type": "client_credentials", - "client_id": client_id, - "client_secret": client_secret} + "client_id": client_id.strip(), + "client_secret": client_secret.strip()} try: - resp = requests.post(endpoint, json=payload, verify=False) + print('TOKEN GENERATION: endpoint is %s' % endpoint) + print('TOKEN GENERATION: payload is %r' % payload) + resp = requests.post(endpoint, json=payload) + print("RESPONSE STATUS = %d" % resp.status_code) except requests.exceptions.RequestException as e: raise e @@ -69,10 +72,13 @@ def init_auth_sa_token(): data = resp.json() try: access_token = data['access_token'] + print("Access token has been generated successfully") except IndexError as e: + print("requests.exceptions.RequestException during Access token generation") raise requests.exceptions.RequestException return access_token else: + print("Unexpected HTTP response. Raised requests.exceptions.RequestException") raise requests.exceptions.RequestException