eventsapi: Add JWT signing support

New argument added to accept secret to generate JWT token. This patch does not affect the backward compatibility. Usage: gluster-eventsapi webhook-add <url> [-t <TOKEN>] \ [-s SECRET] With `--token` argument, Token header will be added as is. Authorization: Bearer <TOKEN> In case of shared secret, Gluster will generate JWT token using the secret and then add it to Authorization header. Authorization: Bearer <GENERATED_TOKEN> Secret/Token can be updated using `webhook-mod` command. Generated token will include the following payload, { "iss": "gluster", "exp": EXPIRY_TIME, "sub": EVENT_TYPE, "iat": EVENT_TIME } Where: iss - Issuer, exp - Expiry Time, sub - Event Type used as Subject, iat - Event Time used as Issue Time BUG: 1496363 Change-Id: Ib6b6fab23fb212d7f5e9bbc9e1416a9e9813ab1b Signed-off-by: Aravinda VK <avishwan@redhat.com>
author: Aravinda VK <avishwan@redhat.com> 2017-09-18 14:34:54 +0530
committer: Aravinda VK <avishwan@redhat.com> 2017-10-13 11:17:39 +0000
commit: add7116efa1f31e86f9c00c72c71872b1161370f (patch)
tree: 985b495eda9fd698d2eda1982c4013301bc6c4ef /events/src/peer_eventsapi.py
parent: 3dce15e10c263e8e071b26046568e0a171a3153d (diff)
1 files changed, 35 insertions, 5 deletions
diff --git a/events/src/peer_eventsapi.py b/events/src/peer_eventsapi.py
index 59808ada539..3a6a0eb4496 100644
--- a/events/src/peer_eventsapi.py
+++ b/events/src/peer_eventsapi.py
@@ -18,6 +18,7 @@ import fcntl
 from errno import EACCES, EAGAIN
 import signal
 import sys
+import time
 
 import requests
 from prettytable import PrettyTable
@@ -26,7 +27,7 @@ from gluster.cliutils import (Cmd, node_output_ok, node_output_notok,
                               sync_file_to_peers, GlusterCmdException,
                               output_error, execute_in_peers, runcli,
                               set_common_args_func)
-from events.utils import LockedOpen
+from events.utils import LockedOpen, get_jwt_token
 
 from events.eventsapiconf import (WEBHOOKS_FILE_TO_SYNC,
                                   WEBHOOKS_FILE,
@@ -307,6 +308,8 @@ class WebhookAddCmd(Cmd):
         parser.add_argument("url", help="URL of Webhook")
         parser.add_argument("--bearer_token", "-t", help="Bearer Token",
                             default="")
+        parser.add_argument("--secret", "-s",
+                            help="Secret to add JWT Bearer Token", default="")
 
     def run(self, args):
         create_webhooks_file_if_not_exists(args)
@@ -318,7 +321,8 @@ class WebhookAddCmd(Cmd):
                                     errcode=ERROR_WEBHOOK_ALREADY_EXISTS,
                                     json_output=args.json)
 
-            data[args.url] = args.bearer_token
+            data[args.url] = {"token": args.bearer_token,
+                              "secret": args.secret}
             file_content_overwrite(WEBHOOKS_FILE, data)
 
         sync_to_peers(args)
@@ -331,6 +335,8 @@ class WebhookModCmd(Cmd):
         parser.add_argument("url", help="URL of Webhook")
         parser.add_argument("--bearer_token", "-t", help="Bearer Token",
                             default="")
+        parser.add_argument("--secret", "-s",
+                            help="Secret to add JWT Bearer Token", default="")
 
     def run(self, args):
         create_webhooks_file_if_not_exists(args)
@@ -342,7 +348,16 @@ class WebhookModCmd(Cmd):
                                     errcode=ERROR_WEBHOOK_NOT_EXISTS,
                                     json_output=args.json)
 
-            data[args.url] = args.bearer_token
+            if isinstance(data[args.url], str) or \
+               isinstance(data[args.url], unicode):
+                data[args.url]["token"] = data[args.url]
+
+            if args.bearer_token != "":
+                data[args.url]["token"] = args.bearer_token
+
+            if args.secret != "":
+                data[args.url]["secret"] = args.secret
+
             file_content_overwrite(WEBHOOKS_FILE, data)
 
         sync_to_peers(args)
@@ -376,11 +391,19 @@ class NodeWebhookTestCmd(Cmd):
     def args(self, parser):
         parser.add_argument("url")
         parser.add_argument("bearer_token")
+        parser.add_argument("secret")
 
     def run(self, args):
         http_headers = {}
+        hashval = ""
         if args.bearer_token != ".":
-            http_headers["Authorization"] = "Bearer " + args.bearer_token
+            hashval = args.bearer_token
+
+        if args.secret != ".":
+            hashval = get_jwt_token(args.secret, "TEST", int(time.time()))
+
+        if hashval:
+            http_headers["Authorization"] = "Bearer " + hashval
 
         try:
             resp = requests.post(args.url, headers=http_headers)
@@ -401,16 +424,23 @@ class WebhookTestCmd(Cmd):
     def args(self, parser):
         parser.add_argument("url", help="URL of Webhook")
         parser.add_argument("--bearer_token", "-t", help="Bearer Token")
+        parser.add_argument("--secret", "-s",
+                            help="Secret to generate Bearer Token")
 
     def run(self, args):
         url = args.url
         bearer_token = args.bearer_token
+        secret = args.secret
+
         if not args.url:
             url = "."
         if not args.bearer_token:
             bearer_token = "."
+        if not args.secret:
+            secret = "."
 
-        out = execute_in_peers("node-webhook-test", [url, bearer_token])
+        out = execute_in_peers("node-webhook-test", [url, bearer_token,
+                                                     secret])
 
         if not args.json:
             table = PrettyTable(["NODE", "NODE STATUS", "WEBHOOK STATUS"])
author	Aravinda VK <avishwan@redhat.com>	2017-09-18 14:34:54 +0530
committer	Aravinda VK <avishwan@redhat.com>	2017-10-13 11:17:39 +0000
commit	add7116efa1f31e86f9c00c72c71872b1161370f (patch)
tree	985b495eda9fd698d2eda1982c4013301bc6c4ef /events/src/peer_eventsapi.py
parent	3dce15e10c263e8e071b26046568e0a171a3153d (diff)