Skip to content

Commit

Permalink
Fix Authentication issues introduced in 0.14.3, and other minor fixes (
Browse files Browse the repository at this point in the history 
…#256)

Revert 0.14.3 changes to Authentication handling which introduced basicAuth support but resulted in some NiFi connections appearing incorrectly as Anonymous
Added simpler basicAuth control to force it via a config switch without changing tokenAuth and other Authorization header behavior during normal usage
nipyapi.config.global_force_basic_auth is now available for use for this purpose
Secured Registry users will now require the authorization policy to retrieve the swagger so we may use it to validate which version of Registry is in use for feature enablement
Moved all Security controls in config.py to a common area at the foot of the file
Removed auth_type from security.service_login as it is now redundant
Added controls to handle certificate checking behavior which has become more strict in recently versions of Python3, ssl_verify and check_hostname are now handled
security.set_service_auth_token now has an explicit flag for ssl host checking as well
Fix oversight where improved model serialisation logic was not correctly applied to Registry
Removed unusused parameter refresh from parameters.update_parameter_context
Reduced unecessary complexity in utils.dump with no change in functionality
Updated client gen mustache templates to reflect refactored security and api client code
Minor linting and docstring and codestyle improvements
Set pyUp to ignore Watchdog as it must stay between versions to statisfy py2 and py3 compatibility
If Client is not instantiated, optimistically instantiate for version checking
  • Loading branch information
@Chaffelson
Chaffelson authored Jan 22, 2021
1 parent 9c880be commit 0687dbc
Show file tree
Hide file tree
Showing 55 changed files with 819 additions and 772 deletions.
64 changes: 38 additions & 26 deletions nipyapi/config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
from __future__ import absolute_import
import logging
import os
import ssl
import urllib3
from nipyapi.nifi import configuration as nifi_config
from nipyapi.registry import configuration as registry_config
Expand All @@ -34,32 +35,6 @@
# Set Default Host for NiFi-Registry
registry_config.host = 'http://' + default_host + ':18080/nifi-registry-api'


# Set Default Auth Types
# Set list to the Auth type you want to use
# Currently basicAuth trumps tokenAuth if both are enabled
default_auth = ['tokenAuth']
# NiFi valid options: ['tokenAuth', 'basicAuth']
# Registry valid options: ['tokenAuth', 'basicAuth', 'Authorization']
nifi_config.enabled_auth = default_auth # tokenAuth was default before 0.14.2


# Set SSL Handling
# When operating with self signed certs, your log can fill up with
# unnecessary warnings
# Set to True by default, change to false if necessary
global_ssl_verify = True

nifi_config.verify_ssl = global_ssl_verify
registry_config.verify_ssl = global_ssl_verify
if not global_ssl_verify:
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

if os.getenv('NIFI_CA_CERT') is not None:
nifi_config.ssl_ca_cert = os.getenv('NIFI_CA_CERT')
nifi_config.cert_file = os.getenv('NIFI_CLIENT_CERT')
nifi_config.key_file = os.getenv('NIFI_CLIENT_KEY')

# --- Project Root ------
# Is is helpful to have a reference to the root directory of the project
PROJECT_ROOT_DIR = os.path.abspath(os.path.dirname(__file__))
Expand Down Expand Up @@ -140,6 +115,43 @@
# If called for during policy setup, particularly bootstrap_policies
default_proxy_user = 'CN=localhost, OU=nifi'

# Auth handling
# If set, NiPyAPI will always include the Basic Authorization header
global_force_basic_auth = False
nifi_config.username = default_nifi_username
nifi_config.password = default_nifi_password
nifi_config.force_basic_auth = global_force_basic_auth
registry_config.username = default_registry_username
registry_config.password = default_registry_password
registry_config.force_basic_auth = global_force_basic_auth

# Set SSL Handling
# When operating with self signed certs, your log can fill up with
# unnecessary warnings
# Set to True by default, change to false if necessary
global_ssl_verify = True

nifi_config.verify_ssl = global_ssl_verify
registry_config.verify_ssl = global_ssl_verify
if not global_ssl_verify:
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

# Enforce no host checking when SSL context is disabled
global_ssl_host_check = False
if not global_ssl_host_check:
nifi_config.ssl_context = ssl.create_default_context()
nifi_config.ssl_context.check_hostname = False
nifi_config.ssl_context.verify_mode = ssl.CERT_NONE

registry_config.ssl_context = ssl.create_default_context()
registry_config.ssl_context.check_hostname = False
registry_config.ssl_context.verify_mode = ssl.CERT_NONE

if os.getenv('NIFI_CA_CERT') is not None:
nifi_config.ssl_ca_cert = os.getenv('NIFI_CA_CERT')
nifi_config.cert_file = os.getenv('NIFI_CLIENT_CERT')
nifi_config.key_file = os.getenv('NIFI_CLIENT_KEY')

# --- URL Encoding
# URL Encoding bypass characters will not be encoded during submission
default_safe_chars = ''
2 changes: 2 additions & 0 deletions nipyapi/nifi/api_client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -523,6 +523,8 @@ def update_params_for_auth(self, headers, querys, auth_settings):
raise ValueError(
'Authentication token must be in `query` or `header`'
)
if config.force_basic_auth:
headers['Authorization'] = config.get_basic_auth_token()

def __deserialize_file(self, response):
"""
Expand Down
32 changes: 16 additions & 16 deletions nipyapi/nifi/apis/access_api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ def create_access_token_with_http_info(self, **kwargs):
select_header_content_type(['application/x-www-form-urlencoded'])

# Authentication setting
auth_settings = ['tokenAuth', 'basicAuth']
auth_settings = ['tokenAuth']

return self.api_client.call_api('/access/token', 'POST',
path_params,
Expand Down Expand Up @@ -228,7 +228,7 @@ def create_access_token_from_ticket_with_http_info(self, **kwargs):
select_header_content_type(['text/plain'])

# Authentication setting
auth_settings = ['tokenAuth', 'basicAuth']
auth_settings = ['tokenAuth']

return self.api_client.call_api('/access/kerberos', 'POST',
path_params,
Expand Down Expand Up @@ -326,7 +326,7 @@ def create_download_token_with_http_info(self, **kwargs):
select_header_content_type(['application/x-www-form-urlencoded'])

# Authentication setting
auth_settings = ['tokenAuth', 'basicAuth']
auth_settings = ['tokenAuth']

return self.api_client.call_api('/access/download-token', 'POST',
path_params,
Expand Down Expand Up @@ -424,7 +424,7 @@ def create_ui_extension_token_with_http_info(self, **kwargs):
select_header_content_type(['application/x-www-form-urlencoded'])

# Authentication setting
auth_settings = ['tokenAuth', 'basicAuth']
auth_settings = ['tokenAuth']

return self.api_client.call_api('/access/ui-extension-token', 'POST',
path_params,
Expand Down Expand Up @@ -522,7 +522,7 @@ def get_access_status_with_http_info(self, **kwargs):
select_header_content_type(['*/*'])

# Authentication setting
auth_settings = ['tokenAuth', 'basicAuth']
auth_settings = ['tokenAuth']

return self.api_client.call_api('/access', 'GET',
path_params,
Expand All @@ -542,7 +542,7 @@ def get_access_status_with_http_info(self, **kwargs):
def get_login_config(self, **kwargs):
"""
Retrieves the access configuration for this NiFi
This method makes a synchronous HTTP request by default. To make an
asynchronous HTTP request, please define a `callback` function
to be invoked when receiving the response.
Expand All @@ -567,7 +567,7 @@ def get_login_config(self, **kwargs):
def get_login_config_with_http_info(self, **kwargs):
"""
Retrieves the access configuration for this NiFi
This method makes a synchronous HTTP request by default. To make an
asynchronous HTTP request, please define a `callback` function
to be invoked when receiving the response.
Expand Down Expand Up @@ -620,7 +620,7 @@ def get_login_config_with_http_info(self, **kwargs):
select_header_content_type(['*/*'])

# Authentication setting
auth_settings = ['tokenAuth', 'basicAuth']
auth_settings = ['tokenAuth']

return self.api_client.call_api('/access/config', 'GET',
path_params,
Expand Down Expand Up @@ -718,7 +718,7 @@ def knox_callback_with_http_info(self, **kwargs):
select_header_content_type(['*/*'])

# Authentication setting
auth_settings = ['tokenAuth', 'basicAuth']
auth_settings = ['tokenAuth']

return self.api_client.call_api('/access/knox/callback', 'GET',
path_params,
Expand Down Expand Up @@ -816,7 +816,7 @@ def knox_logout_with_http_info(self, **kwargs):
select_header_content_type(['*/*'])

# Authentication setting
auth_settings = ['tokenAuth', 'basicAuth']
auth_settings = ['tokenAuth']

return self.api_client.call_api('/access/knox/logout', 'GET',
path_params,
Expand Down Expand Up @@ -914,7 +914,7 @@ def knox_request_with_http_info(self, **kwargs):
select_header_content_type(['*/*'])

# Authentication setting
auth_settings = ['tokenAuth', 'basicAuth']
auth_settings = ['tokenAuth']

return self.api_client.call_api('/access/knox/request', 'GET',
path_params,
Expand Down Expand Up @@ -1012,7 +1012,7 @@ def log_out_with_http_info(self, **kwargs):
select_header_content_type(['*/*'])

# Authentication setting
auth_settings = ['tokenAuth', 'basicAuth']
auth_settings = ['tokenAuth']

return self.api_client.call_api('/access/logout', 'DELETE',
path_params,
Expand Down Expand Up @@ -1110,7 +1110,7 @@ def oidc_callback_with_http_info(self, **kwargs):
select_header_content_type(['*/*'])

# Authentication setting
auth_settings = ['tokenAuth', 'basicAuth']
auth_settings = ['tokenAuth']

return self.api_client.call_api('/access/oidc/callback', 'GET',
path_params,
Expand Down Expand Up @@ -1208,7 +1208,7 @@ def oidc_exchange_with_http_info(self, **kwargs):
select_header_content_type(['*/*'])

# Authentication setting
auth_settings = ['tokenAuth', 'basicAuth']
auth_settings = ['tokenAuth']

return self.api_client.call_api('/access/oidc/exchange', 'POST',
path_params,
Expand Down Expand Up @@ -1306,7 +1306,7 @@ def oidc_logout_with_http_info(self, **kwargs):
select_header_content_type(['*/*'])

# Authentication setting
auth_settings = ['tokenAuth', 'basicAuth']
auth_settings = ['tokenAuth']

return self.api_client.call_api('/access/oidc/logout', 'GET',
path_params,
Expand Down Expand Up @@ -1404,7 +1404,7 @@ def oidc_request_with_http_info(self, **kwargs):
select_header_content_type(['*/*'])

# Authentication setting
auth_settings = ['tokenAuth', 'basicAuth']
auth_settings = ['tokenAuth']

return self.api_client.call_api('/access/oidc/request', 'GET',
path_params,
Expand Down
18 changes: 9 additions & 9 deletions nipyapi/nifi/apis/connections_api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ def __init__(self, api_client=None):
def delete_connection(self, id, **kwargs):
"""
Deletes a connection
This method makes a synchronous HTTP request by default. To make an
asynchronous HTTP request, please define a `callback` function
to be invoked when receiving the response.
Expand Down Expand Up @@ -72,7 +72,7 @@ def delete_connection(self, id, **kwargs):
def delete_connection_with_http_info(self, id, **kwargs):
"""
Deletes a connection
This method makes a synchronous HTTP request by default. To make an
asynchronous HTTP request, please define a `callback` function
to be invoked when receiving the response.
Expand Down Expand Up @@ -141,7 +141,7 @@ def delete_connection_with_http_info(self, id, **kwargs):
select_header_content_type(['*/*'])

# Authentication setting
auth_settings = ['tokenAuth', 'basicAuth']
auth_settings = ['tokenAuth']

return self.api_client.call_api('/connections/{id}', 'DELETE',
path_params,
Expand All @@ -161,7 +161,7 @@ def delete_connection_with_http_info(self, id, **kwargs):
def get_connection(self, id, **kwargs):
"""
Gets a connection
This method makes a synchronous HTTP request by default. To make an
asynchronous HTTP request, please define a `callback` function
to be invoked when receiving the response.
Expand All @@ -187,7 +187,7 @@ def get_connection(self, id, **kwargs):
def get_connection_with_http_info(self, id, **kwargs):
"""
Gets a connection
This method makes a synchronous HTTP request by default. To make an
asynchronous HTTP request, please define a `callback` function
to be invoked when receiving the response.
Expand Down Expand Up @@ -247,7 +247,7 @@ def get_connection_with_http_info(self, id, **kwargs):
select_header_content_type(['*/*'])

# Authentication setting
auth_settings = ['tokenAuth', 'basicAuth']
auth_settings = ['tokenAuth']

return self.api_client.call_api('/connections/{id}', 'GET',
path_params,
Expand All @@ -267,7 +267,7 @@ def get_connection_with_http_info(self, id, **kwargs):
def update_connection(self, id, body, **kwargs):
"""
Updates a connection
This method makes a synchronous HTTP request by default. To make an
asynchronous HTTP request, please define a `callback` function
to be invoked when receiving the response.
Expand All @@ -294,7 +294,7 @@ def update_connection(self, id, body, **kwargs):
def update_connection_with_http_info(self, id, body, **kwargs):
"""
Updates a connection
This method makes a synchronous HTTP request by default. To make an
asynchronous HTTP request, please define a `callback` function
to be invoked when receiving the response.
Expand Down Expand Up @@ -360,7 +360,7 @@ def update_connection_with_http_info(self, id, body, **kwargs):
select_header_content_type(['application/json'])

# Authentication setting
auth_settings = ['tokenAuth', 'basicAuth']
auth_settings = ['tokenAuth']

return self.api_client.call_api('/connections/{id}', 'PUT',
path_params,
Expand Down
Loading

0 comments on commit 0687dbc

Please sign in to comment.