#!/usr/bin/env python3 # -*- coding: utf-8 -*- # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ######################################################################## # OPENAPI-URI: /api/node/tasks ######################################################################## # get: # responses: # '200': # content: # application/json: # schema: # $ref: '#/components/schemas/TaskList' # description: Node task list # default: # content: # application/json: # schema: # $ref: '#/components/schemas/Error' # description: unexpected error # summary: Returns a list of tasks assigned to a given node # ######################################################################## """ This is the node task list handler for Apache Warble """ import json import plugins.crypto import plugins.registry import plugins.tasks import base64 import time def run(API, environ, indata, session): method = environ['REQUEST_METHOD'] # Fetch list of tasks to perform if method == "GET": # Fetching tasks for a node? if session.client: if not session.client.verified: raise API.exception(403, "This client node has not been verified on master yet.") if not session.client.enabled: raise API.exception(444, "This client node has been disabled, no tasks will be sent.") # Get all tasks that are enabled tasks = plugins.tasks.all(session) tasklist = [] for task in tasks: if task.enabled: # Don't show tests that are not assigned to this node if 'nodes' in task.payload and session.client.id not in task.payload['nodes']: continue tasklist.append({ 'id': task.id, 'name': task.name, 'payload': task.payload }) # Register that the node contacted us - that counts as being alive session.client.lastping = int(time.time()) session.client.save() # This is the fun part! Because $design, we have to encrypt using the client's public key! # This way, only the _true_ client can decrypt it, and no snooping. plain = json.dumps({ 'tasks': tasklist }, indent = 2) crypted = plugins.crypto.encrypt(session.client.key, plain) cryptbase = base64.b64encode(crypted) yield cryptbase return # Or are we fetching tasks for a user? elif session.user: tasks = plugins.tasks.all(session) acl = plugins.tasks.cataccess(session) tasklist = [] for task in tasks: # Only show task if super user or ACL allows access canwrite = True if session.user['userlevel'] == 'superuser' or (task.category in acl and acl[task.id] > 1) else False canread = True if task.category in acl or session.user['userlevel'] == 'superuser' else False if canread: tasklist.append({ 'id': task.id, 'category': task.category, 'enabled': task.enabled, 'muted': task.muted, 'name': task.name, 'payload': task.payload if canwrite else None }) yield json.dumps({ 'tasks': tasklist }, indent = 2) return else: raise API.exception(499, "Unknown API Key passed by client") # Finally, if we hit a method we don't know, balk! yield API.exception(400, "I don't know this request method!!")