-
Notifications
You must be signed in to change notification settings - Fork 77
/
Copy pathadmin.py
142 lines (131 loc) · 4.54 KB
/
admin.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
import boto3
import json
import os
import psycopg2
import psycopg2.extras
from multidict import MultiDict
from aiohttp import web
from botocore.client import Config
from services.data.postgres_async_db import AsyncPostgresDB
from services.utils import (
get_traceback_str
)
from services.metadata_service.api.utils import METADATA_SERVICE_VERSION, \
METADATA_SERVICE_HEADER, web_response
class AuthApi(object):
def __init__(self, app):
app.router.add_route("GET", "/auth/token",
self.get_authorization_token)
app.router.add_route("GET", "/ping", self.ping)
app.router.add_route("GET", "/version", self.version)
app.router.add_route("GET", "/healthcheck", self.healthcheck)
async def version(self, request):
"""
---
description: Returns the version of the metadata service
tags:
- Admin
produces:
- 'text/plain'
responses:
"200":
description: successful operation. Return the version number
"405":
description: invalid HTTP Method
"""
return web.Response(text=str(METADATA_SERVICE_VERSION))
async def ping(self, request):
"""
---
description: This end-point allow to test that service is up.
tags:
- Admin
produces:
- 'text/plain'
responses:
"202":
description: successful operation. Return "pong" text
"405":
description: invalid HTTP Method
"""
return web.Response(text="pong", headers=MultiDict(
{METADATA_SERVICE_HEADER: METADATA_SERVICE_VERSION}))
async def healthcheck(self, request):
"""
---
description: This end-point allow to test that service is up and
connected to the db
tags:
- Admin
produces:
- 'application/json'
responses:
"202":
description: successful operation.
"405":
description: invalid HTTP Method
"500":
description: unable to connect to DB, this node is not
considered healthy and shouldn't receive traffic
"""
status = {}
status_code = 200
with (
await AsyncPostgresDB.get_instance().pool.cursor(
cursor_factory=psycopg2.extras.DictCursor
)
) as cur:
await cur.execute("SELECT 1")
records = await cur.fetchall()
if len(records) > 0:
status["status"] = "UP"
else:
status["status"] = "DOWN"
status_code = 500
cur.close()
return web_response(status=status_code, body=json.dumps(status))
async def get_authorization_token(self, request):
"""
---
description: this is used exclusively for sandbox auth
tags:
- Auth
produces:
- text/plain
responses:
"200":
description: successfully returned certs
"403":
description: no token for you
"405":
description: invalid HTTP Method
"500":
description: internal server error
"""
try:
role_arn = os.environ.get("MF_USER_IAM_ROLE")
region_name = os.environ.get("MF_REGION", "us-west-2")
endpoint_url = os.environ.get(
"MF_STS_ENDPOINT", "https://sts.us-west-2.amazonaws.com"
)
config = Config(connect_timeout=1, read_timeout=1)
sts_connection = boto3.client(
"sts", config=config, region_name=region_name, endpoint_url=endpoint_url
)
assumed_role = sts_connection.assume_role(
RoleArn=role_arn, RoleSessionName="acct_role"
)
credentials = {}
credentials["aws_access_key_id"] = assumed_role["Credentials"][
"AccessKeyId"
]
credentials["aws_secret_access_key"] = assumed_role["Credentials"][
"SecretAccessKey"
]
credentials["aws_session_token"] = assumed_role["Credentials"][
"SessionToken"
]
return web.Response(status=200, body=json.dumps(credentials))
except Exception as ex:
body = {"err_msg": str(ex), "traceback": get_traceback_str()}
return web.Response(status=500, body=json.dumps(body))