diff options
| author | Julia Kreger <juliaashleykreger@gmail.com> | 2019-11-01 13:55:54 -0700 |
|---|---|---|
| committer | Julia Kreger <juliaashleykreger@gmail.com> | 2020-03-12 10:35:17 -0700 |
| commit | af5f05a0ee6125d9f3c2a541ba164f768b47d2ea (patch) | |
| tree | 91abcdbf722e88c9f459628aa6104b1f7ee80484 /ironic_python_agent/api | |
| parent | 638cfc6b2e5c25c40a7c40763422ca514c62ccc7 (diff) | |
| download | ironic-python-agent-af5f05a0ee6125d9f3c2a541ba164f768b47d2ea.tar.gz | |
Agent token support
Adds support to the agent to receive, store, and return
that token to ironic's API, when supported.
This feature allows ironic and ultimately the agent to
authenticate interactions, when supported, to prevent
malicious abuse of the API endpoint.
Sem-Ver: feature
Change-Id: I6db9117a38be946b785e6f5e75ada1bfdff560ba
Diffstat (limited to 'ironic_python_agent/api')
| -rw-r--r-- | ironic_python_agent/api/app.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/ironic_python_agent/api/app.py b/ironic_python_agent/api/app.py index 03a7180d..28ed03b2 100644 --- a/ironic_python_agent/api/app.py +++ b/ironic_python_agent/api/app.py @@ -214,11 +214,13 @@ class Application(object): or not isinstance(body['params'], dict)): raise http_exc.BadRequest('Missing or invalid name or params') + token = request.args.get('agent_token', None) + if not self.agent.validate_agent_token(token): + raise http_exc.Unauthorized( + 'Token invalid.') with metrics_utils.get_metrics_logger(__name__).timer('run_command'): result = self.agent.execute_command(body['name'], **body['params']) wait = request.args.get('wait') - if wait and wait.lower() == 'true': result.join() - return jsonify(result) |