Michael Pasternak has uploaded a new change for review.
Change subject: sdk: support automatic auth session invalidation #1018559
......................................................................
sdk: support automatic auth session invalidation #1018559
Change-Id: Ibea9edd61b619888210400bc15f07b03a565c641
Signed-off-by: Michael pasternak <mpast...@redhat.com>
---
M src/codegen/templates/entrypointmethodstemplate
M src/codegen/templates/entrypointtemplate
M src/ovirtsdk/api.py
M src/ovirtsdk/web/connection.py
4 files changed, 44 insertions(+), 15 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine-sdk refs/changes/22/21822/1
diff --git a/src/codegen/templates/entrypointmethodstemplate
b/src/codegen/templates/entrypointmethodstemplate
index 7d99ea4..abac8a6 100644
--- a/src/codegen/templates/entrypointmethodstemplate
+++ b/src/codegen/templates/entrypointmethodstemplate
@@ -51,13 +51,23 @@
return True
raise DisconnectedError
- def set_filter(self, filter):
+ def set_filter(self, filter): # @ReservedAssignment
''' enables user permission based filtering '''
if filter != None:
context.manager[self.id].add(
'filter',
filter,
typ=types.BooleanType
+ )
+
+ def set_renew_sessioin(self, renew_sessioin):
+ ''' automatically renew expired authentication session '''
+ if renew_sessioin != None:
+ context.manager[self.id].add(
+ 'renew_sessioin',
+ renew_sessioin,
+ Mode.RW,
+ typ=types.BooleanType
)
def __set_session_timeout(self, session_timeout):
@@ -72,5 +82,5 @@
def __enter__(self):
return self
- def __exit__(self, type, value, tb):
+ def __exit__(self, type, value, tb): # @ReservedAssignment
self.disconnect()
\ No newline at end of file
diff --git a/src/codegen/templates/entrypointtemplate
b/src/codegen/templates/entrypointtemplate
index a0d7148..819290b 100644
--- a/src/codegen/templates/entrypointtemplate
+++ b/src/codegen/templates/entrypointtemplate
@@ -1,7 +1,7 @@
class API(object):
def __init__(self, url, username, password, key_file=None, cert_file=None,
ca_file=None, port=None, timeout=None, session_timeout=None,
persistent_auth=True,
- insecure=False, validate_cert_chain=True, filter=False,
debug=False):
+ renew_sessioin=False, insecure=False,
validate_cert_chain=True, filter=False, debug=False): # @ReservedAssignment
'''
@param url: server url (format "http/s://server[:port]/api")
@@ -13,10 +13,11 @@
[@param port: port to use (if not specified in url)]
[@param timeout: request timeout]
[@param session_timeout: authentication session timeout (if
persistent_auth is enabled)]
- [@param persistent_auth: enable persistent authentication (format
True|False)]
- [@param insecure: signals to not demand site trustworthiness for ssl
enabled connection (format True|False, default is False)]
- [@param validate_cert_chain: validate the server's certificate (format
True|False, default is True)]
- [@param filter: signals if user permission based filtering should be
turned on/off (format True|False)]
+ [@param persistent_auth: use persistent authentication (default is
True)]
+ [@param renew_sessioin: automatically renew expired authentication
session (default is False)]
+ [@param insecure: signals to not demand site trustworthiness for ssl
enabled connection (default is False)]
+ [@param validate_cert_chain: validate the server's CA certificate
(default is True)]
+ [@param filter: enables user-api filtering (default is False)]
[@param debug: debug (format True|False)]
@raise NoCertificatesError: raised when CA certificate is not provided
for SSL site (can be disabled using 'insecure=True' argument).
@@ -64,6 +65,9 @@
# Store filter to the context:
self.set_filter(filter)
+ # We need to remember if renew_sessioin is enabled:
+ self.set_renew_sessioin(renew_sessioin)
+
# Store session_timeout to the context:
self.__set_session_timeout(session_timeout)
diff --git a/src/ovirtsdk/api.py b/src/ovirtsdk/api.py
index c1dee98..caaa9a2 100644
--- a/src/ovirtsdk/api.py
+++ b/src/ovirtsdk/api.py
@@ -56,7 +56,7 @@
class API(object):
def __init__(self, url, username, password, key_file=None, cert_file=None,
ca_file=None, port=None, timeout=None, session_timeout=None,
persistent_auth=True,
- insecure=False, validate_cert_chain=True, filter=False,
debug=False):
+ renew_sessioin=False, insecure=False,
validate_cert_chain=True, filter=False, debug=False): # @ReservedAssignment
'''
@param url: server url (format "http/s://server[:port]/api")
@@ -68,10 +68,11 @@
[@param port: port to use (if not specified in url)]
[@param timeout: request timeout]
[@param session_timeout: authentication session timeout (if
persistent_auth is enabled)]
- [@param persistent_auth: enable persistent authentication (format
True|False)]
- [@param insecure: signals to not demand site trustworthiness for ssl
enabled connection (format True|False, default is False)]
- [@param validate_cert_chain: validate the server's certificate (format
True|False, default is True)]
- [@param filter: signals if user permission based filtering should be
turned on/off (format True|False)]
+ [@param persistent_auth: use persistent authentication (default is
True)]
+ [@param renew_sessioin: automatically renew expired authentication
session (default is False)]
+ [@param insecure: signals to not demand site trustworthiness for ssl
enabled connection (default is False)]
+ [@param validate_cert_chain: validate the server's CA certificate
(default is True)]
+ [@param filter: enables user-api filtering (default is False)]
[@param debug: debug (format True|False)]
@raise NoCertificatesError: raised when CA certificate is not provided
for SSL site (can be disabled using 'insecure=True' argument).
@@ -118,6 +119,9 @@
# Store filter to the context:
self.set_filter(filter)
+
+ # We need to remember if renew_sessioin is enabled:
+ self.set_renew_sessioin(renew_sessioin)
# Store session_timeout to the context:
self.__set_session_timeout(session_timeout)
@@ -227,13 +231,23 @@
return True
raise DisconnectedError
- def set_filter(self, filter):
+ def set_filter(self, filter): # @ReservedAssignment
''' enables user permission based filtering '''
if filter != None:
context.manager[self.id].add(
'filter',
filter,
typ=types.BooleanType
+ )
+
+ def set_renew_sessioin(self, renew_sessioin):
+ ''' automatically renew expired authentication session '''
+ if renew_sessioin != None:
+ context.manager[self.id].add(
+ 'renew_sessioin',
+ renew_sessioin,
+ Mode.RW,
+ typ=types.BooleanType
)
def __set_session_timeout(self, session_timeout):
@@ -248,7 +262,7 @@
def __enter__(self):
return self
- def __exit__(self, type, value, tb):
+ def __exit__(self, type, value, tb): # @ReservedAssignment
self.disconnect()
def get_comment(self):
diff --git a/src/ovirtsdk/web/connection.py b/src/ovirtsdk/web/connection.py
index 25b375e..0192924 100644
--- a/src/ovirtsdk/web/connection.py
+++ b/src/ovirtsdk/web/connection.py
@@ -72,9 +72,10 @@
headers = self.__headers.copy()
headers.update(self.__createDynamicHeaders())
+ renew_sessioin = context.manager[self.context].get('renew_sessioin')
# remove AUTH_HEADER
- if no_auth and headers.has_key(AUTH_HEADER):
+ if no_auth and not renew_sessioin and headers.has_key(AUTH_HEADER):
headers.pop(AUTH_HEADER)
return headers
--
To view, visit http://gerrit.ovirt.org/21822
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibea9edd61b619888210400bc15f07b03a565c641
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine-sdk
Gerrit-Branch: master
Gerrit-Owner: Michael Pasternak <mpast...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
