npm - k2hr3-api - Versions diffs - 1.0.42 → 2.0.1 - Mend

k2hr3-api 1.0.42 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (149) hide show

package/config/k2hr3-init.sh.templ +4 -4
package/dist/.gitkeep +0 -0
package/dist/src/app.js +262 -0
package/{bin → dist/src/bin}/run.sh +1 -1
package/dist/src/bin/watcher.js +113 -0
package/dist/src/bin/www.js +217 -0
package/dist/src/lib/basicipcheck.js +392 -0
package/dist/src/lib/cacerts.js +106 -0
package/dist/src/lib/dbglogging.js +190 -0
package/dist/src/lib/dummyuserapi.js +719 -0
package/dist/src/lib/ipwatch.js +354 -0
package/dist/src/lib/k2hr3acrutil.js +532 -0
package/dist/src/lib/k2hr3apiutil.js +1444 -0
package/dist/src/lib/k2hr3cliutil.js +183 -0
package/dist/src/lib/k2hr3config.js +832 -0
package/dist/src/lib/k2hr3cryptutil.js +258 -0
package/dist/src/lib/k2hr3dkc.js +12121 -0
package/dist/src/lib/k2hr3extdata.js +198 -0
package/dist/src/lib/k2hr3keys.js +207 -0
package/dist/src/lib/k2hr3resutil.js +111 -0
package/dist/src/lib/k2hr3template.js +6546 -0
package/dist/src/lib/k2hr3tokens.js +2643 -0
package/dist/src/lib/k2hr3userdata.js +296 -0
package/dist/src/lib/k8soidc.js +1000 -0
package/dist/src/lib/openstackapiv2.js +695 -0
package/dist/src/lib/openstackapiv3.js +932 -0
package/dist/src/lib/openstackep.js +667 -0
package/{tests/auto_common.js → dist/src/lib/types.js} +4 -38
package/dist/src/routes/acr.js +704 -0
package/dist/src/routes/debugVerify.js +294 -0
package/dist/src/routes/extdata.js +219 -0
package/dist/src/routes/list.js +264 -0
package/dist/src/routes/policy.js +840 -0
package/dist/src/routes/resource.js +1489 -0
package/dist/src/routes/role.js +2627 -0
package/dist/src/routes/service.js +908 -0
package/dist/src/routes/tenant.js +1141 -0
package/dist/src/routes/userTokens.js +482 -0
package/dist/src/routes/userdata.js +212 -0
package/dist/src/routes/version.js +103 -0
package/package.json +152 -121
package/ChangeLog +0 -378
package/app.js +0 -292
package/bin/watcher +0 -122
package/bin/www +0 -180
package/eslint.config.mjs +0 -68
package/lib/basicipcheck.js +0 -376
package/lib/cacerts.js +0 -71
package/lib/dbglogging.js +0 -151
package/lib/dummyuserapi.js +0 -766
package/lib/ipwatch.js +0 -379
package/lib/k2hr3acrutil.js +0 -516
package/lib/k2hr3apiutil.js +0 -1494
package/lib/k2hr3cliutil.js +0 -191
package/lib/k2hr3config.js +0 -826
package/lib/k2hr3cryptutil.js +0 -254
package/lib/k2hr3dkc.js +0 -12632
package/lib/k2hr3extdata.js +0 -198
package/lib/k2hr3keys.js +0 -234
package/lib/k2hr3resutil.js +0 -100
package/lib/k2hr3template.js +0 -6925
package/lib/k2hr3tokens.js +0 -2799
package/lib/k2hr3userdata.js +0 -312
package/lib/k8soidc.js +0 -1012
package/lib/openstackapiv2.js +0 -764
package/lib/openstackapiv3.js +0 -1032
package/lib/openstackep.js +0 -553
package/routes/acr.js +0 -738
package/routes/debugVerify.js +0 -263
package/routes/extdata.js +0 -232
package/routes/list.js +0 -270
package/routes/policy.js +0 -869
package/routes/resource.js +0 -1441
package/routes/role.js +0 -2664
package/routes/service.js +0 -894
package/routes/tenant.js +0 -1095
package/routes/userTokens.js +0 -511
package/routes/userdata.js +0 -218
package/routes/version.js +0 -108
package/templ/Dockerfile.templ +0 -71
package/tests/auto_acr.js +0 -1101
package/tests/auto_acr_spec.js +0 -79
package/tests/auto_all_spec.js +0 -142
package/tests/auto_control_subprocess.sh +0 -243
package/tests/auto_extdata.js +0 -220
package/tests/auto_extdata_spec.js +0 -79
package/tests/auto_init_config_json.sh +0 -275
package/tests/auto_k2hdkc_server.ini +0 -109
package/tests/auto_k2hdkc_slave.ini +0 -83
package/tests/auto_list.js +0 -439
package/tests/auto_list_spec.js +0 -79
package/tests/auto_policy.js +0 -1579
package/tests/auto_policy_spec.js +0 -79
package/tests/auto_resource.js +0 -10956
package/tests/auto_resource_spec.js +0 -79
package/tests/auto_role.js +0 -6150
package/tests/auto_role_spec.js +0 -79
package/tests/auto_service.js +0 -770
package/tests/auto_service_spec.js +0 -79
package/tests/auto_subprocesses.js +0 -114
package/tests/auto_template.sh +0 -126
package/tests/auto_tenant.js +0 -1100
package/tests/auto_tenant_spec.js +0 -79
package/tests/auto_token_util.js +0 -219
package/tests/auto_userdata.js +0 -292
package/tests/auto_userdata_spec.js +0 -79
package/tests/auto_usertokens.js +0 -565
package/tests/auto_usertokens_spec.js +0 -79
package/tests/auto_version.js +0 -127
package/tests/auto_version_spec.js +0 -79
package/tests/auto_watcher.js +0 -157
package/tests/auto_watcher_spec.js +0 -79
package/tests/k2hdkc_test.data +0 -986
package/tests/k2hdkc_test_load.sh +0 -255
package/tests/k2hr3template_test.js +0 -187
package/tests/k2hr3template_test.sh +0 -339
package/tests/k2hr3template_test_async.js +0 -216
package/tests/k2hr3template_test_template.result +0 -7117
package/tests/k2hr3template_test_template.txt +0 -3608
package/tests/k2hr3template_test_vars.js +0 -194
package/tests/manual_acr_delete.js +0 -143
package/tests/manual_acr_get.js +0 -297
package/tests/manual_acr_postput.js +0 -215
package/tests/manual_allusertenant_get.js +0 -113
package/tests/manual_extdata_get.js +0 -191
package/tests/manual_k2hr3keys_get.js +0 -84
package/tests/manual_list_gethead.js +0 -230
package/tests/manual_policy_delete.js +0 -132
package/tests/manual_policy_gethead.js +0 -275
package/tests/manual_policy_postput.js +0 -297
package/tests/manual_resource_delete.js +0 -433
package/tests/manual_resource_gethead.js +0 -423
package/tests/manual_resource_postput.js +0 -487
package/tests/manual_role_delete.js +0 -404
package/tests/manual_role_gethead.js +0 -547
package/tests/manual_role_postput.js +0 -544
package/tests/manual_service_delete.js +0 -153
package/tests/manual_service_gethead.js +0 -178
package/tests/manual_service_postput.js +0 -348
package/tests/manual_tenant_delete.js +0 -186
package/tests/manual_tenant_gethead.js +0 -268
package/tests/manual_tenant_postput.js +0 -293
package/tests/manual_test.sh +0 -352
package/tests/manual_userdata_get.js +0 -173
package/tests/manual_usertoken_gethead.js +0 -136
package/tests/manual_usertoken_postput.js +0 -310
package/tests/manual_version_get.js +0 -127
package/tests/run_local_test_k2hdkc.sh +0 -174
package/tests/test.sh +0 -333

package/routes/userTokens.js DELETED Viewed

@@ -1,511 +0,0 @@
-/*
- * K2HR3 REST API
- *
- * Copyright 2017 Yahoo Japan Corporation.
- *
- * K2HR3 is K2hdkc based Resource and Roles and policy Rules, gathers
- * common management information for the cloud.
- * K2HR3 can dynamically manage information as "who", "what", "operate".
- * These are stored as roles, resources, policies in K2hdkc, and the
- * client system can dynamically read and modify these information.
- *
- * For the full copyright and license information, please view
- * the license file that was distributed with this source code.
- *
- * AUTHOR:   Takeshi Nakatani
- * CREATE:   Wed Jun 8 2017
- * REVISION:
- *
- */
-'use strict';
-var express	= require('express');
-var router	= express.Router();
-var	r3token	= require('../lib/k2hr3tokens');
-var	apiutil	= require('../lib/k2hr3apiutil');
-var	resutil	= require('../lib/k2hr3resutil');
-// Debug logging objects
-var r3logger	= require('../lib/dbglogging');
-//
-// Common utility function
-//
-function rawCommonGetUserToken(req, res, unscopedToken, otherToken, username, passwd, tenant)
-{
-	// arguments
-	var	_req			= req;
-	var	_res			= res;
-	var	_unscopedToken	= apiutil.getSafeString(unscopedToken);
-	var	_otherToken		= apiutil.getSafeString(otherToken);
-	var	_username		= apiutil.getSafeString(username);
-	var	_passwd			= apiutil.getSafeString(passwd);
-	var	_tenant			= apiutil.getSafeString(tenant);
-	var	error;
-	if(!apiutil.isSafeString(_unscopedToken) && !apiutil.isSafeString(_otherToken)){
-		//
-		// Get token from User Credentials
-		//
-		if(!apiutil.isSafeString(username)){
-			error = {
-				result: 	false,
-				message:	'Some parameter(user name or unscoped token) is wrong.'
-			};
-			r3logger.elog(error.message);
-			resutil.errResponse(req, res, 400, error);				// 400: Bad Request
-			return;
-		}
-		r3token.getUserToken(_username, _passwd, _tenant, function(err, token)
-		{
-			if(null !== err){
-				var	error = {
-					result: 	false,
-					message:	'could not get scoped user token for user=' + _username + ', tenant=' + _tenant + ' by ' + err.message
-				};
-				r3logger.elog(error.message);
-				resutil.errResponse(_req, _res, 404, error);		// 404: Not Found
-				return;
-			}
-			r3logger.dlog('get user token jsonres = ' + JSON.stringify(token));
-			var	result = {	result:		true,
-				message:	'succeed',
-				scoped:		apiutil.isSafeString(_tenant),
-				token:		token
-			};
-			_res.status(201);										// 201: Created
-			_res.send(JSON.stringify(result));
-		});
-	}else if(apiutil.isSafeString(_unscopedToken)){
-		//
-		// Get Scoped token from Unscoped token
-		//
-		if(!apiutil.isSafeString(username)){
-			error = {
-				result: 	false,
-				message:	'Some parameter(user name or unscoped token) is wrong.'
-			};
-			r3logger.elog(error.message);
-			resutil.errResponse(req, res, 400, error);				// 400: Bad Request
-			return;
-		}
-		r3token.getScopedUserToken(_unscopedToken, _username, _tenant, function(err, token)
-		{
-			if(null !== err){
-				var	error = {
-					result: 	false,
-					message:	'could not get scoped user token for user=' + _username + ', tenant=' + _tenant + ' by ' + err.message
-				};
-				r3logger.elog(error.message);
-				resutil.errResponse(_req, _res, 404, error);		// 404: Not Found
-				return;
-			}
-			r3logger.dlog('get user token jsonres = ' + JSON.stringify(token));
-			var	result = {
-				result:		true,
-				message:	'succeed',
-				scoped:		apiutil.isSafeString(_tenant),
-				token:		token
-			};
-			_res.status(201);										// 201: Created
-			_res.send(JSON.stringify(result));
-		});
-	}else if(apiutil.isSafeString(_otherToken)){
-		//
-		// Get Scoped/Unscoped token from other token
-		//
-		r3token.getUserTokenByToken(_otherToken, _tenant, function(err, token)
-		{
-			if(null !== err){
-				var	error = {
-					result: 	false,
-					message:	'could not get scoped user token for other token, tenant=' + _tenant + ' by ' + err.message
-				};
-				r3logger.elog(error.message);
-				resutil.errResponse(_req, _res, 404, error);		// 404: Not Found
-				return;
-			}
-			r3logger.dlog('get user token jsonres = ' + JSON.stringify(token));
-			var	result = {
-				result:		true,
-				message:	'succeed',
-				scoped:		apiutil.isSafeString(_tenant),
-				token:		token
-			};
-			_res.status(201);										// 201: Created
-			_res.send(JSON.stringify(result));
-		});
-	}
-}
-//
-// Common utility function
-//
-function rawGetUnscopedUserToken(req)
-{
-	// check unscoped token in request
-	var	resobj = r3token.checkToken(req, false, true);
-	if(!resobj.result){
-		return resobj;
-	}
-	if(	!apiutil.isSafeString(resobj.token)						||
-		!apiutil.compareCaseString('user', resobj.token_type)	||
-		!apiutil.isSafeEntity(resobj.token_info)				||
-		!apiutil.isSafeString(resobj.token_info.user)			||
-		false !== resobj.token_info.scoped						)
-	{
-		return {
-			result: 	false,
-			status:		400,						// 400: Bad Request
-			message:	'could not get unscoped user token in request.'
-		};
-	}
-	return {
-		result: 	true,
-		status:		200,
-		message:	null,
-		token:		resobj.token,
-		username:	resobj.token_info.user
-	};
-}
-// Mountpath				: '/v1/user/tokens'
-// POST '/v1/user/tokens'	: post(create) user token on version 1
-// response body			: result	=> true/false
-//							  message	=> messages
-//							  scoped	=> true/false
-//							  token		=> token(unscoped or scoped)
-//
-router.post('/', function(req, res, next)						// eslint-disable-line no-unused-vars
-{
-	r3logger.dlog('CALL:', req.method, req.url);
-	res.type('application/json; charset=utf-8');
-	var	error;
-	if(	!apiutil.isSafeEntity(req) ||
-		!apiutil.isSafeEntity(req.body) )
-	{
-		error = {
-			result: 	false,
-			message:	'POST body does not have auth key'
-		};
-		r3logger.elog(error.message);
-		resutil.errResponse(req, res, 400, error);				// 400: Bad Request
-		return;
-	}
-	// arguments
-	var	tenant			= apiutil.isSafeEntity(req.body.auth) ? apiutil.getSafeString(req.body.auth.tenantName) : null;
-	var	unscopedtoken	= null;
-	var	otherToken		= null;
-	var	username		= null;
-	var	passwd			= null;
-	if(!apiutil.isSafeEntity(req.body.auth) || !apiutil.isSafeEntity(req.body.auth.passwordCredentials)){
-		//
-		// Token is required if no user credentials are specified.
-		//
-		// [NOTE]
-		// There are two cases in this case:
-		// (1) Specify the UnscopedToken registered in k2hr3 to get the ScopedToken(must specify the tenant name)
-		// (2) Specify a token other than k2hr3 (OpenStack, etc.) and perform Unauthenticated Token after user authentication.
-		//     In this case, if tenant is specified, ScopedToken can be obtained directly.
-		//
-		// get unscoped token
-		var	resobj = rawGetUnscopedUserToken(req);
-		if(resobj.result){
-			//
-			// (1) case of unscoped token registered in k2hr3
-			//
-			if(!apiutil.isSafeEntity(req.body.auth) || !apiutil.isSafeString(req.body.auth.tenantName)){
-				error = {
-					result: 	false,
-					message:	'POST body does not have tenant name(or user credentials)'
-				};
-				r3logger.elog(error.message);
-				resutil.errResponse(req, res, 400, error);				// 400: Bad Request
-				return;
-			}
-			username		= resobj.username;
-			unscopedtoken	= resobj.token;
-		}else{
-			//
-			// (2) get (un)scoped token from other a token other than k2hr3(OpenStack, etc.)
-			//
-			otherToken = r3token.getAuthTokenHeader(req, false);
-			if(!apiutil.isSafeString(otherToken)){
-				error = {
-					result: 	false,
-					message:	resobj.message
-				};
-				r3logger.elog(resobj.message);
-				resutil.errResponse(req, res, resobj.status, error);	// 40X
-				return;
-			}
-		}
-	}else{
-		//
-		// case of user credentials
-		//
-		username	= apiutil.getSafeString(req.body.auth.passwordCredentials.username);
-		passwd		= apiutil.getSafeString(req.body.auth.passwordCredentials.password);	// password is allowed empty, it depends on the authentication system.
-	}
-	return rawCommonGetUserToken(req, res, unscopedtoken, otherToken, username, passwd, tenant);
-});
-// Mountpath				: '/v1/user/tokens'
-// PUT '/v1/user/tokens'	: put(create) user token on version 1
-// response body			: result	=> true/false
-//							  message	=> messages
-//							  scoped	=> true/false
-//							  token		=> token(unscoped or scoped)
-//
-router.put('/', function(req, res, next)						// eslint-disable-line no-unused-vars
-{
-	r3logger.dlog('CALL:', req.method, req.url);
-	res.type('application/json; charset=utf-8');
-	var	error;
-	if(	!apiutil.isSafeEntity(req) ||
-		!apiutil.isSafeEntity(req.query) )
-	{
-		error = {
-			result: 	false,
-			message:	'PUT argument does not have any data'
-		};
-		r3logger.elog(error.message);
-		resutil.errResponse(req, res, 400, error);				// 400: Bad Request
-		return;
-	}
-	// arguments
-	var	tenant			= apiutil.getSafeString(req.query.tenantname);
-	var	unscopedtoken	= null;
-	var	otherToken		= null;
-	var	username		= null;
-	var	passwd			= null;
-	if(!apiutil.isSafeString(req.query.username)){
-		//
-		// Token is required if no user credentials are specified.
-		//
-		// [NOTE]
-		// There are two cases in this case:
-		// (1) Specify the UnscopedToken registered in k2hr3 to get the ScopedToken(must specify the tenant name)
-		// (2) Specify a token other than k2hr3 (OpenStack, etc.) and perform Unauthenticated Token after user authentication.
-		//     In this case, if tenant is specified, ScopedToken can be obtained directly.
-		//
-		// get unscoped token
-		var	resobj = rawGetUnscopedUserToken(req);
-		if(resobj.result){
-			//
-			// (1) case of unscoped token registered in k2hr3
-			//
-			if(!apiutil.isSafeString(req.query.tenantname)){
-				error = {
-					result: 	false,
-					message:	'POST body does not have tenant name(or user credentials)'
-				};
-				r3logger.elog(error.message);
-				resutil.errResponse(req, res, 400, error);			// 400: Bad Request
-				return;
-			}
-			username		= resobj.username;
-			unscopedtoken	= resobj.token;
-		}else{
-			//
-			// (2) get (un)scoped token from other a token other than k2hr3(OpenStack, etc.)
-			//
-			otherToken = r3token.getAuthTokenHeader(req, false);
-			if(!apiutil.isSafeString(otherToken)){
-				error = {
-					result: 	false,
-					message:	resobj.message
-				};
-				r3logger.elog(resobj.message);
-				resutil.errResponse(req, res, resobj.status, error);	// 40X
-				return;
-			}
-		}
-	}else{
-		//
-		// case of user credentials
-		//
-		username	= apiutil.getSafeString(req.query.username);
-		passwd		= apiutil.isSafeEntity(req.query.password) ? decodeURIComponent(apiutil.getSafeString(req.query.password)) : null;	// password is allowed empty, it depends on the authentication system.
-	}
-	return rawCommonGetUserToken(req, res, unscopedtoken, otherToken, username, passwd, tenant);
-});
-//
-// Mountpath				: '/v1/user/tokens'
-//
-// GET '/v1/user/tokens'	: get user token on version 1
-// response body			: result	=> true/false
-//							  message	=> messages
-//							  scoped	=> true/false
-//							  user		=> user name
-//							  tenants	=>	[
-//												{
-//													name:			"tenant name"
-//													display:		"display name"
-//													id:				"tenant id"
-//													description:	"tenant description"
-//												},
-//												...
-//											]
-//
-// [NOTE]
-// If token is scoped, tenants array has only 1 element.
-// Which element has name and display member, but display is as same as name.
-// It is not real display name, because we take a cost getting it from APIs.
-//
-router.get('/', function(req, res, next)
-{
-	r3logger.dlog('CALL:', req.method, req.url);
-	if('HEAD' === req.method){
-		// HEAD request comes here, so it should be routed to head function.
-		next();
-		return;
-	}
-	var	_res = res;
-	var	_req = req;
-	var	result;
-	_res.type('application/json; charset=utf-8');
-	//------------------------------
-	// get token
-	//------------------------------
-	var	token_result = r3token.checkToken(_req, false, true);	// not scope check, user token
-	if(!token_result.result){
-		r3logger.elog(token_result.message);
-		var	_status = token_result.status;
-		delete token_result.status;
-		resutil.errResponse(_req, _res, _status, token_result);
-		return;
-	}
-	var	token_info = token_result.token_info;
-	// build response body
-	if(token_info.scoped){
-		// scoped token
-		result = {
-			result:				true,
-			message:			'succeed',
-			scoped:				true,
-			user:				token_info.user,
-			tenants: [
-				{
-					name:			token_info.tenant,
-					display:		token_info.display,
-					id:				token_info.id,
-					description:	token_info.description
-				}
-			]
-		};
-		_res.status(200);										// 200: OK
-		_res.send(JSON.stringify(result));
-	}else{
-		// check and initialize tenant list
-		r3token.initializeTenantList(token_result.token, token_info.user, function(error, tenant_list)
-		{
-			if(null !== error){
-				var	result = {
-					result: 	false,
-					message:	'failed to get tenant list for user (' + token_info.user + ') by unscoped token(' + token_result.token + ')'
-				};
-				r3logger.elog(result.message);
-				resutil.errResponse(_req, _res, 404, result);	// 404: Not Found
-				return;
-			}
-			// reget tenant list
-			tenant_list = r3token.getTenantList(token_info.user);
-			if(null === tenant_list || apiutil.isEmptyArray(tenant_list)){
-				result = {
-					result: 	false,
-					message:	'token(' + token_result.token + ') for user (' + token_info.user + ') does not have any tenant.'
-				};
-				r3logger.elog(result.message);
-				resutil.errResponse(_req, _res, 404, result);	// 404: Not Found
-				return;
-			}
-			result = {
-				result:		true,
-				message:	'succeed',
-				scoped:		false,
-				user:		token_info.user,
-				tenants:	tenant_list
-			};
-			_res.status(200);									// 200: OK
-			_res.send(JSON.stringify(result));
-		});
-	}
-});
-// Mountpath				: '/v1/user/tokens'
-// HEAD '/v1/user/tokens'	: check user token on version 1
-// response body			: no
-//
-router.head('/', function(req, res, next)						// eslint-disable-line no-unused-vars
-{
-	r3logger.dlog('CALL:', req.method, req.url);
-	var	_res = res;
-	var	_req = req;
-	_res.type('application/json; charset=utf-8');
-	//------------------------------
-	// get token
-	//------------------------------
-	var	token_result = r3token.checkToken(_req, false, true);	// not scope check, user token
-	if(!token_result.result){
-		r3logger.elog(token_result.message);
-		resutil.errResponse(_req, _res, token_result.status);
-		return;
-	}
-	var	token_info = token_result.token_info;
-	// token is not expired and it is safe.
-	r3logger.mlog(r3logger.dump(token_info));
-	_res.status(204);											// 204:	No Content
-	_res.send();
-});
-module.exports = router;
-/*
- * Local variables:
- * tab-width: 4
- * c-basic-offset: 4
- * End:
- * vim600: noexpandtab sw=4 ts=4 fdm=marker
- * vim<600: noexpandtab sw=4 ts=4
- */