introduce a new API for generating licenses from candlepin creds

2026-01-11 18:09:57 -03:30 · 2019-08-30 14:38:57 -04:00 · 2019-08-30 14:38:57 -04:00 · 29fd399b06
commit 29fd399b06
parent 04f458c007
3 changed files with 46 additions and 29 deletions
--- a/awx/api/urls/urls.py
+++ b/awx/api/urls/urls.py
@ -14,6 +14,7 @@ from awx.api.views import (
    ApiV2RootView,
    ApiV2PingView,
    ApiV2ConfigView,
+    ApiV2SubscriptionView,
    AuthView,
    UserMeList,
    DashboardView,
@ -94,6 +95,7 @@ v2_urls = [
    url(r'^metrics/$', MetricsView.as_view(), name='metrics_view'),
    url(r'^ping/$', ApiV2PingView.as_view(), name='api_v2_ping_view'),
    url(r'^config/$', ApiV2ConfigView.as_view(), name='api_v2_config_view'),
+    url(r'^config/subscriptions/$', ApiV2SubscriptionView.as_view(), name='api_v2_subscription_view'),
    url(r'^auth/$', AuthView.as_view()),
    url(r'^me/$', UserMeList.as_view(), name='user_me_list'),
    url(r'^dashboard/$', DashboardView.as_view(), name='dashboard_view'),
--- a/awx/api/views/init.py
+++ b/awx/api/views/init.py
@ -147,6 +147,7 @@ from awx.api.views.root import ( # noqa
    ApiV2RootView,
    ApiV2PingView,
    ApiV2ConfigView,
+    ApiV2SubscriptionView,
 )


--- a/awx/api/views/root.py
+++ b/awx/api/views/root.py
@ -171,6 +171,45 @@ class ApiV2PingView(APIView):
        return Response(response)


+class ApiV2SubscriptionView(APIView):
+
+    permission_classes = (IsAuthenticated,)
+    name = _('Configuration')
+    swagger_topic = 'System Configuration'
+
+    def check_permissions(self, request):
+        super(ApiV2SubscriptionView, self).check_permissions(request)
+        if not request.user.is_superuser and request.method.lower() not in {'options', 'head'}:
+            self.permission_denied(request)  # Raises PermissionDenied exception.
+
+    def post(self, request):
+        from awx.main.utils.common import get_licenser
+        data = request.data.copy()
+        if data.get('rh_password') == '$encrypted$':
+            data['rh_password'] = settings.REDHAT_PASSWORD
+        try:
+            user, pw = data.get('rh_username'), data.get('rh_password')
+            validated = get_licenser().validate_rh(user, pw)
+            if user:
+                settings.REDHAT_USERNAME = data['rh_username']
+            if pw:
+                settings.REDHAT_PASSWORD = data['rh_password']
+        except Exception as exc:
+            msg = _("Invalid License")
+            if (
+                isinstance(exc, requests.exceptions.HTTPError) and
+                getattr(getattr(exc, 'response', None), 'status_code', None) == 401
+            ):
+                msg = _("The provided credentials are invalid (HTTP 401).")
+            if isinstance(exc, ValueError) and exc.args:
+                msg = exc.args[0]
+            logger.exception(smart_text(u"Invalid license submitted."),
+                             extra=dict(actor=request.user.username))
+            return Response({"error": msg}, status=status.HTTP_400_BAD_REQUEST)
+
+        return Response(validated)
+
+
 class ApiV2ConfigView(APIView):

    permission_classes = (IsAuthenticated,)
@ -250,39 +289,14 @@ class ApiV2ConfigView(APIView):
            logger.info(smart_text(u"Invalid JSON submitted for license."),
                        extra=dict(actor=request.user.username))
            return Response({"error": _("Invalid JSON")}, status=status.HTTP_400_BAD_REQUEST)
-
        try:
            from awx.main.utils.common import get_licenser
            license_data = json.loads(data_actual)
-            if license_data.get('rh_password') == '$encrypted$':
-                license_data['rh_password'] = settings.REDHAT_PASSWORD
            license_data_validated = get_licenser(**license_data).validate()
-            if license_data_validated.get('valid_key') and 'license_key' not in license_data:
-                if license_data.get('rh_username') and license_data.get('rh_password'):
-                    settings.REDHAT_USERNAME = license_data['rh_username']
-                    settings.REDHAT_PASSWORD = license_data['rh_password']
-                license_data = {
-                    "eula_accepted": eula_accepted,
-                    "features": license_data_validated['features'],
-                    "license_type": license_data_validated['license_type'],
-                    "license_date": license_data_validated['license_date'],
-                    "license_key": license_data_validated['license_key'],
-                    "instance_count": license_data_validated['instance_count'],
-                }
-                if license_data_validated.get('trial'):
-                    license_data['trial'] = True
-        except Exception as exc:
-            msg = _("Invalid License")
-            if (
-                isinstance(exc, requests.exceptions.HTTPError) and
-                getattr(getattr(exc, 'response', None), 'status_code', None) == 401
-            ):
-                msg = _("The provided credentials are invalid (HTTP 401).")
-            if isinstance(exc, ValueError) and exc.args:
-                msg = exc.args[0]
-            logger.exception(smart_text(u"Invalid license submitted."),
-                             extra=dict(actor=request.user.username))
-            return Response({"error": msg}, status=status.HTTP_400_BAD_REQUEST)
+        except Exception:
+            logger.warning(smart_text(u"Invalid license submitted."),
+                           extra=dict(actor=request.user.username))
+            return Response({"error": _("Invalid License")}, status=status.HTTP_400_BAD_REQUEST)

        # If the license is valid, write it to the database.
        if license_data_validated['valid_key']: