Commit c5e92b6a authored by Kirill Smelkov's avatar Kirill Smelkov

amari.xlog: Add support for password-based authentication

Add new --password option and wire it to go to amari.connect(password=...)

Support for password-based authentication in amari.connect was just
added in the previous patch.

We need to extend filtering of logged fields on service attach a bit
since now the first service message can be both 'ready' and
'authenticate', and besides e.g. 'message' we don't want to log what was
the 'challenge'.

/reported-and-tested-by @lu.xu
/reviewed-on kirr/xlte!6
parent 5eb80f9a
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright (C) 2022-2023 Nexedi SA and Contributors. # Copyright (C) 2022-2024 Nexedi SA and Contributors.
# Kirill Smelkov <kirr@nexedi.com> # Kirill Smelkov <kirr@nexedi.com>
# #
# This program is free software: you can Use, Study, Modify and Redistribute # This program is free software: you can Use, Study, Modify and Redistribute
...@@ -156,10 +156,10 @@ class IWriter: ...@@ -156,10 +156,10 @@ class IWriter:
rotatespec = "rotatespec indicates rotate specification of the writer" rotatespec = "rotatespec indicates rotate specification of the writer"
# xlog queries service @wsuri periodically according to queries specified by # xlog queries service @wsuri/opts periodically according to queries specified by
# logspecv and logs the result. # logspecv and logs the result.
@func @func
def xlog(ctx, wsuri, w: IWriter, logspecv): def xlog(ctx, wsuri, opts, w: IWriter, logspecv):
# make sure we always have meta.sync - either the caller specifies it # make sure we always have meta.sync - either the caller specifies it
# explicitly, or we add it automatically to come first with default # explicitly, or we add it automatically to come first with default
# 10x·longest periodicity. Do the same about config_get - by default we # 10x·longest periodicity. Do the same about config_get - by default we
...@@ -192,7 +192,7 @@ def xlog(ctx, wsuri, w: IWriter, logspecv): ...@@ -192,7 +192,7 @@ def xlog(ctx, wsuri, w: IWriter, logspecv):
"which is > LOS_window (%d)" % (ns, LOS_window)) "which is > LOS_window (%d)" % (ns, LOS_window))
# ready to start logging # ready to start logging
xl = _XLogger(wsuri, w, logspecv, lsync.period) xl = _XLogger(wsuri, opts, w, logspecv, lsync.period)
# emit sync at start/stop # emit sync at start/stop
xl.jemit_sync("detached", "start", {}) xl.jemit_sync("detached", "start", {})
...@@ -224,8 +224,9 @@ def xlog(ctx, wsuri, w: IWriter, logspecv): ...@@ -224,8 +224,9 @@ def xlog(ctx, wsuri, w: IWriter, logspecv):
# _XLogger serves xlog implementation. # _XLogger serves xlog implementation.
class _XLogger: class _XLogger:
def __init__(xl, wsuri, w, logspecv, δt_sync): def __init__(xl, wsuri, opts, w, logspecv, δt_sync):
xl.wsuri = wsuri xl.wsuri = wsuri
xl.opts = opts
xl.w = w xl.w = w
xl.logspecv = logspecv xl.logspecv = logspecv
xl.δt_sync = δt_sync # = logspecv.get("meta.sync").period xl.δt_sync = δt_sync # = logspecv.get("meta.sync").period
...@@ -278,7 +279,7 @@ class _XLogger: ...@@ -278,7 +279,7 @@ class _XLogger:
# connect to the service # connect to the service
try: try:
conn = amari.connect(ctx, xl.wsuri) conn = amari.connect(ctx, xl.wsuri, xl.opts.get('password'))
except Exception as ex: except Exception as ex:
xl.jemit("service connect failure", {"reason": str(ex)}) xl.jemit("service connect failure", {"reason": str(ex)})
if not isinstance(ex, amari.ConnError): if not isinstance(ex, amari.ConnError):
...@@ -296,7 +297,7 @@ class _XLogger: ...@@ -296,7 +297,7 @@ class _XLogger:
"srv_version": conn.srv_version} "srv_version": conn.srv_version}
srv_iattach = srv_info.copy() srv_iattach = srv_info.copy()
for k, v in conn.srv_ready_msg.items(): for k, v in conn.srv_ready_msg.items():
if k in {"message", "type", "name", "version"}: if k in {"message", "type", "name", "version", "challenge"}:
continue continue
srv_iattach["srv_"+k] = v srv_iattach["srv_"+k] = v
xl.jemit("service attach", srv_iattach) xl.jemit("service attach", srv_iattach)
...@@ -921,6 +922,7 @@ Additionally the following queries are used to control xlog itself: ...@@ -921,6 +922,7 @@ Additionally the following queries are used to control xlog itself:
Options: Options:
--password <password> use specified password if service requires authentication
--rotate <rotatespec> rotate output approximately according to rotatespec --rotate <rotatespec> rotate output approximately according to rotatespec
rotatespec is <X>(KB|MB|GB|sec|min|hour|day)[.nbackup] rotatespec is <X>(KB|MB|GB|sec|min|hour|day)[.nbackup]
-h --help show this help -h --help show this help
...@@ -932,14 +934,17 @@ file=out) ...@@ -932,14 +934,17 @@ file=out)
def main(ctx, argv): def main(ctx, argv):
try: try:
optv, argv = getopt.getopt(argv[1:], "h", ["rotate=", "help"]) optv, argv = getopt.getopt(argv[1:], "h", ["password=", "rotate=", "help"])
except getopt.GetoptError as e: except getopt.GetoptError as e:
print(e, file=sys.stderr) print(e, file=sys.stderr)
usage(sys.stderr) usage(sys.stderr)
sys.exit(2) sys.exit(2)
opts = {}
rotatespec = None rotatespec = None
for opt, arg in optv: for opt, arg in optv:
if opt in ( "--password"):
opts["password"] = arg
if opt in ( "--rotate"): if opt in ( "--rotate"):
rotatespec = arg rotatespec = arg
...@@ -958,4 +963,4 @@ def main(ctx, argv): ...@@ -958,4 +963,4 @@ def main(ctx, argv):
logspecv.append( LogSpec.parse(arg) ) logspecv.append( LogSpec.parse(arg) )
w = _openwriter(output, rotatespec) w = _openwriter(output, rotatespec)
xlog(ctx, wsuri, w, logspecv) xlog(ctx, wsuri, opts, w, logspecv)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment