search

xcat2 / xcat-inventory

An inventory tool for xcat cluster
8 stars 16 forks source link

Put all APIs using authentication for Security #219

Closed robin2008 closed 5 years ago

robin2008 commented 5 years ago

UT as below, just use one as an example:

curl -X GET "http://10.6.27.1:5000/api/v2/globalconf/sites" -H  "accept: application/json" -H  "Authorization: token c997632c-7dfb-11e9-a021-0cc47aea9e02"
[
    {
        "meta": {
            "name": "clustersite"
        },
        "spec": {
            "vsftp": "n",
            "ipmitimeout": "2",
            "consoleondemand": "no",
            "enableASMI": "no",
            "ipmimaxp": "64",
            "xcatdebugmode": "1",
            "ipmiretries": "3",
            "forwarders": "10.0.0.101",
            "blademaxp": "64",
            "db2installloc": "/mntdb2",
            "domain": "pok.stglabs.ibm.com",
            "auditskipcmds": "ALL",
            "nameservers": "10.6.27.1",
            "SNsyncfiledir": "/var/xcat/syncfiles",
            "xcatiport": "3002",
            "syspowerinterval": "0",
            "ppcmaxp": "64",
            "xcatconfdir": "/etc/xcat",
            "installdir": "/install",
            "xcatdport": "3001",
            "powerinterval": "0",
            "master": "10.6.27.1",
            "auditnosyslog": "0",
            "nodesyncfiledir": "/var/xcat/node/syncfiles",
            "useNmapfromMN": "no",
            "ppcretry": "3",
            "ppctimeout": "0",
            "timezone": "America/New_York",
            "sshbetweennodes": "ALLGROUPS",
            "fsptimeout": "0",
            "tftpdir": "/tftpboot",
            "sharedtftp": "1",
            "cleanupxcatpost": "no",
            "databaseloc": "/var/lib",
            "dhcplease": "43200",
            "dnshandler": "ddns",
            "maxssh": "8",
            "dhcpinterfaces": "enP34p1s0f1:noboot,enP34p1s0f0.12"
        }
    }
]

Without token:

curl -X GET "http://10.6.27.1:5000/api/v2/globalconf/sites" -H  "accept: application/json"
{
    "message": "The server could not verify that you are authorized to access the URL requested. You either supplied the wrong credentials (e.g. a bad password), or your browser doesn't understand how to supply the credentials required."
}