[icinga-checkins] icinga.org: icingaweb2-module-director/feature/self-service-host-api-12915 : HostController: first attempts to deal with...

git at icinga.org git at icinga.org
Thu Oct 13 14:02:00 CEST 2016


Module: icingaweb2-module-director
Branch: feature/self-service-host-api-12915
Commit: 85883177ddd136aafb8fb9c3292eb8b293575bce
URL:    https://git.icinga.org/?p=icingaweb2-module-director.git;a=commit;h=85883177ddd136aafb8fb9c3292eb8b293575bce

Author: Thomas Gelf <thomas at gelf.net>
Date:   Thu Oct 13 11:35:17 2016 +0000

HostController: first attempts to deal with...

...host API keys

---

 application/controllers/HostController.php       |   38 ++++++++++++++++++++++
 library/Director/Web/Form/DirectorObjectForm.php |   12 +++++++
 2 files changed, 50 insertions(+)

diff --git a/application/controllers/HostController.php b/application/controllers/HostController.php
index 31318a6..d160288 100644
--- a/application/controllers/HostController.php
+++ b/application/controllers/HostController.php
@@ -15,6 +15,27 @@ use Icinga\Module\Director\Web\Controller\ObjectController;
 
 class HostController extends ObjectController
 {
+    protected $apiHost;
+
+    protected $requiresAuthentication = false;
+
+    protected function requiresLogin()
+    {
+        if ($key = $this->getRequest()->getUrl()->shift('apiHostKey')) {
+            $this->apiHost = IcingaHost::loadWithApiKey($key, $this->db());
+            return false;
+        }
+
+        return !$this->Auth()->isAuthenticated();
+    }
+
+    protected function forbiddenWithApiKey()
+    {
+        if ($this->apiHost !== null) {
+            throw new NotFoundError('Not found');
+        }
+    }
+
     public function init()
     {
         parent::init();
@@ -43,6 +64,7 @@ class HostController extends ObjectController
 
     public function editAction()
     {
+        $this->forbiddenWithApiKey();
         parent::editAction();
         $host = $this->object;
         $mon = $this->monitoring();
@@ -61,6 +83,7 @@ class HostController extends ObjectController
 
     public function servicesAction()
     {
+        $this->forbiddenWithApiKey();
         $db = $this->db();
         $host = $this->object;
 
@@ -125,6 +148,7 @@ class HostController extends ObjectController
 
     public function appliedserviceAction()
     {
+        $this->forbiddenWithApiKey();
         $db = $this->db();
         $host = $this->object;
         $serviceName = $this->params->get('service');
@@ -184,6 +208,7 @@ class HostController extends ObjectController
 
     public function inheritedserviceAction()
     {
+        $this->forbiddenWithApiKey();
         $db = $this->db();
         $host = $this->object;
         $serviceName = $this->params->get('service');
@@ -287,4 +312,17 @@ class HostController extends ObjectController
             )
         );
     }
+
+    protected function loadObject()
+    {
+        if ($this->apiHost) {
+            if ($this->apiHost->isObject() && $name = $this->params->get('name')) {
+                if ($this->apiHost->object_name !== $name) {
+                    throw new NotFoundError('Got invalid API key');
+                }
+            }
+        }
+
+        return parent::loadObject();
+    }
 }
diff --git a/library/Director/Web/Form/DirectorObjectForm.php b/library/Director/Web/Form/DirectorObjectForm.php
index d6478d6..79c6c21 100644
--- a/library/Director/Web/Form/DirectorObjectForm.php
+++ b/library/Director/Web/Form/DirectorObjectForm.php
@@ -1399,12 +1399,24 @@ abstract class DirectorObjectForm extends QuickForm
             ),
         ));
 
+        if ($this->isTemplate() && $this->object()->getShortTableName() === 'host') {
+            $this->addElement('text', 'api_key', array(
+                'label'   => $this->translate('API key'),
+                'description' => $this->translate(
+                    'This key (16-32 characters long) allows one to deploy new'
+                    . ' hosts for this template through the REST API without'
+                    . ' authentication.'
+                ),
+            ));
+        }
+
         $elements = array(
             'notes',
             'notes_url',
             'action_url',
             'icon_image',
             'icon_image_alt',
+            'api_key',
         );
 
         $this->addDisplayGroup($elements, 'extrainfo', array(



More information about the icinga-checkins mailing list