Update console auth token API to allow user to pass in token ttl

CCI-MOC · Dec 20, 2024 · 55f40d4 · 55f40d4
1 parent 8c00cf5
commit 55f40d4
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 2 deletions.
diff --git a/esi_leap/api/controllers/v1/console_auth_token.py b/esi_leap/api/controllers/v1/console_auth_token.py
@@ -44,6 +44,12 @@ class ConsoleAuthTokensController(rest.RestController):
     def post(self, new_console_auth_token):
         context = pecan.request.context
         node_uuid_or_name = new_console_auth_token["node_uuid_or_name"]
+        token_ttl = int(
+            new_console_auth_token.get("token_ttl", CONF.serialconsoleproxy.token_ttl)
+        )
+
+        if token_ttl <= 0:
+            raise exception.InvalidTokenTTL(ttl=token_ttl)
 
         # get node
         client = ironic.get_ironic_client(context)
@@ -57,7 +63,7 @@ def post(self, new_console_auth_token):
 
         # create and authorize auth token
         cat = cat_obj.ConsoleAuthToken(node_uuid=node.uuid)
-        token = cat.authorize(CONF.serialconsoleproxy.token_ttl)
+        token = cat.authorize(token_ttl)
         cat_dict = {
             "node_uuid": cat.node_uuid,
             "token": token,

diff --git a/esi_leap/common/exception.py b/esi_leap/common/exception.py
@@ -210,5 +210,9 @@ class InvalidToken(ESILeapException):
     _msg_fmt = _("Invalid token")
 
 
+class InvalidTokenTTL(ESILeapException):
+    _msg_fmt = _("Token TTL %(ttl)s invalid")
+
+
 class UnsupportedConsoleType(ESILeapException):
     msg_fmt = _("Unsupported console type %(console_type)s")
diff --git a/esi_leap/tests/api/controllers/v1/test_console_auth_token.py b/esi_leap/tests/api/controllers/v1/test_console_auth_token.py
@@ -30,14 +30,44 @@ def setUp(self):
     def test_post(self, mock_client, mock_authorize):
         mock_authorize.return_value = "fake-token"
 
+        data = {"node_uuid_or_name": self.node_uuid, "token_ttl": "10"}
+
+        request = self.post_json("/console_auth_tokens", data)
+
+        mock_client.assert_called_once()
+        mock_authorize.assert_called_once_with(mock.ANY, 10)
+        self.assertEqual(http_client.CREATED, request.status_int)
+
+    @mock.patch(
+        "esi_leap.objects.console_auth_token.ConsoleAuthToken.authorize", autospec=True
+    )
+    @mock.patch.object(ironic, "get_ironic_client", autospec=True)
+    def test_post_default_ttl(self, mock_client, mock_authorize):
+        mock_authorize.return_value = "fake-token"
+
         data = {"node_uuid_or_name": self.node_uuid}
 
         request = self.post_json("/console_auth_tokens", data)
 
         mock_client.assert_called_once()
-        mock_authorize.assert_called_once()
+        mock_authorize.assert_called_once_with(mock.ANY, 600)
         self.assertEqual(http_client.CREATED, request.status_int)
 
+    @mock.patch(
+        "esi_leap.objects.console_auth_token.ConsoleAuthToken.authorize", autospec=True
+    )
+    @mock.patch.object(ironic, "get_ironic_client", autospec=True)
+    def test_post_invalid_ttl(self, mock_client, mock_authorize):
+        mock_authorize.return_value = "fake-token"
+
+        data = {"node_uuid_or_name": self.node_uuid, "token_ttl": "-1"}
+
+        request = self.post_json("/console_auth_tokens", data, expect_errors=True)
+
+        mock_client.assert_not_called()
+        mock_authorize.assert_not_called()
+        self.assertEqual(http_client.INTERNAL_SERVER_ERROR, request.status_int)
+
     @mock.patch(
         "esi_leap.objects.console_auth_token.ConsoleAuthToken.authorize", autospec=True
     )