[katello-devel] Help with ReST API coding.
Eric Sammons
esammons at redhat.com
Thu Jan 26 13:45:54 UTC 2012
----- Original Message -----
> >From the log you have provided I see you are sending a key called
> "_json" which this controller obviously does not accept.
>
> It is sending it straight to the database, which is not correct. We
> must
> not allow sending arbitrary parameters to the query. This is not
> correct. Fortunately this is select and sql injection is not possible
> (Rails3 checks all input params).
>
> But I can't tell, looks like your checkout is not the current master
> (at
> least environments_controller.rb line 34 is not the database call for
> me). Local changes?
>
> In short - do not send this "_json" thing and it will work.
>
> LZ
Perhaps this is me being new to the ReST api and katello interaction via, but where in my code would I disable sending of _json?
I made the following modification:
def process_response(response):
response_body = response.read()
#try:
# response_body = json.loads(response_body, encoding='utf-8')
#except:
# pass
return (response.status, response_body, response.getheaders())
However I suspect this is the wrong place for such a change as it is in the process_response method. I assume that what I should be doing is making a change in the prepare_body; however, again not sure what that change would look like and more importantly why does this code work for katello-cli-common?
Thanks!
Eric
>
> On Wed, Jan 25, 2012 at 10:07:26PM -0500, Eric Sammons wrote:
> > I have the following code, which is practically stolen line for
> > line from katello/client/server.py and
> > katello/client/api/system.py. Yet in my code returns errors, for
> > the GET I get a 500 Internal Server Error and for the POST I get a
> > 404 Not Found. Any assistance is greatly appreciated, I rather
> > certain it is something simple that I'm missing.
> >
> > Thanks!
> > Eric
> >
> > [code]
> > #!/usr/bin/env python
> >
> > import base64
> > import httplib
> > import urllib
> > import locale
> > import os
> > import mimetypes
> >
> > try:
> > import json
> > except ImportError:
> > import simplejson as json
> >
> > def process_response(response):
> > response_body = response.read()
> > try:
> > response_body = json.loads(response_body, encoding='utf-8')
> > except:
> > pass
> >
> > return (response.status, response_body, response.getheaders())
> >
> > def https_connection(host, port=443):
> > return httplib.HTTPSConnection(host, port)
> >
> > def build_url(path, queries=()):
> > path_prefix = '/headpin/api'
> >
> > path = '/'.join((path_prefix, path))
> > path = urllib.quote(str(path))
> > queries = urllib.urlencode(queries)
> > if queries:
> > path = '?'.join((path, queries))
> > return path
> >
> > def prepare_body(body, multipart):
> > content_type = 'application/json'
> > #if multipart:
> > # content_type, body = self._encode_multipart_formdata(body)
> > #elif not isinstance(body, (type(None), Bytes, file)):
> > body = json.dumps(body)
> >
> > return (content_type, body)
> >
> > def request(method, path, queries=(), body=None, multipart=False,
> > customHeaders={}):
> > username = 'admin'
> > password = 'admin'
> > headers = {}
> > raw = ':'.join((username, password))
> > encoded = base64.encodestring(raw)[:-1]
> > headers['Authorization'] = 'Basic ' + encoded
> >
> > connection = https_connection('cubert.usersys.redhat.com')
> > url = build_url(path,queries)
> > content_type, body = prepare_body(body, multipart)
> >
> > headers['content-type'] = content_type
> > headers['content-length'] = str(len(body) if body else 0)
> > print (url)
> > connection.request(method, url, body=body,
> > headers=dict(headers.items() + customHeaders.items()))
> > return process_response(connection.getresponse())
> >
> > def GET(path, queries=(), customHeaders={}):
> > return request('GET', path, queries,
> > customHeaders=customHeaders)
> >
> > def POST(path, body, multipart=False, customHeaders={}):
> > return request('POST', path, body=body, multipart=multipart,
> > customHeaders=customHeaders)
> >
> >
> > def register(name, org):
> > #path = "environments/166/systems"
> > path = "/api/organizations/%s/systems" % org
> > sysdata = {
> > "name" : name,
> > "cp_type" : "system",
> > "facts" : {
> > "distribution.name": "Fedora",
> > "cpu.cpu_socket(s)": "1"}
> > }
> > return POST(path, sysdata)[1]
> >
> > def environment_by_name(orgId, envName):
> > #path = "organizations/ACME_Corporation/environments"
> > path = "organizations/%s/environments" % orgId
> > envs = GET(path, {"name": envName})[1]
> > if len(envs) > 0:
> > return envs[0]
> > else:
> > return None
> >
> > envs = environment_by_name('ACME_Corporation', 'DEV')
> > print envs
> > register('restfulserver', 'ACME_Corporation')
> > [/code]
> >
> > [production.log]
> >
> > Started GET
> > "/headpin//api/organizations/ACME_Corporation/environments?name=DEV"
> > for xxx.xxx.xxx.xxx at Wed Jan 25 22:01:46 -0500 2012
> > Processing by Api::EnvironmentsController#index as HTML
> > Parameters: {"name"=>"DEV", "_json"=>nil,
> > "organization_id"=>"ACME_Corporation"}
> > ActiveRecord::StatementInvalid: PGError: ERROR: column
> > environments._json does not exist
> > LINE 1: ...ronments" WHERE "environments"."name" = 'DEV' AND
> > "environme...
> > ^
> > : SELECT "environments".* FROM "environments" WHERE
> > "environments"."name" = 'DEV' AND "environments"."_json" IS NULL
> > AND "environments"."organization_id" = 1
> > /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/abstract_adapter.rb:207:in
> > `log'
> > /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/postgresql_adapter.rb:514:in
> > `execute'
> > /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/postgresql_adapter.rb:1004:in
> > `select_raw'
> > /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/postgresql_adapter.rb:997:in
> > `select'
> > /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/abstract/database_statements.rb:7:in
> > `select_all'
> > /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/abstract/query_cache.rb:54:in
> > `select_all'
> > /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/abstract/query_cache.rb:68:in
> > `cache_sql'
> > /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/abstract/query_cache.rb:54:in
> > `select_all'
> > /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/base.rb:473:in
> > `find_by_sql'
> > /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/relation.rb:64:in
> > `to_a'
> > /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/relation.rb:80:in
> > `as_json'
> > /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/json/encoding.rb:46:in
> > `encode'
> > /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/json/encoding.rb:77:in
> > `check_for_circular_references'
> > /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/json/encoding.rb:45:in
> > `encode'
> > /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/json/encoding.rb:30:in
> > `encode'
> > /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/core_ext/object/to_json.rb:15:in
> > `to_json'
> > /usr/share/katello/app/controllers/api/environments_controller.rb:34:in
> > `index'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal/implicit_render.rb:4:in
> > `send_action'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal/implicit_render.rb:4:in
> > `send_action'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/abstract_controller/base.rb:150:in
> > `process_action'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal/rendering.rb:11:in
> > `process_action'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/abstract_controller/callbacks.rb:18:in
> > `process_action'
> > /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:452:in
> > `_run__856191886__process_action__199225275__callbacks'
> > /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:221:in
> > `_conditional_callback_around_2555'
> > /usr/share/katello/lib/util/threadsession.rb:79:in `thread_locals'
> > /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:220:in
> > `_conditional_callback_around_2555'
> > /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:441:in
> > `_run__856191886__process_action__199225275__callbacks'
> > /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:410:in
> > `send'
> > /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:410:in
> > `_run_process_action_callbacks'
> > /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:94:in
> > `send'
> > /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:94:in
> > `run_callbacks'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/abstract_controller/callbacks.rb:17:in
> > `process_action'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal/rescue.rb:17:in
> > `process_action'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal/instrumentation.rb:30:in
> > `process_action'
> > /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/notifications.rb:52:in
> > `instrument'
> > /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/notifications/instrumenter.rb:21:in
> > `instrument'
> > /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/notifications.rb:52:in
> > `instrument'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal/instrumentation.rb:29:in
> > `process_action'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/abstract_controller/base.rb:119:in
> > `process'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/abstract_controller/rendering.rb:41:in
> > `process'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal.rb:138:in
> > `dispatch'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal/rack_delegation.rb:14:in
> > `dispatch'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_controller/metal.rb:178:in
> > `action'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/routing/route_set.rb:62:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/routing/route_set.rb:62:in
> > `dispatch'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/routing/route_set.rb:27:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/rack-mount-0.7.1/lib/rack/mount/route_set.rb:150:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/rack-mount-0.7.1/lib/rack/mount/code_generation.rb:93:in
> > `recognize'
> > /usr/lib/ruby/gems/1.8/gems/rack-mount-0.7.1/lib/rack/mount/code_generation.rb:110:in
> > `optimized_each'
> > /usr/lib/ruby/gems/1.8/gems/rack-mount-0.7.1/lib/rack/mount/code_generation.rb:92:in
> > `recognize'
> > /usr/lib/ruby/gems/1.8/gems/rack-mount-0.7.1/lib/rack/mount/route_set.rb:141:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/routing/route_set.rb:493:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/warden-1.0.5/lib/warden/manager.rb:35:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/warden-1.0.5/lib/warden/manager.rb:34:in
> > `catch'
> > /usr/lib/ruby/gems/1.8/gems/warden-1.0.5/lib/warden/manager.rb:34:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/sass-3.1.4/lib/sass/../sass/plugin/rack.rb:54:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/best_standards_support.rb:17:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/head.rb:14:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/rack-1.3.0/lib/rack/methodoverride.rb:24:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/params_parser.rb:21:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/flash.rb:182:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/session/abstract_store.rb:149:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/cookies.rb:302:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/query_cache.rb:32:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/abstract/query_cache.rb:28:in
> > `cache'
> > /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/query_cache.rb:12:in
> > `cache'
> > /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/query_cache.rb:31:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/activerecord-3.0.10/lib/active_record/connection_adapters/abstract/connection_pool.rb:354:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/callbacks.rb:46:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/activesupport-3.0.10/lib/active_support/callbacks.rb:416:in
> > `_run_call_callbacks'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/callbacks.rb:44:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/rack-1.3.0/lib/rack/sendfile.rb:102:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/remote_ip.rb:48:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/actionpack-3.0.10/lib/action_dispatch/middleware/show_exceptions.rb:47:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/railties-3.0.10/lib/rails/rack/logger.rb:13:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/rack-1.3.0/lib/rack/runtime.rb:17:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/rack-1.3.0/lib/rack/lock.rb:34:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/railties-3.0.10/lib/rails/application.rb:168:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/railties-3.0.10/lib/rails/application.rb:77:in
> > `send'
> > /usr/lib/ruby/gems/1.8/gems/railties-3.0.10/lib/rails/application.rb:77:in
> > `method_missing'
> > /usr/lib/ruby/gems/1.8/gems/rack-1.3.0/lib/rack/urlmap.rb:52:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/rack-1.3.0/lib/rack/urlmap.rb:46:in
> > `each'
> > /usr/lib/ruby/gems/1.8/gems/rack-1.3.0/lib/rack/urlmap.rb:46:in
> > `call'
> > /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/connection.rb:84:in
> > `pre_process'
> > /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/connection.rb:82:in
> > `catch'
> > /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/connection.rb:82:in
> > `pre_process'
> > /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/connection.rb:57:in
> > `process'
> > /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/connection.rb:42:in
> > `receive_data'
> > /usr/lib/ruby/gems/1.8/gems/eventmachine-0.12.10/lib/eventmachine.rb:256:in
> > `run_machine'
> > /usr/lib/ruby/gems/1.8/gems/eventmachine-0.12.10/lib/eventmachine.rb:256:in
> > `run'
> > /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/backends/base.rb:61:in
> > `start'
> > /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/server.rb:159:in
> > `start'
> > /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/controllers/controller.rb:86:in
> > `start'
> > /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/runner.rb:185:in
> > `send'
> > /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/runner.rb:185:in
> > `run_command'
> > /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/lib/thin/runner.rb:151:in
> > `run!'
> > /usr/lib/ruby/gems/1.8/gems/thin-1.2.11/bin/thin:6
> > /usr/share/katello/script/thin:59:in `load'
> > /usr/share/katello/script/thin:59
> > Rendered text template (0.0ms)
> > Completed 500 Internal Server Error in 15ms (Views: 0.6ms |
> > ActiveRecord: 4.7ms)
> >
> > started POST "/headpin//api/organizations/ACME_Corporation/systems"
> > for xxx.xxx.xxx.xxx at Wed Jan 25 22:04:26 -0500 2012
> > Processing by ErrorsController#routing as HTML
> > Parameters: {"facts"=>{"distribution.name"=>"Fedora",
> > "cpu.cpu_socket(s)"=>"1"}, "name"=>"restfulserver",
> > "cp_type"=>"system", "organization_id"=>"ACME_Corporation"}
> > Rendered common/_config.html.haml (0.5ms)
> > Rendered layouts/_ajax_notices.haml (0.9ms)
> > Rendered layouts/_notification.haml (0.2ms)
> > Rendered common/_common_i18n.html.haml (0.5ms)
> > Rendered layouts/_header.haml (2.1ms)
> > Rendered layouts/_footer.haml (0.2ms)
> > Rendered common/404.html.haml within layouts/katello (9.1ms)
> > Completed 404 Not Found in 11ms (Views: 9.9ms | ActiveRecord:
> > 0.0ms)
> > [/production.log]
> >
> > _______________________________________________
> > katello-devel mailing list
> > katello-devel at redhat.com
> > https://www.redhat.com/mailman/listinfo/katello-devel
>
> --
> Later,
>
> Lukas Zapletal | E32E400A
> RHN Satellite Engineering
> Red Hat Czech s.r.o. Brno
>
> _______________________________________________
> katello-devel mailing list
> katello-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/katello-devel
>
More information about the katello-devel
mailing list