PullRequest: 57 feat: support obproxy

Merge branch sp_obproxy of git@code.alipay.com:oceanbase/OBShell-SDK-Python.git into master
https://code.alipay.com/oceanbase/OBShell-SDK-Python/pull_requests/57?tab=diff

Signed-off-by: 雪染 <xin.sunhx@oceanbase.com>


* feat: support obproxy
* fix: modify default rpc_listen_port of obproxy.
* chore: add tenant_root_password(parameter) to set_tenant_variables(method)
* refract of security
* chore: delete parameter of delete_obproxy
* chore: delete parameter of delete_obproxy_sync
* chore: add comment for create_user
* optz
* chore: delete parameter of delete_obproxy_sync
* chore: add is_obproxy_agent into info
* add agent_passwords for agg_create_cluster
* set task type for upload_obproxy_pkg
* fix: modify the default value of exporter_port
* code optz

Author: Junkrat77

obshell/auth/password.py

@@ -34,7 +34,7 @@
 class PasswordAuth(base.Auth):
     """Password-based authentication method."""
 
-    def __init__(self, password: str = "", version=None, lifetime=60) -> None:
+    def __init__(self, password: str = None, agent_password: str = None, version=None, lifetime=60) -> None:
         """Initialize a new PasswordAuth instance.
 
         Args:
@@ -49,14 +49,15 @@ def __init__(self, password: str = "", version=None, lifetime=60) -> None:
 
                 - "v1": supported by OBShell version 4.2.2.0.
                 - "v2": supported by OBShell version 4.2.3.0 or later.
-            lifetime (int, optional): 
+            lifetime (int, optional):
                 lifetime of the authentication information in reqeust header.
                 Defalut to 60 second.
         """
         super().__init__(base.AuthType.PASSWORD,
                          [base.AuthVersion.V1, base.AuthVersion.V2])
         self.password = password
         self.lifetime = lifetime
+        self.agent_password = agent_password
         if version is not None:
             if version not in _AUTHS_VERSION:
                 raise ValueError("Version not supported")
@@ -67,17 +68,20 @@ def auth(self, request) -> None:
             version = self.get_version()
             if version not in _AUTHS:
                 raise base.AuthError(f"Unsupported auth version: {version}")
-            self._method = _AUTHS[version](self.password, self.lifetime)
+            self._method = _AUTHS[version](
+                self.password, self.agent_password, self.lifetime)
         self._method.auth(request)
 
 
 class PasswordAuthMethod:
 
-    def __init__(self, password: str, lifetime: int) -> None:
+    def __init__(self, password: str, agent_password: str, lifetime: int) -> None:
         self.password = password
+        self.agent_password = agent_password
         self.pk = None
         self.lifetime = lifetime
         self.check_identity = False
+        self.agent_password_is_set = False
 
     def reset(self) -> None:
         self.pk = None
@@ -92,6 +96,10 @@ def _check(self, server: str):
             info = get_info(server)
             if info.identity == Agentidentity.SINGLE:
                 self.password = ""
+            if info.security:
+                self.agent_password_is_set = True
+            else:
+                self.agent_password = None
             self.check_identity = True
 
     def auth(self, req) -> None:
@@ -159,15 +167,23 @@ def auth(self, req: requests.Request) -> None:
                 cipher.encrypt(pad(bytes(body), AES.block_size))
             ).decode('utf8')
 
+        header = 'X-OCS-Header'
+        if (self.agent_password is not None and self.agent_password_is_set) or req.task_type == "obproxy":
+            password = self.agent_password
+            header = 'X-OCS-Agent-Header'
+        else:
+            password = self.password
+
         uri = urlparse(req.url).path if not urlparse(
             req.url).query else urlparse(req.url).path + "?" + urlparse(req.url).query
         headers = {
-            'auth': self.password,
+            'auth': "" if password is None else password,
             'ts': str(int(time.time()) + self.lifetime),
             'uri': uri,
             'keys': base64.b64encode(aes_key+aes_iv).decode('utf-8')
         }
-        req.headers['X-OCS-Header'] = self.encrypt_header(headers)
+
+        req.headers[header] = self.encrypt_header(headers)
         return
 
 

obshell/info.py

@@ -25,15 +25,18 @@ def get_info(server: str) -> AgentInfo:
     url = f"http://{server}/api/v1/info"
     resp = requests.get(url, timeout=DEFAULT_TIMEOUT)
     if resp.status_code != 200:
-        raise Exception(f"Failed to get version from {server}, "
+        raise Exception(f"Failed to get info from {server}, "
                         f"status code: {resp.status_code}")
     data = resp.json().get("data", {})
     if not data:
-        raise Exception(f"Failed to get version from {server}, no data")
+        raise Exception(f"Failed to get info from {server}, no data")
     identity = data.get("identity")
     version = data.get("version")
     supported_auth = data.get("supportedAuth", [])
-    info = AgentInfo(identity, version, supported_auth)
+    hold_obproxy = data.get("security", False)
+    is_obproxy_agent = data.get("isObproxyAgent", False)
+    info = AgentInfo(identity, version, supported_auth,
+                     hold_obproxy, is_obproxy_agent)
     return info
 
 
@@ -46,6 +49,6 @@ def get_public_key(server: str) -> str:
 
     data = resp.json().get("data", {})
     if not data:
-        raise Exception(f"Failed to get version from {server}, no data")
+        raise Exception(f"Failed to get info from {server}, no data")
 
     return data.get("public_key")

obshell/model/info.py

@@ -33,9 +33,13 @@ class AgentInfo:
     def __init__(self,
                  identity: str,
                  version: str,
-                 supported_auth: List[str]):
+                 supported_auth: List[str],
+                 security: bool = False,
+                 is_obproxy_agent: bool = False):
         self.identity = Agentidentity(identity)
         self.version = Version(version)
+        self.security = security
+        self.is_obproxy_agent = is_obproxy_agent
         self.supported_auth = [AuthVersion(version)
                                for version in supported_auth]
 
@@ -175,6 +179,8 @@ def __init__(self, data: dict):
         self.home_path = data.get("homePath", "")
         self.ip = data.get("ip", "")
         self.port = data.get("port", 0)
+        self.is_obproxy_agent = data.get("isObproxyAgent", False)
+        self.secrity = data.get("security", False)
 
     @classmethod
     def from_dict(cls, data: dict):

obshell/request.py

@@ -25,6 +25,7 @@ def __init__(self, uri: str,
                  data: dict = None,
                  query_param: dict = None,
                  headers: dict = None,
+                 task_type: str = "ob",
                  timeout: int = 100000):
         if data is None:
             data = {}
@@ -43,6 +44,7 @@ def __init__(self, uri: str,
         self.original_data = data
         self.headers = headers
         self.timeout = timeout
+        self.task_type = task_type
 
     @property
     def url(self):