Skip to content

REST localhost tests

Jump to bottom
Alan Malta Rodrigues edited this page Jan 10, 2023 · 1 revision

There might be moments that we need to test the REST APIs using the localhost http protocol, for instance, from within a Kubernetes pod. WMCore services expect some specific HTTP headers, added to the HTTP request upon successful authentication in the CMSWEB frontends. This means that a plain curl command line call will not work before the REST backend will return a 403 Forbidden response. This wiki explains how you can set that up and query a WMCore REST endpoint without any frontends.

Once you generate the HTTP request headers, as explained in the section below, you just need to construct your curl arguments and execute the call. Example, to test the to_reqmon service, one can perform the following call:

curl -v http://localhost:8243/t0_reqmon/data/info -H "cms-auth-status: OK" -H "cms-authn-method: ServerMonitor" -H "cms-authn-login: server-monitor" -H "cms-authn-name: Server Monitor" -H "cms-authn-hmac: XXX"

note that you need to know which port the service backend is listening to.

Generating HTTP request headers based on the POD hmac file

Once you opened a bash shell in the kubernetes POD that you want to test, you need to locate the hmac file and run the following script:

#!/usr/bin/env python

import hmac, hashlib
from Utils.Utilities import encodeUnicodeToBytes

def authz_headers(hmac_key):
  """Create fake authentication and authorisation headers compatible
  with the CMSWEB front-ends. Assumes you have the HMAC signing key
  the back-end will use to validate the headers.

  :arg str hmac_key: binary key data for signing headers.
  :returns: list of header name, value tuples to add to a HTTP request."""
  headers = {"cms-auth-status": "OK",
             "cms-authn-method": "ServerMonitor",
             "cms-authn-login": "server-monitor",
             "cms-authn-name": "Server Monitor" }
  prefix = suffix = ""
  hkeys = headers.keys()
  for hk in sorted(hkeys):
    if hk != "cms-auth-status":
      prefix += "h%xv%x" % (len(hk), len(headers[hk]))
      suffix += "%s%s" % (hk, headers[hk])

  # required in Python3
  hmac_key = encodeUnicodeToBytes(hmac_key)
  msg = encodeUnicodeToBytes(prefix + "#" + suffix)

  cksum = hmac.new(hmac_key, msg, hashlib.sha1).hexdigest()
  headers["cms-authn-hmac"] = cksum
  return headers.items()


fname="/etc/hmac/hmac"  # NOTE: SHOULD BE SET using location of our hmac file
with open(fname, mode='rb') as handle:
    authz = handle.read()
authz = authz_headers(authz)
print(authz)

upon execution of the script above, you will get a set of 5 tuples with an http header and its value. These headers have to be added to your curl call with the command line option -H.

Clone this wiki locally