From e0356968df4582607f8d518b1c6880adf56685ca Mon Sep 17 00:00:00 2001
From: Scott Schneider <sschneider@puppetlabs.com>
Date: Wed, 4 Nov 2015 12:35:35 -0800
Subject: [PATCH 1/2] (QENG-2995) Display associated VMs in GET /token/:token
 endpoint

---
 API.md                       | 11 +++++++++--
 lib/vmpooler/api/v1.rb       | 11 +++++++++++
 spec/vmpooler/api/v1_spec.rb | 19 +++++++++++++------
 3 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/API.md b/API.md
index 0abd0e8..b3aa0e8 100644
--- a/API.md
+++ b/API.md
@@ -40,7 +40,7 @@ Enter host password for user 'jdoe':
 
 ##### GET /token/&lt;token&gt;
 
-Get information about an existing token.
+Get information about an existing token (including associated VMs).
 
 ```
 $ curl -u jdoe --url vmpooler.company.com/api/v1/token/utpg2i2xswor6h8ttjhu3d47z53yy47y
@@ -51,7 +51,14 @@ Enter host password for user 'jdoe':
   "ok": true,
   "utpg2i2xswor6h8ttjhu3d47z53yy47y": {
     "user": "jdoe",
-    "timestamp": "2015-04-28 19:17:47 -0700"
+    "created": "2015-04-28 19:17:47 -0700",
+    "last": "2015-11-04 12:28:37 -0700",
+    "vms": {
+      "running": [
+        "dqs4914g2wjyy5w",
+        "hul7ib0ssr0f4o0"
+      ]
+    }
   }
 }
 ```
diff --git a/lib/vmpooler/api/v1.rb b/lib/vmpooler/api/v1.rb
index 33a55fa..e0a99b0 100644
--- a/lib/vmpooler/api/v1.rb
+++ b/lib/vmpooler/api/v1.rb
@@ -209,6 +209,17 @@ module Vmpooler
 
         if not token.nil? and not token.empty?
           status 200
+
+          pools.each do |pool|
+            backend.smembers('vmpooler__running__' + pool['name']).each do |vm|
+              if backend.hget('vmpooler__vm__' + vm, 'token:token') == params[:token]
+                token['vms'] ||= {}
+                token['vms']['running'] ||= []
+                token['vms']['running'].push(vm)
+              end
+            end
+          end
+
           result = { 'ok' => true, params[:token] => token }
         else
           status 404
diff --git a/spec/vmpooler/api/v1_spec.rb b/spec/vmpooler/api/v1_spec.rb
index 5f7643a..bfef681 100644
--- a/spec/vmpooler/api/v1_spec.rb
+++ b/spec/vmpooler/api/v1_spec.rb
@@ -120,11 +120,12 @@ describe Vmpooler::API::V1 do
       end
 
       context '(auth configured)' do
-        before do
-          allow(redis).to receive(:hgetall).and_return 'atoken'
-        end
-
-        let(:config) { { auth: true } }
+        let(:config) { {
+          auth: true,
+          pools: [
+            {'name' => 'pool1', 'size' => 5}
+          ]
+        } }
 
         it 'returns a 401 if not authed' do
           get "#{prefix}/token/this"
@@ -133,11 +134,17 @@ describe Vmpooler::API::V1 do
         end
 
         it 'returns a token if authed' do
+          expect(redis).to receive(:hgetall).with('vmpooler__token__this').and_return({'user' => 'admin'})
+          expect(redis).to receive(:smembers).with('vmpooler__running__pool1').and_return(['vmhostname'])
+          expect(redis).to receive(:hget).with('vmpooler__vm__vmhostname', 'token:token').and_return('this')
+
           authorize 'admin', 's3cr3t'
 
           get "#{prefix}/token/this"
 
-          expect(last_response.body).to include('"this": "atoken"')
+          expect(JSON.parse(last_response.body)['ok']).to eq(true)
+          expect(JSON.parse(last_response.body)['this']['user']).to eq('admin')
+          expect(JSON.parse(last_response.body)['this']['vms']['running']).to include('vmhostname')
 
           expect_json(ok = true, http = 200)
         end

From d74c9ff512c8f1bdb0620f19f5edf45eb72880ae Mon Sep 17 00:00:00 2001
From: Scott Schneider <sschneider@puppetlabs.com>
Date: Wed, 4 Nov 2015 13:19:15 -0800
Subject: [PATCH 2/2] Don't require username/password authentication for GET
 /token/:token route

---
 API.md                       |  3 +--
 lib/vmpooler/api/v1.rb       |  6 ------
 spec/vmpooler/api/v1_spec.rb | 10 +---------
 3 files changed, 2 insertions(+), 17 deletions(-)

diff --git a/API.md b/API.md
index b3aa0e8..78b3d6d 100644
--- a/API.md
+++ b/API.md
@@ -43,8 +43,7 @@ Enter host password for user 'jdoe':
 Get information about an existing token (including associated VMs).
 
 ```
-$ curl -u jdoe --url vmpooler.company.com/api/v1/token/utpg2i2xswor6h8ttjhu3d47z53yy47y
-Enter host password for user 'jdoe':
+$ curl --url vmpooler.company.com/api/v1/token/utpg2i2xswor6h8ttjhu3d47z53yy47y
 ```
 ```json
 {
diff --git a/lib/vmpooler/api/v1.rb b/lib/vmpooler/api/v1.rb
index e0a99b0..3cbbdd0 100644
--- a/lib/vmpooler/api/v1.rb
+++ b/lib/vmpooler/api/v1.rb
@@ -201,10 +201,6 @@ module Vmpooler
       result = { 'ok' => false }
 
       if Vmpooler::API.settings.config[:auth]
-        status 401
-
-        need_auth!
-
         token = backend.hgetall('vmpooler__token__' + params[:token])
 
         if not token.nil? and not token.empty?
@@ -221,8 +217,6 @@ module Vmpooler
           end
 
           result = { 'ok' => true, params[:token] => token }
-        else
-          status 404
         end
       end
 
diff --git a/spec/vmpooler/api/v1_spec.rb b/spec/vmpooler/api/v1_spec.rb
index bfef681..acb57a7 100644
--- a/spec/vmpooler/api/v1_spec.rb
+++ b/spec/vmpooler/api/v1_spec.rb
@@ -127,19 +127,11 @@ describe Vmpooler::API::V1 do
           ]
         } }
 
-        it 'returns a 401 if not authed' do
-          get "#{prefix}/token/this"
-
-          expect_json(ok = false, http = 401)
-        end
-
-        it 'returns a token if authed' do
+        it 'returns a token' do
           expect(redis).to receive(:hgetall).with('vmpooler__token__this').and_return({'user' => 'admin'})
           expect(redis).to receive(:smembers).with('vmpooler__running__pool1').and_return(['vmhostname'])
           expect(redis).to receive(:hget).with('vmpooler__vm__vmhostname', 'token:token').and_return('this')
 
-          authorize 'admin', 's3cr3t'
-
           get "#{prefix}/token/this"
 
           expect(JSON.parse(last_response.body)['ok']).to eq(true)