Require authentication for all endpoints

Change-Id: I4a3adfbcbd6cd268196af6064bc8d1a1c430477b

Dockerfile

@@ -8,7 +8,7 @@ RUN apt-get update && apt-get install -y vim python-pip python3-pip python-dev l
 RUN useradd shinken && pip install https://github.com/naparuba/shinken/archive/2.2-RC1.zip
 
 # python-surveilclient (used by surveil-init)
-RUN pip install python-surveilclient>=0.3
+RUN pip install python-surveilclient>=0.4.1
 
 # Download packs
 RUN apt-get install -y subversion && \

surveil/api/controllers/v2/actions/acknowledge.py

@@ -19,10 +19,12 @@ import wsmeext.pecan as wsme_pecan
 
 from surveil.api.datamodel.actions import acknowledgement
 from surveil.api.datamodel import info
+from surveil.common import util
 
 
 class AcknowledgeController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(info.Info,
                          body=acknowledgement.Acknowledgement,
                          status_code=200)
@@ -39,6 +41,7 @@ class AcknowledgeController(rest.RestController):
 
         return info.Info(message='Acknowledgement received.')
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(info.Info,
                          body=acknowledgement.Acknowledgement,
                          status_code=200)

surveil/api/controllers/v2/actions/downtime.py

@@ -19,10 +19,12 @@ import wsmeext.pecan as wsme_pecan
 
 from surveil.api.datamodel.actions import downtime
 from surveil.api.datamodel import info
+from surveil.common import util
 
 
 class DowntimeController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(info.Info,
                          body=downtime.Downtime,
                          status_code=200)
@@ -39,6 +41,7 @@ class DowntimeController(rest.RestController):
 
         return info.Info(message='Downtime received.')
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(info.Info,
                          body=downtime.Downtime,
                          status_code=200)

surveil/api/controllers/v2/commands.py

@@ -17,6 +17,7 @@ from pecan import rest
 import wsmeext.pecan as wsme_pecan
 
 from surveil.api.controllers.v1.datamodel import command
+from surveil.common import util
 
 
 class CommandController(rest.RestController):
@@ -25,6 +26,7 @@ class CommandController(rest.RestController):
         pecan.request.context['command_name'] = command_name
         self._id = command_name
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(command.Command)
     def get(self):
         """Returns a specific command."""
@@ -33,6 +35,7 @@ class CommandController(rest.RestController):
         )
         return command.Command(**c)
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(None, body=command.Command, status_code=204)
     def put(self, data):
         """Modify this command.
@@ -49,6 +52,7 @@ class CommandController(rest.RestController):
             command_dict
         )
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(None, status_code=204)
     def delete(self):
         """Delete this command."""
@@ -63,6 +67,7 @@ class CommandsController(rest.RestController):
     def _lookup(self, command_id, *remainder):
         return CommandController(command_id), remainder
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose([command.Command])
     def get_all(self):
         """Returns all commands."""
@@ -71,6 +76,7 @@ class CommandsController(rest.RestController):
 
         return [command.Command(**c) for c in commands]
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(command.Command,
                          body=command.Command,
                          status_code=201)

surveil/api/controllers/v2/config/commands.py

@@ -18,6 +18,7 @@ import wsmeext.pecan as wsme_pecan
 
 from surveil.api.datamodel.config import command
 from surveil.api.handlers.config import command_handler
+from surveil.common import util
 
 
 class CommandController(rest.RestController):
@@ -26,6 +27,7 @@ class CommandController(rest.RestController):
         pecan.request.context['command_name'] = command_name
         self._id = command_name
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(command.Command)
     def get(self):
         """Returns a specific command."""
@@ -33,6 +35,7 @@ class CommandController(rest.RestController):
         c = handler.get(self._id)
         return c
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(None, body=command.Command, status_code=204)
     def put(self, data):
         """Modify this command.
@@ -42,6 +45,7 @@ class CommandController(rest.RestController):
         handler = command_handler.CommandHandler(pecan.request)
         handler.update(self._id, data)
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(None, status_code=204)
     def delete(self):
         """Delete this command."""
@@ -55,6 +59,7 @@ class CommandsController(rest.RestController):
     def _lookup(self, command_id, *remainder):
         return CommandController(command_id), remainder
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose([command.Command])
     def get_all(self):
         """Returns all commands."""
@@ -62,6 +67,7 @@ class CommandsController(rest.RestController):
         commands = handler.get_all()
         return commands
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(command.Command,
                          body=command.Command,
                          status_code=201)

surveil/api/controllers/v2/config/contactgroups.py

@@ -19,10 +19,12 @@ import wsmeext.pecan as wsme_pecan
 
 from surveil.api.datamodel.config import contactgroup
 from surveil.api.handlers.config import contactgroup_handler
+from surveil.common import util
 
 
 class ContactGroupsController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose([contactgroup.ContactGroup])
     def get_all(self):
         """Returns all contact groups."""
@@ -30,6 +32,7 @@ class ContactGroupsController(rest.RestController):
         contact_groups = handler.get_all()
         return contact_groups
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(contactgroup.ContactGroup, unicode)
     def get_one(self, group_name):
         """Returns a contact group."""
@@ -37,6 +40,7 @@ class ContactGroupsController(rest.RestController):
         contactgroup = handler.get(group_name)
         return contactgroup
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(body=contactgroup.ContactGroup, status_code=201)
     def post(self, data):
         """Create a new contact group.
@@ -46,12 +50,14 @@ class ContactGroupsController(rest.RestController):
         handler = contactgroup_handler.ContactGroupHandler(pecan.request)
         handler.create(data)
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(contactgroup.ContactGroup, unicode, status_code=204)
     def delete(self, group_name):
         """Delete a specific contact group."""
         handler = contactgroup_handler.ContactGroupHandler(pecan.request)
         handler.delete(group_name)
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(contactgroup.ContactGroup,
                          unicode,
                          body=contactgroup.ContactGroup,

surveil/api/controllers/v2/config/contacts.py

@@ -19,10 +19,12 @@ import wsmeext.pecan as wsme_pecan
 
 from surveil.api.datamodel.config import contact
 from surveil.api.handlers.config import contact_handler
+from surveil.common import util
 
 
 class ContactsController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose([contact.Contact])
     def get_all(self):
         """Returns all hosts."""
@@ -30,6 +32,7 @@ class ContactsController(rest.RestController):
         hosts = handler.get_all()
         return hosts
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(contact.Contact, unicode)
     def get_one(self, contact_name):
         """Returns a specific contact."""
@@ -37,6 +40,7 @@ class ContactsController(rest.RestController):
         contact = handler.get(contact_name)
         return contact
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(body=contact.Contact, status_code=201)
     def post(self, data):
         """Create a new contact.
@@ -46,12 +50,14 @@ class ContactsController(rest.RestController):
         handler = contact_handler.ContactHandler(pecan.request)
         handler.create(data)
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(contact.Contact, unicode, status_code=204)
     def delete(self, contact_name):
         """Returns a specific contact."""
         handler = contact_handler.ContactHandler(pecan.request)
         handler.delete(contact_name)
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(contact.Contact,
                          unicode,
                          body=contact.Contact,

surveil/api/controllers/v2/config/hostgroups.py

@@ -19,10 +19,12 @@ import wsmeext.pecan as wsme_pecan
 
 from surveil.api.datamodel.config import hostgroup
 from surveil.api.handlers.config import hostgroup_handler
+from surveil.common import util
 
 
 class HostGroupsController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose([hostgroup.HostGroup])
     def get_all(self):
         """Returns all host groups."""
@@ -30,6 +32,7 @@ class HostGroupsController(rest.RestController):
         host_groups = handler.get_all()
         return host_groups
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(hostgroup.HostGroup, unicode)
     def get_one(self, group_name):
         """Returns a host group."""
@@ -37,6 +40,7 @@ class HostGroupsController(rest.RestController):
         hostgroup = handler.get(group_name)
         return hostgroup
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(body=hostgroup.HostGroup, status_code=201)
     def post(self, data):
         """Create a new host group.
@@ -46,12 +50,14 @@ class HostGroupsController(rest.RestController):
         handler = hostgroup_handler.HostGroupHandler(pecan.request)
         handler.create(data)
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(hostgroup.HostGroup, unicode, status_code=204)
     def delete(self, group_name):
         """Returns a specific host group."""
         handler = hostgroup_handler.HostGroupHandler(pecan.request)
         handler.delete(group_name)
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(hostgroup.HostGroup,
                          unicode,
                          body=hostgroup.HostGroup,

surveil/api/controllers/v2/config/hosts.py

@@ -22,10 +22,12 @@ from surveil.api.datamodel.config import host
 from surveil.api.datamodel.config import service
 from surveil.api.handlers.config import host_handler
 from surveil.api.handlers.config import service_handler
+from surveil.common import util
 
 
 class ServiceCheckResultsSubController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(body=checkresult.CheckResult, status_code=204)
     def post(self, data):
         """Submit a new check result.
@@ -52,6 +54,7 @@ class HostServiceSubController(rest.RestController):
         pecan.request.context['service_description'] = service_description
         self._id = service_description
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(service.Service)
     def get(self):
         """Returns a specific service."""
@@ -62,6 +65,7 @@ class HostServiceSubController(rest.RestController):
         )
         return s
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(None, status_code=204)
     def delete(self):
         """Delete a specific service."""
@@ -74,6 +78,7 @@ class HostServiceSubController(rest.RestController):
 
 class HostServicesSubController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose([service.Service])
     def get_all(self):
         """Returns all services assocaited with this host."""
@@ -90,6 +95,7 @@ class HostServicesSubController(rest.RestController):
 
 class HostCheckResultsSubController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(body=checkresult.CheckResult, status_code=204)
     def post(self, data):
         """Submit a new check result.
@@ -116,6 +122,7 @@ class HostController(rest.RestController):
         pecan.request.context['host_name'] = host_name
         self._id = host_name
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(host.Host)
     def get(self):
         """Returns a specific host."""
@@ -123,6 +130,7 @@ class HostController(rest.RestController):
         h = handler.get(self._id)
         return h
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(None, body=host.Host, status_code=204)
     def put(self, data):
         """Modify this host.
@@ -132,6 +140,7 @@ class HostController(rest.RestController):
         handler = host_handler.HostHandler(pecan.request)
         handler.update(self._id, data)
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(None, status_code=204)
     def delete(self):
         """Delete this host."""
@@ -149,6 +158,7 @@ class HostsController(rest.RestController):
     def _lookup(self, host_name, *remainder):
         return HostController(host_name), remainder
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose([host.Host])
     def get_all(self):
         """Returns all hosts."""
@@ -156,6 +166,7 @@ class HostsController(rest.RestController):
         hosts = handler.get_all()
         return hosts
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(host.Host, body=host.Host, status_code=201)
     def post(self, data):
         """Create a new host.

surveil/api/controllers/v2/config/realms.py

@@ -19,10 +19,12 @@ import wsmeext.pecan as wsme_pecan
 
 from surveil.api.datamodel.config import realm
 from surveil.api.handlers.config import realm_handler
+from surveil.common import util
 
 
 class RealmsController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose([realm.Realm])
     def get_all(self):
         """Returns all realms."""
@@ -30,6 +32,7 @@ class RealmsController(rest.RestController):
         realms = handler.get_all()
         return realms
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(realm.Realm, unicode)
     def get_one(self, realm_name):
         """Returns a specific realm."""
@@ -37,6 +40,7 @@ class RealmsController(rest.RestController):
         realm = handler.get(realm_name)
         return realm
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(body=realm.Realm, status_code=201)
     def post(self, data):
         """Create a new realm.
@@ -46,12 +50,14 @@ class RealmsController(rest.RestController):
         handler = realm_handler.RealmHandler(pecan.request)
         handler.create(data)
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(realm.Realm, unicode, status_code=204)
     def delete(self, realm_name):
         """Deletes a specific realm."""
         handler = realm_handler.RealmHandler(pecan.request)
         handler.delete(realm_name)
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(realm.Realm,
                          unicode,
                          body=realm.Realm,

surveil/api/controllers/v2/config/reload_config.py

@@ -18,10 +18,12 @@ import requests
 import wsmeext.pecan as wsme_pecan
 
 from surveil.api.datamodel import info
+from surveil.common import util
 
 
 class ReloadConfigController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(info.Info)
     def post(self):
         """Reloads Shinken's config."""

surveil/api/controllers/v2/config/servicegroup.py

@@ -19,10 +19,12 @@ import wsmeext.pecan as wsme_pecan
 
 from surveil.api.datamodel.config import servicegroup
 from surveil.api.handlers.config import servicegroup_handler
+from surveil.common import util
 
 
 class ServiceGroupsController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose([servicegroup.ServiceGroup])
     def get_all(self):
         """Returns all service groups."""
@@ -30,6 +32,7 @@ class ServiceGroupsController(rest.RestController):
         service_groups = handler.get_all()
         return service_groups
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(servicegroup.ServiceGroup, unicode)
     def get_one(self, group_name):
         """Returns a service group."""
@@ -37,6 +40,7 @@ class ServiceGroupsController(rest.RestController):
         servicegroup = handler.get(group_name)
         return servicegroup
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(body=servicegroup.ServiceGroup, status_code=201)
     def post(self, data):
         """Create a new service group.
@@ -46,12 +50,14 @@ class ServiceGroupsController(rest.RestController):
         handler = servicegroup_handler.ServiceGroupHandler(pecan.request)
         handler.create(data)
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(servicegroup.ServiceGroup, unicode, status_code=204)
     def delete(self, group_name):
         """Returns a specific service group."""
         handler = servicegroup_handler.ServiceGroupHandler(pecan.request)
         handler.delete(group_name)
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(servicegroup.ServiceGroup,
                          unicode,
                          body=servicegroup.ServiceGroup,

surveil/api/controllers/v2/config/services.py

@@ -18,10 +18,12 @@ import wsmeext.pecan as wsme_pecan
 
 from surveil.api.datamodel.config import service
 from surveil.api.handlers.config import service_handler
+from surveil.common import util
 
 
 class ServicesController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose([service.Service])
     def get_all(self):
         """Returns all services."""
@@ -29,6 +31,7 @@ class ServicesController(rest.RestController):
         services = handler.get_all()
         return services
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(service.Service,
                          body=service.Service,
                          status_code=201)

surveil/api/controllers/v2/config/timeperiods.py

@@ -19,10 +19,12 @@ import wsmeext.pecan as wsme_pecan
 
 from surveil.api.datamodel.config import timeperiod
 from surveil.api.handlers.config import timeperiod_handler
+from surveil.common import util
 
 
 class TimePeriodsController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose([timeperiod.TimePeriod])
     def get_all(self):
         """Returns all time periods."""
@@ -30,6 +32,7 @@ class TimePeriodsController(rest.RestController):
         time_periods = handler.get_all()
         return time_periods
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(timeperiod.TimePeriod, unicode)
     def get_one(self, timeperiod_name):
         """Returns a specific time period."""
@@ -37,6 +40,7 @@ class TimePeriodsController(rest.RestController):
         timeperiod = handler.get(timeperiod_name)
         return timeperiod
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(body=timeperiod.TimePeriod, status_code=201)
     def post(self, data):
         """Create a new time period.
@@ -46,12 +50,14 @@ class TimePeriodsController(rest.RestController):
         handler = timeperiod_handler.TimePeriodHandler(pecan.request)
         handler.create(data)
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(timeperiod.TimePeriod, unicode, status_code=204)
     def delete(self, timeperiod_name):
         """Returns a specific time period."""
         handler = timeperiod_handler.TimePeriodHandler(pecan.request)
         handler.delete(timeperiod_name)
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(timeperiod.TimePeriod,
                          unicode,
                          body=timeperiod.TimePeriod,

surveil/api/controllers/v2/logs/__init__.py

@@ -20,6 +20,7 @@ from surveil.api.controllers.v2.logs import acknowledgements
 from surveil.api.controllers.v2.logs import comments
 from surveil.api.controllers.v2.logs import downtimes
 from surveil.api.controllers.v2.logs import notifications
+from surveil.common import util
 
 
 class LogsController(rest.RestController):
@@ -29,6 +30,7 @@ class LogsController(rest.RestController):
     notifications = notifications.NotificationsController()
 
     # @wsme_pecan.wsexpose([Host])
+    @util.policy_enforce(['authenticated'])
     @pecan.expose()
     def get_all(self):
         """Returns all events from a specific host."""

surveil/api/controllers/v2/logs/acknowledgements/__init__.py

@@ -15,11 +15,14 @@
 import pecan
 from pecan import rest
 
+from surveil.common import util
+
 
 class AcknowledgementsController(rest.RestController):
 
     # curl -X GET  http://127.0.0.1:8080/v2/titilambert/myproject/builds/
     # @wsme_pecan.wsexpose([Host])
+    @util.policy_enforce(['authenticated'])
     @pecan.expose()
     def get_all(self):
         """Returns all acks from a specific host."""

surveil/api/controllers/v2/logs/comments/__init__.py

@@ -15,11 +15,14 @@
 import pecan
 from pecan import rest
 
+from surveil.common import util
+
 
 class CommentsController(rest.RestController):
 
     # curl -X GET  http://127.0.0.1:8080/v2/titilambert/myproject/builds/
     # @wsme_pecan.wsexpose([Host])
+    @util.policy_enforce(['authenticated'])
     @pecan.expose()
     def get_all(self):
         """Returns all comments from a specific host."""

surveil/api/controllers/v2/logs/downtimes/__init__.py

@@ -15,11 +15,14 @@
 import pecan
 from pecan import rest
 
+from surveil.common import util
+
 
 class DowntimesController(rest.RestController):
 
     # curl -X GET  http://127.0.0.1:8080/v2/titilambert/myproject/builds/
     # @wsme_pecan.wsexpose([Host])
+    @util.policy_enforce(['authenticated'])
     @pecan.expose()
     def get_all(self):
         """Returns all downtimes from a specific host."""

surveil/api/controllers/v2/logs/notifications/__init__.py

@@ -15,11 +15,14 @@
 import pecan
 from pecan import rest
 
+from surveil.common import util
+
 
 class NotificationsController(rest.RestController):
 
     # curl -X GET  http://127.0.0.1:8080/v2/titilambert/myproject/builds/
     # @wsme_pecan.wsexpose([Host])
+    @util.policy_enforce(['authenticated'])
     @pecan.expose()
     def get_all(self):
         """Returns all notifications from a specific host."""

surveil/api/controllers/v2/reload_config.py

@@ -18,10 +18,12 @@ import requests
 import wsmeext.pecan as wsme_pecan
 
 from surveil.api.controllers.v1.datamodel import info
+from surveil.common import util
 
 
 class ReloadConfigController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(info.Info)
     def post(self):
         """Reloads Shinken's config."""

surveil/api/controllers/v2/services.py

@@ -17,10 +17,12 @@ from pecan import rest
 import wsmeext.pecan as wsme_pecan
 
 from surveil.api.controllers.v1.datamodel import service
+from surveil.common import util
 
 
 class ServicesController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose([service.Service])
     def get_all(self):
         """Returns all services."""
@@ -33,6 +35,7 @@ class ServicesController(rest.RestController):
 
         return [service.Service(**s) for s in services]
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(service.Service,
                          body=service.Service,
                          status_code=201)

surveil/api/controllers/v2/status/hosts.py

@@ -23,10 +23,12 @@ from surveil.api.datamodel.status import live_query
 from surveil.api.datamodel.status import live_service
 from surveil.api.handlers.status import live_host_handler
 from surveil.api.handlers.status import live_service_handler
+from surveil.common import util
 
 
 class HostsController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose([live_host.LiveHost])
     def get_all(self):
         """Returns all hosts."""
@@ -34,6 +36,7 @@ class HostsController(rest.RestController):
         hosts = handler.get_all()
         return hosts
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose([live_host.LiveHost], body=live_query.LiveQuery)
     def post(self, query):
         """Given a LiveQuery, returns all matching hosts."""
@@ -48,6 +51,7 @@ class HostsController(rest.RestController):
 
 class ConfigController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @pecan.expose()
     def get_all(self):
         """Returns config from a specific host."""
@@ -67,6 +71,7 @@ class HostServiceController(rest.RestController):
         pecan.request.context['service_name'] = service_name
         self.service_name = service_name
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(live_service.LiveService)
     def get(self):
         """Returns a specific host service."""
@@ -91,6 +96,7 @@ class HostController(rest.RestController):
         pecan.request.context['host_name'] = host_name
         self.host_name = host_name
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose(live_host.LiveHost)
     def get(self):
         """Returns a specific host."""

surveil/api/controllers/v2/status/metrics/__init__.py

@@ -16,8 +16,12 @@ import pecan
 from pecan import rest
 
 
+from surveil.common import util
+
+
 class MetricsController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @pecan.expose()
     def get_all(self):
         """Returns all metrics."""
@@ -27,6 +31,7 @@ class MetricsController(rest.RestController):
 
         return '{"host_name": "NOHOSTNAME",  "metrics" : "22"}'
 
+    @util.policy_enforce(['authenticated'])
     @pecan.expose()
     def _lookup(self, *args):
         props = {}
@@ -53,6 +58,7 @@ class MetricController(rest.RestController):
         self.sd = service_description
         self.metric = metric
 
+    @util.policy_enforce(['authenticated'])
     @pecan.expose()
     def get(self):
         """Returns (specific) metrics."""

surveil/api/controllers/v2/status/services.py

@@ -19,10 +19,12 @@ import wsmeext.pecan as wsme_pecan
 from surveil.api.datamodel.status import live_query
 from surveil.api.datamodel.status import live_service
 from surveil.api.handlers.status import live_service_handler
+from surveil.common import util
 
 
 class ServicesController(rest.RestController):
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose([live_service.LiveService])
     def get_all(self):
         """Returns all services."""
@@ -30,6 +32,7 @@ class ServicesController(rest.RestController):
         services = handler.get_all()
         return services
 
+    @util.policy_enforce(['authenticated'])
     @wsme_pecan.wsexpose([live_service.LiveService], body=live_query.LiveQuery)
     def post(self, query):
         """Given a LiveQuery, returns all matching services."""

surveil/cmd/init.py

@@ -58,7 +58,9 @@ def main():
     )
 
     # Reload the surveil config
-    cli_surveil = sc.Client('http://localhost:8080/v2', version='2_0')
+    cli_surveil = sc.Client('http://localhost:8080/v2',
+                            auth_url='http://localhost:8080/v2/auth',
+                            version='2_0')
 
     cli_surveil.config.hosts.create(
         use="generic-host",

surveil/tests/api/controllers/v2/actions/test_acknowledge.py

@@ -28,7 +28,7 @@ class TestAcknowledgeController(functionalTest.FunctionalTest):
             "host_name": "localhost"
         }
 
-        response = self.app.post_json("/v2/actions/acknowledge/", params=ack)
+        response = self.post_json("/v2/actions/acknowledge/", params=ack)
 
         self.assertEqual(response.status_int, 200)
 
@@ -46,7 +46,7 @@ class TestAcknowledgeController(functionalTest.FunctionalTest):
             "host_name": "localhost",
         }
 
-        response = self.app.delete_json("/v2/actions/downtime/", params=ack)
+        response = self.delete_json("/v2/actions/downtime/", params=ack)
 
         self.assertEqual(response.status_int, 200)
 

surveil/tests/api/controllers/v2/actions/test_downtime.py

@@ -29,7 +29,7 @@ class TestDowntimeController(functionalTest.FunctionalTest):
             "duration": 86400
         }
 
-        response = self.app.post_json("/v2/actions/downtime/", params=dt)
+        response = self.post_json("/v2/actions/downtime/", params=dt)
 
         self.assertEqual(response.status_int, 200)
 
@@ -48,7 +48,7 @@ class TestDowntimeController(functionalTest.FunctionalTest):
             "duration": 86400
         }
 
-        response = self.app.delete_json("/v2/actions/downtime/", params=dt)
+        response = self.delete_json("/v2/actions/downtime/", params=dt)
 
         self.assertEqual(response.status_int, 200)
 

surveil/tests/api/controllers/v2/auth/test_auth.py

@@ -30,7 +30,7 @@ class TestAuthController(functionalTest.FunctionalTest):
             }
         }
 
-        response = self.app.post_json('/v2/auth/tokens', params=auth)
+        response = self.post_json('/v2/auth/tokens', params=auth)
 
         expected = {
             "access": {

surveil/tests/api/controllers/v2/config/test_commands.py

@@ -34,7 +34,7 @@ class TestCommandController(functionalTest.FunctionalTest):
         )
 
     def test_get_all_commands(self):
-        response = self.app.get('/v2/config/commands')
+        response = self.get('/v2/config/commands')
 
         self.assert_count_equal_backport(
             json.loads(response.body.decode()),
@@ -44,7 +44,7 @@ class TestCommandController(functionalTest.FunctionalTest):
 
     def test_get_specific_command(self):
 
-        response = self.app.get('/v2/config/commands/check_test2')
+        response = self.get('/v2/config/commands/check_test2')
 
         self.assert_count_equal_backport(
             json.loads(response.body.decode()),
@@ -55,7 +55,7 @@ class TestCommandController(functionalTest.FunctionalTest):
     def test_update_command(self):
         put_body = {"command_line": "test_put",
                     "command_name": "check_test2"}
-        response = self.app.put_json(
+        response = self.put_json(
             "/v2/config/commands/check_test2", params=put_body
         )
 
@@ -72,7 +72,7 @@ class TestCommandController(functionalTest.FunctionalTest):
         self.assertEqual(response.status_int, 204)
 
     def test_delete_command(self):
-        response = self.app.delete('/v2/config/commands/check_test2')
+        response = self.delete('/v2/config/commands/check_test2')
 
         expected_commands = [
             {u"command_name": u"check_test1",
@@ -89,7 +89,7 @@ class TestCommandController(functionalTest.FunctionalTest):
             "command_name": "newcommand",
             "command_line": "/usr/bin/newcommand -hello"
         }
-        response = self.app.post_json(
+        response = self.post_json(
             "/v2/config/commands",
             params=new_command
         )

surveil/tests/api/controllers/v2/config/test_contactgroup.py

@@ -39,7 +39,7 @@ class TestContactGroupsController(functionalTest.FunctionalTest):
         )
 
     def test_get_all_contactgroups(self):
-        response = self.app.get('/v2/config/contactgroups')
+        response = self.get('/v2/config/contactgroups')
 
         self.assert_count_equal_backport(
             json.loads(response.body.decode()),
@@ -48,7 +48,7 @@ class TestContactGroupsController(functionalTest.FunctionalTest):
         self.assertEqual(response.status_int, 200)
 
     def test_get_one_contactgroup(self):
-        response = self.app.get('/v2/config/contactgroups/novell-admins')
+        response = self.get('/v2/config/contactgroups/novell-admins')
 
         self.assertEqual(
             json.loads(response.body.decode()),
@@ -61,7 +61,7 @@ class TestContactGroupsController(functionalTest.FunctionalTest):
             members="marie,bob,joe",
         )
 
-        self.app.post_json('/v2/config/contactgroups', g.as_dict())
+        self.post_json('/v2/config/contactgroups', g.as_dict())
 
         self.assertIsNotNone(
             self.mongoconnection.shinken.contactgroups.find_one(g.as_dict())
@@ -72,7 +72,7 @@ class TestContactGroupsController(functionalTest.FunctionalTest):
             self.mongoconnection.shinken.contactgroups.find_one(self.groups[0])
         )
 
-        self.app.delete('/v2/config/contactgroups/novell-admins')
+        self.delete('/v2/config/contactgroups/novell-admins')
 
         self.assertIsNone(
             self.mongoconnection.shinken.contactgroups.find_one(self.groups[0])
@@ -86,7 +86,7 @@ class TestContactGroupsController(functionalTest.FunctionalTest):
             'jdoe,rtobert,tzach'
         )
 
-        self.app.put_json(
+        self.put_json(
             '/v2/config/contactgroups/novell-admins',
             {"contactgroup_name": "novell-admins",
              "members": "updated"}

surveil/tests/api/controllers/v2/config/test_contacts.py

@@ -39,7 +39,7 @@ class TestContactsController(functionalTest.FunctionalTest):
         )
 
     def test_get_all_contacts(self):
-        response = self.app.get('/v2/config/contacts')
+        response = self.get('/v2/config/contacts')
 
         self.assert_count_equal_backport(
             json.loads(response.body.decode()),
@@ -48,7 +48,7 @@ class TestContactsController(functionalTest.FunctionalTest):
         self.assertEqual(response.status_int, 200)
 
     def test_get_one_contact(self):
-        response = self.app.get('/v2/config/contacts/bobby')
+        response = self.get('/v2/config/contacts/bobby')
 
         self.assertEqual(
             json.loads(response.body.decode()),
@@ -60,7 +60,7 @@ class TestContactsController(functionalTest.FunctionalTest):
             contact_name='John'
         )
 
-        self.app.post_json('/v2/config/contacts', c.as_dict())
+        self.post_json('/v2/config/contacts', c.as_dict())
 
         self.assertIsNotNone(
             self.mongoconnection.shinken.contacts.find_one(c.as_dict())
@@ -71,7 +71,7 @@ class TestContactsController(functionalTest.FunctionalTest):
             self.mongoconnection.shinken.contacts.find_one(self.contacts[0])
         )
 
-        self.app.delete('/v2/config/contacts/bobby')
+        self.delete('/v2/config/contacts/bobby')
 
         self.assertIsNone(
             self.mongoconnection.shinken.contacts.find_one(self.contacts[0])
@@ -85,7 +85,7 @@ class TestContactsController(functionalTest.FunctionalTest):
             'bob@bob.com'
         )
 
-        self.app.put_json(
+        self.put_json(
             '/v2/config/contacts/bobby',
             {"contact_name": "bobby", "email": "updated@bob.com"}
         )

surveil/tests/api/controllers/v2/config/test_hostgroup.py

@@ -39,7 +39,7 @@ class TestHostGroupsController(functionalTest.FunctionalTest):
         )
 
     def test_get_all_hostgroups(self):
-        response = self.app.get('/v2/config/hostgroups')
+        response = self.get('/v2/config/hostgroups')
 
         self.assert_count_equal_backport(
             json.loads(response.body.decode()),
@@ -48,7 +48,7 @@ class TestHostGroupsController(functionalTest.FunctionalTest):
         self.assertEqual(response.status_int, 200)
 
     def test_get_one_hostgroups(self):
-        response = self.app.get('/v2/config/hostgroups/novell-servers')
+        response = self.get('/v2/config/hostgroups/novell-servers')
 
         self.assertEqual(
             json.loads(response.body.decode()),
@@ -61,7 +61,7 @@ class TestHostGroupsController(functionalTest.FunctionalTest):
             members="marie,bob,joe",
         )
 
-        self.app.post_json('/v2/config/hostgroups', s.as_dict())
+        self.post_json('/v2/config/hostgroups', s.as_dict())
 
         self.assertIsNotNone(
             self.mongoconnection.shinken.hostgroups.find_one(s.as_dict())
@@ -72,7 +72,7 @@ class TestHostGroupsController(functionalTest.FunctionalTest):
             self.mongoconnection.shinken.hostgroups.find_one(self.groups[0])
         )
 
-        self.app.delete('/v2/config/hostgroups/novell-servers')
+        self.delete('/v2/config/hostgroups/novell-servers')
 
         self.assertIsNone(
             self.mongoconnection.shinken.hostgroups.find_one(self.groups[0])
@@ -86,7 +86,7 @@ class TestHostGroupsController(functionalTest.FunctionalTest):
             'netware1,netware2,netware3,netware4'
         )
 
-        self.app.put_json(
+        self.put_json(
             '/v2/config/hostgroups/novell-servers',
             {"hostgroup_name": "novell-servers",
              "members": "updated"}

surveil/tests/api/controllers/v2/config/test_hosts.py

@@ -70,7 +70,7 @@ class TestHostController(functionalTest.FunctionalTest):
         )
 
     def test_get_all_hosts(self):
-        response = self.app.get('/v2/config/hosts')
+        response = self.get('/v2/config/hosts')
 
         self.assert_count_equal_backport(
             json.loads(response.body.decode()),
@@ -88,7 +88,7 @@ class TestHostController(functionalTest.FunctionalTest):
                  "register": "0"}
             )
         )
-        response = self.app.get('/v2/config/hosts')
+        response = self.get('/v2/config/hosts')
 
         self.assert_count_equal_backport(
             json.loads(response.body.decode()),
@@ -97,7 +97,7 @@ class TestHostController(functionalTest.FunctionalTest):
         self.assertEqual(response.status_int, 200)
 
     def test_get_specific_host(self):
-        response = self.app.get('/v2/config/hosts/bogus-router333')
+        response = self.get('/v2/config/hosts/bogus-router333')
 
         self.assert_count_equal_backport(
             json.loads(response.body.decode()),
@@ -116,7 +116,7 @@ class TestHostController(functionalTest.FunctionalTest):
             u"notification_interval": 333,
             u"notification_period": u"newnotificationperiod"
         }
-        response = self.app.put_json(
+        response = self.put_json(
             "/v2/config/hosts/bogus-router333", params=put_host
         )
 
@@ -130,7 +130,7 @@ class TestHostController(functionalTest.FunctionalTest):
         self.assertEqual(response.status_int, 204)
 
     def test_delete_host(self):
-        response = self.app.delete('/v2/config/hosts/bogus-router')
+        response = self.delete('/v2/config/hosts/bogus-router')
 
         mongo_hosts = [host.Host(**h) for h
                        in self.mongoconnection.shinken.hosts.find()]
@@ -149,7 +149,7 @@ class TestHostController(functionalTest.FunctionalTest):
             "notification_interval": 3,
             "notification_period": "24x7"
         }
-        response = self.app.post_json("/v2/config/hosts", params=new_host)
+        response = self.post_json("/v2/config/hosts", params=new_host)
 
         hosts = [host.Host(**h).as_dict() for h
                  in self.mongoconnection.shinken.hosts.find(None, {'_id': 0})]
@@ -158,7 +158,7 @@ class TestHostController(functionalTest.FunctionalTest):
         self.assertEqual(response.status_int, 201)
 
     def test_get_associated_services(self):
-        response = self.app.get('/v2/config/hosts/bogus-router/services')
+        response = self.get('/v2/config/hosts/bogus-router/services')
 
         self.assertEqual(
             self.services,
@@ -166,7 +166,7 @@ class TestHostController(functionalTest.FunctionalTest):
         )
 
     def test_get_specific_service(self):
-        response = self.app.get(
+        response = self.get(
             '/v2/config/hosts/bogus-router/services/service-example'
         )
 
@@ -180,7 +180,7 @@ class TestHostController(functionalTest.FunctionalTest):
                           in self.mongoconnection.shinken.services.find()]
         self.assertEqual(1, len(mongo_services))
 
-        self.app.delete(
+        self.delete(
             '/v2/config/hosts/bogus-router/services/service-example'
         )
 
@@ -200,7 +200,7 @@ class TestHostController(functionalTest.FunctionalTest):
             "time_stamp": "1409149234"
         }
 
-        response = self.app.post_json(
+        response = self.post_json(
             "/v2/config/hosts/bogus-router/services/service-example/results",
             params=check_result
         )
@@ -228,8 +228,8 @@ class TestHostController(functionalTest.FunctionalTest):
             "time_stamp": "1409149234"
         }
 
-        response = self.app.post_json("/v2/config/hosts/bogus-router/results",
+        response = self.post_json("/v2/config/hosts/bogus-router/results",
-                                      params=check_result)
+                                  params=check_result)
 
         self.assertEqual(response.status_int, 204)
         self.assertEqual(

surveil/tests/api/controllers/v2/config/test_realms.py

@@ -41,7 +41,7 @@ class TestRealmsController(functionalTest.FunctionalTest):
         )
 
     def test_get_all_realms(self):
-        response = self.app.get('/v2/config/realms')
+        response = self.get('/v2/config/realms')
 
         self.assert_count_equal_backport(
             json.loads(response.body.decode()),
@@ -50,7 +50,7 @@ class TestRealmsController(functionalTest.FunctionalTest):
         self.assertEqual(response.status_int, 200)
 
     def test_get_one_realm(self):
-        response = self.app.get('/v2/config/realms/World')
+        response = self.get('/v2/config/realms/World')
 
         self.assertEqual(
             json.loads(response.body.decode()),
@@ -64,7 +64,7 @@ class TestRealmsController(functionalTest.FunctionalTest):
             default=1
         )
 
-        self.app.post_json('/v2/config/realms', r.as_dict())
+        self.post_json('/v2/config/realms', r.as_dict())
 
         self.assertIsNotNone(
             self.mongoconnection.shinken.realms.find_one(r.as_dict())
@@ -75,7 +75,7 @@ class TestRealmsController(functionalTest.FunctionalTest):
             self.mongoconnection.shinken.realms.find_one(self.realms[0])
         )
 
-        self.app.delete('/v2/config/realms/World')
+        self.delete('/v2/config/realms/World')
 
         self.assertIsNone(
             self.mongoconnection.shinken.realms.find_one(self.realms[0])
@@ -89,7 +89,7 @@ class TestRealmsController(functionalTest.FunctionalTest):
             'Europe,America,Asia'
         )
 
-        self.app.put_json(
+        self.put_json(
             '/v2/config/realms/World',
             {"realm_name": "World",
              "realm_members": "updated",

surveil/tests/api/controllers/v2/config/test_reload_config.py

@@ -24,7 +24,7 @@ class TestReloadConfigController(functionalTest.FunctionalTest):
         httpretty.register_uri(httpretty.POST,
                                self.ws_arbiter_url + "/reload")
 
-        response = self.app.post("/v2/config/reload_config")
+        response = self.post("/v2/config/reload_config")
         self.assertEqual(response.status_int, 200)
         self.assertEqual(
             httpretty.last_request().path,

surveil/tests/api/controllers/v2/config/test_servicegroup.py

@@ -39,7 +39,7 @@ class TestServiceGroupsController(functionalTest.FunctionalTest):
         )
 
     def test_get_all_servicegroups(self):
-        response = self.app.get('/v2/config/servicegroups')
+        response = self.get('/v2/config/servicegroups')
 
         self.assert_count_equal_backport(
             json.loads(response.body.decode()),
@@ -48,7 +48,7 @@ class TestServiceGroupsController(functionalTest.FunctionalTest):
         self.assertEqual(response.status_int, 200)
 
     def test_get_one_servicegroup(self):
-        response = self.app.get('/v2/config/servicegroups/dbservices')
+        response = self.get('/v2/config/servicegroups/dbservices')
 
         self.assertEqual(
             json.loads(response.body.decode()),
@@ -61,7 +61,7 @@ class TestServiceGroupsController(functionalTest.FunctionalTest):
             members="marie,bob,joe",
         )
 
-        self.app.post_json('/v2/config/servicegroups', s.as_dict())
+        self.post_json('/v2/config/servicegroups', s.as_dict())
 
         self.assertIsNotNone(
             self.mongoconnection.shinken.servicegroups.find_one(s.as_dict())
@@ -72,7 +72,7 @@ class TestServiceGroupsController(functionalTest.FunctionalTest):
             self.mongoconnection.shinken.servicegroups.find_one(self.groups[0])
         )
 
-        self.app.delete('/v2/config/servicegroups/dbservices')
+        self.delete('/v2/config/servicegroups/dbservices')
 
         self.assertIsNone(
             self.mongoconnection.shinken.servicegroups.find_one(self.groups[0])
@@ -86,7 +86,7 @@ class TestServiceGroupsController(functionalTest.FunctionalTest):
             'ms1,SQL Server,ms1,SQL Serverc Agent,ms1,SQL DTC'
         )
 
-        self.app.put_json(
+        self.put_json(
             '/v2/config/servicegroups/dbservices',
             {"servicegroup_name": "dbservices",
              "members": "updated"}

surveil/tests/api/controllers/v2/config/test_services.py

@@ -69,7 +69,7 @@ class TestServiceController(functionalTest.FunctionalTest):
         )
 
     def test_get_all_services(self):
-        response = self.app.get('/v2/config/services')
+        response = self.get('/v2/config/services')
 
         self.assert_count_equal_backport(
             json.loads(response.body.decode()),
@@ -94,7 +94,7 @@ class TestServiceController(functionalTest.FunctionalTest):
                  "contact_groups": "linux-admins"}
             )
         )
-        response = self.app.get('/v2/config/services')
+        response = self.get('/v2/config/services')
 
         self.assert_count_equal_backport(
             json.loads(response.body.decode()),
@@ -116,7 +116,7 @@ class TestServiceController(functionalTest.FunctionalTest):
             "contacts": "surveil-ptl,surveil-bob",
             "contact_groups": "linux-admins"
         }
-        response = self.app.post_json(
+        response = self.post_json(
             "/v2/config/services",
             params=new_service
         )

surveil/tests/api/controllers/v2/config/test_timeperiods.py

@@ -40,7 +40,7 @@ class TestTimePeriodsController(functionalTest.FunctionalTest):
         )
 
     def test_get_all_timeperiods(self):
-        response = self.app.get('/v2/config/timeperiods')
+        response = self.get('/v2/config/timeperiods')
 
         self.assertItemsEqual(
             json.loads(response.body.decode()),
@@ -56,7 +56,7 @@ class TestTimePeriodsController(functionalTest.FunctionalTest):
         self.assertEqual(response.status_int, 200)
 
     def test_get_one_timeperiod(self):
-        response = self.app.get('/v2/config/timeperiods/nonworkhours')
+        response = self.get('/v2/config/timeperiods/nonworkhours')
 
         self.assertEqual(
             json.loads(response.body.decode()),
@@ -72,7 +72,7 @@ class TestTimePeriodsController(functionalTest.FunctionalTest):
                  "tuesday": "pizza day"
              }}
 
-        self.app.post_json('/v2/config/timeperiods', t)
+        self.post_json('/v2/config/timeperiods', t)
 
         self.assertIsNotNone(
             self.mongoconnection.shinken.timeperiods.find_one(
@@ -88,7 +88,7 @@ class TestTimePeriodsController(functionalTest.FunctionalTest):
             )
         )
 
-        self.app.delete('/v2/config/timeperiods/nonworkhours')
+        self.delete('/v2/config/timeperiods/nonworkhours')
 
         self.assertIsNone(
             self.mongoconnection.shinken.timeperiods.find_one(
@@ -104,7 +104,7 @@ class TestTimePeriodsController(functionalTest.FunctionalTest):
             '00:00-24:00'
         )
 
-        self.app.put_json(
+        self.put_json(
             '/v2/config/timeperiods/nonworkhours',
             {"timeperiod_name": "nonworkhours",
              "periods": {"sunday": "updated"}}

surveil/tests/api/controllers/v2/status/test_hosts.py

@@ -104,7 +104,7 @@ class TestStatusHosts(functionalTest.FunctionalTest):
                                "http://influxdb:8086/query",
                                body=self.influxdb_response)
 
-        response = self.app.get("/v2/status/hosts")
+        response = self.get("/v2/status/hosts")
 
         expected = [
             {"description": "localhost",
@@ -188,7 +188,7 @@ class TestStatusHosts(functionalTest.FunctionalTest):
             })
         }
 
-        response = self.app.post_json("/v2/status/hosts", params=query)
+        response = self.post_json("/v2/status/hosts", params=query)
 
         expected = [{"host_name": "ws-arbiter", "last_check": 1429405764}]
 
@@ -232,7 +232,7 @@ class TestStatusHosts(functionalTest.FunctionalTest):
                                "http://influxdb:8086/query",
                                body=influx_response)
 
-        response = self.app.get("/v2/status/hosts/localhost")
+        response = self.get("/v2/status/hosts/localhost")
 
         expected = {"childs": ["test_keystone"],
                     "description": "localhost",
@@ -297,7 +297,7 @@ class TestStatusHosts(functionalTest.FunctionalTest):
                                "http://influxdb:8086/query",
                                body=influx_response)
 
-        response = self.app.get(
+        response = self.get(
             "/v2/status/hosts/ws-arbiter/services/check-ws-arbiter"
         )
 

surveil/tests/api/controllers/v2/status/test_services.py

@@ -80,7 +80,7 @@ class TestStatusServices(functionalTest.FunctionalTest):
                                "http://influxdb:8086/query",
                                body=self.influxdb_response)
 
-        response = self.app.get("/v2/status/services")
+        response = self.get("/v2/status/services")
 
         expected = [
             {'description': 'Check KeyStone service.',
@@ -161,7 +161,7 @@ class TestStatusServices(functionalTest.FunctionalTest):
             })
         }
 
-        response = self.app.post_json("/v2/status/services", params=query)
+        response = self.post_json("/v2/status/services", params=query)
 
         expected = [
             {'host_name': 'test_keystone',

surveil/tests/api/controllers/v2/test_hello.py

@@ -18,10 +18,10 @@ from surveil.tests.api import functionalTest
 class TestHelloController(functionalTest.FunctionalTest):
 
     def test_get(self):
-        response = self.app.get('/v2/hello')
+        response = self.get('/v2/hello')
         self.assertEqual(response.body, b"Hello World!")
         assert response.status_int == 200
 
     def test_post_policy_forbidden(self):
         with self.assertRaisesRegexp(Exception, '403 Forbidden'):
-            self.app.get('/v2/hello/denied')
+            self.get('/v2/hello/denied')

surveil/tests/api/functionalTest.py

@@ -89,13 +89,17 @@ class FunctionalTest(base.BaseTestCase):
             'X-Service-Roles': 'surveil',
         }
 
+        def make_action(verb):
+            target = getattr(self.app, verb)
+
+            def func(*args, **kwargs):
+                kwargs.setdefault('headers', self.auth_headers)
+                return target(*args, **kwargs)
+            return func
+
+        for action in ('get', 'post', 'put', 'delete',
+                       'post', 'post_json', 'put_json'):
+            setattr(self, action, make_action(action))
+
     def tearDown(self):
         pecan.set_config({}, overwrite=True)
-
-    def post_json(self, *args, **kwargs):
-        kwargs.setdefault('headers', self.auth_headers)
-        return self.app.post_json(*args, **kwargs)
-
-    def get(self, *args, **kwargs):
-        kwargs.setdefault('headers', self.auth_headers)
-        return self.app.get(*args, **kwargs)