Bug 1459246

Summary: no debug in Connection._get_sso_response
Product: [oVirt] ovirt-engine-sdk-python Reporter: Fabrice Bacchella <fabrice.bacchella>
Component: GeneralAssignee: Ondra Machacek <omachace>
Status: CLOSED CURRENTRELEASE QA Contact: Gonza <grafuls>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.1.4CC: bugs, juan.hernandez, stirabos
Target Milestone: ovirt-4.1.3Flags: rule-engine: ovirt-4.1+
Target Release: 4.1.5   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-ovirt-engine-sdk4-4.1.5 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-06 14:02:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Fabrice Bacchella 2017-06-06 15:45:23 UTC 
The Curl object is now local to functions call, but there is no common to each one so some code duplication is needed but forgotten. For example, the section

    def __send(self, request):
...
        # Configure debug mode:
        if self._debug and self._log is not None:
            curl.setopt(pycurl.VERBOSE, 1)
            curl.setopt(pycurl.DEBUGFUNCTION, self._curl_debug)

is missing in _get_sso_response. Without it, it's not possible to debug authentication failure.
Comment 1 Fabrice Bacchella 2017-06-06 16:22:13 UTC 
Didn't a generic Connection._get_curl_instance() would'nt have been better ?

Actually there is a lof of duplicated code. And also forgotten code too, like

        curl.setopt(pycurl.COOKIEFILE, '/dev/null')
        curl.setopt(pycurl.COOKIEJAR, '/dev/null')

For my own usage, I have written the following function:

    def get_curl(self):
        new_curl = pycurl.Curl()

        settings = {
            # Don't handle signals
            pycurl.NOSIGNAL: True,
            # Don't keep persistent data
            pycurl.COOKIEFILE: '/dev/null',
            pycurl.COOKIEJAR: '/dev/null',
            pycurl.SHARE: self._share,

            # Follow redirect but not too much, it's needed for CAS
            pycurl.FOLLOWLOCATION: True,
            pycurl.MAXREDIRS: 5,

            # Strict TLS check
            pycurl.SSL_VERIFYPEER: True,
            pycurl.SSL_VERIFYHOST: 2,
            pycurl.CAINFO: self._ca_file

            # Debug setup
            pycurl.VERBOSE: False,
            pycurl.DEBUGFUNCTION: self._curl_debug,

            # Needed for SPNEGO authentication
            pycurl.HTTPAUTH: pycurl.HTTPAUTH_NEGOTIATE,
            pycurl.USERPWD: ':',

            # Needed for CAS login
            pycurl.UNRESTRICTED_AUTH: True,
            pycurl.POSTREDIR: pycurl.REDIR_POST_ALL,
            pycurl.USERAGENT: self._VALID_USER_AGENT

        }
        for key, value in settings.items():
            new_curl.setopt(key, value)

        return new_curl
Comment 2 Gonza 2017-06-21 13:39:49 UTC 
Verified with:
python-ovirt-engine-sdk4-4.2.1-1.a1.20170607gitdec2258.el7.centos.x86_64

DEBUG:root:< POST /ovirt-engine/sso/oauth/token HTTP/1.1
DEBUG:root:< Host: engine.com
DEBUG:root:< User-Agent: PythonSDK/4.2.1a1.dev20170607+gitdec2258
DEBUG:root:< Accept: application/json
DEBUG:root:< Content-Length: 81
DEBUG:root:< Content-Type: application/x-www-form-urlencoded
DEBUG:root:< username=admin%40internal&scope=ovirt-app-api&password={password}&grant_type=password
DEBUG:root:* upload completely sent off: 81 out of 81 bytes
DEBUG:root:> HTTP/1.1 200 OK