Bug 631526
| Summary: | pulp-client is not loading the consumer cert | ||
|---|---|---|---|
| Product: | [Retired] Pulp | Reporter: | Jay Dobies <jason.dobies> |
| Component: | z_other | Assignee: | Pradeep Kilambi <pkilambi> |
| Status: | CLOSED NOTABUG | QA Contact: | wes hayutin <whayutin> |
| Severity: | high | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | pthomas |
| Target Milestone: | --- | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-12-22 19:37:14 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 634000 | ||
*** Bug 627666 has been marked as a duplicate of this bug. *** *** Bug 631017 has been marked as a duplicate of this bug. *** |
The code for PulpConnection has the following: def __init__(self, host='localhost', port=443, handler="/pulp/api", cert_file=realpath(CERT_PATH), key_file=realpath(KEY_PATH), username=None, password=None): However in all uses of its subclasses, cert_file and key_file are being passed in. And in all cases when using pulp-client, these are None. This prevents the defaults from ever kicking in. Because of how the admin and client CLIs were split, there's no clean place to specify which cert files to use. For the pulp-admin, it's done in basecore.main (this is likely wrong since it's the base class). The client CLI, however, doesn't have a solid hook to specify them. I thought that meant they would revert to the defaults, but in all of the core_* classes the basecore's cert_file/key_file are used and passed to connection, overriding the default. The result is that running something like "pulp-client consumer history" fails authentication. However, if you have previously logged in as the admin user, it uses that certificate and will pass authentication (this is also the workaround). The issue is where to add in the certificate hooks. Part of the problem is that the pulp-client code is bolted on to the CLI. The pulp-admin uses the PulpCore.main whereas pulp-client has a bunch of cumbersome subclasses in /usr/bin/pulp-client. Once that is resolved, we can likely add a hook to where the core_* command is determined and have it set the appropriate cert_file/key_file values.