Bug 820496
Summary: | Not authorised to create CSP Project, but can list projects | ||
---|---|---|---|
Product: | [Community] PressGang CCMS | Reporter: | Joshua Wulf <jwulf> |
Component: | CSProcessor | Assignee: | Lee Newson <lnewson> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 1.x | CC: | jwulf, lcarlon |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-05-10 22:45:45 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Joshua Wulf
2012-05-10 08:20:48 UTC
Desired result: Authorised! I got it to work with this: csprocessor create -H http://docs.fedorareloaded.com:8080/TopicIndex -u jwulf fudcon Perhaps more informative error messages? Both should probably fail with "No server at this URL", or similar. There is no way to tell if the URL that you enter is a valid REST URL, I can only determine if it is a valid URL. So in this case it is a valid URL and that is simply a setup issue. The best I could do is add something like: ERROR: Unauthorized Request! Please check your username and the server URL is correct. As for being able to list specs that doesn't require authentication. Only certain commands require authentication. Create and Push are the main two. To add to this you can't enforce adding the "TopicIndex" component to the URL because the server may be setup on http://docs.fedorareloaded.com/ Just to add a little more to this. I can check for a 403 error when getting a User however that still doesn't guarantee that it is a REST URL as the http server could be setup to throw that error for accessing that resource. The only surefire way I can see to do this is, is to have a resource that is guaranteed to return something unique that could be compared to, however that's something that would have to be added via the REST Server. maybe a handshake method? Then you could reliably say: "Could not contact server at this URL" Because I had the wrong URL, and it was telling me: "Unauthorized request". So I spent a bunch of time looking through the source code and bugs etc... for security / permissions settings, rather than trying to fix the URL. (In reply to comment #6) > maybe a handshake method? > > Then you could reliably say: > > "Could not contact server at this URL" As I said in my last comment this needs to be done on the REST Server not something I can do from the CSP. As such a bug should be filed against that (though given the REST interface is still early on and likely to change I've just noted it down atm for a later stage) (In reply to comment #7) > Because I had the wrong URL, and it was telling me: "Unauthorized request". > > So I spent a bunch of time looking through the source code and bugs etc... for > security / permissions settings, rather than trying to fix the URL. As I've already mentioned I'm unable to reliably test if the URL is a REST URL. So if I get back a null value I have to assume they aren't a user. As you mentioned we need a handshake method or something similiar. |