Bug 1034884 - Node proxy drops the authorization headers when request sent to an idle gear
Summary: Node proxy drops the authorization headers when request sent to an idle gear
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Containers
Version: 1.2.0
Hardware: All
OS: All
high
high
Target Milestone: ---
: ---
Assignee: Brenton Leanhardt
QA Contact: libra bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-26 16:27 UTC by Nikhil Mone
Modified: 2018-12-03 20:48 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-02-06 18:11:02 UTC
Target Upstream Version:

Attachments (Terms of Use)
tool for idling a specific gear (749 bytes, text/plain)
2014-02-05 21:26 UTC, Brenton Leanhardt 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Nikhil Mone 2013-11-26 16:27:45 UTC 
Description of problem: 

Node proxy drops the authorization headers when request sent to an idle gear and returns a 401 error to the client , however once the gear is un-idled  the requests work fine.


Version-Release number of selected component (if applicable):


How reproducible:

Every time

Steps to Reproduce:

1. proxy "queues" up the current traffic request (from SOAP-UI in this case)

2. Then the gear is un-idled.

3. proxy submits the "queued" current traffic request minus the custom Authorization header, which eventually makes the request invalid.

4. This results in a 401 error.

5.Resubmitting the SOAP-UI request after the gear is un-idled produces a correct response. 

Actual results:

401 error when the gear was idle, before submitting the request.

Expected results:

Authorization headers shouldn't be dropped when the request is queued and forwarded.

Additional info:
Comment 2 Brenton Leanhardt 2014-02-05 21:11:56 UTC 
(I didn't mean to set NEEDINFO)
Comment 3 Brenton Leanhardt 2014-02-05 21:24:53 UTC 
I think this is working as expected on 2.x.  I'll have to try 1.x soon.

# technically Bug #1057447 blocks this so be aware that you may need to edit your control script as root.  That fix should ship shortly.
rhc app create testapp ruby-1.9 mysql --from-code=https://github.com/brenton/rails-example

# On my node
scl enable ruby193 bash

# I'll attach the oo-idler script I wrote.
ruby oo-idler idle --uuid 52f29ed03eefa941b7000005

# This will return a first 302 then curl will follow it and resubmit the Authorization header
curl -v -L -u admin:password http://testapp-demo.ose203.example.com/admin/index/
Comment 4 Brenton Leanhardt 2014-02-05 21:26:48 UTC 
Created attachment 859884 [details]
tool for idling a specific gear

require's ruby193
Comment 5 Brenton Leanhardt 2014-02-05 21:28:33 UTC 
There's no difference with restorer.php in OSE 1.x as far as I can tell.  It issues a 302 and then it's the clients responsibility to resubmit the Authorization header.
Comment 6 Brenton Leanhardt 2014-02-06 18:11:02 UTC 
I pushed an enterprise-1.2.z branch to my rails-example fork.  Here's how you use it in a OSE 1.2 environment (because we didn't have --from-code back then)

rhc app create testapp ruby-1.9 mysql
cd testapp
git remote add brenton https://github.com/brenton/rails-example
git fetch brenton
git merge -Xtheirs brenton/enterprise-1.2.z
git push

oo-idler still existed in OSE 1.2 so that part will essentially be the same.  The test case with curl will be the same too (only with a different hostname).

When I ran the test it worked in OSE 1.x the same as 2.x.  For now I'm going to close this bug as WORKSFORME.  Don't hesitate to re-open if I'm misinterpreting the description of the bug or if the scenario that triggers this is somehow different than my expectations.
Comment 7 Nikhil Mone 2014-06-16 11:25:57 UTC 
Looks like it is set to NEEDINFO for nmone, removing it. Please let me know if any info is required.
Note You need to log in before you can comment on or make changes to this bug.