Bug 1459246 - no debug in Connection._get_sso_response
no debug in Connection._get_sso_response
Status: CLOSED CURRENTRELEASE
Product: ovirt-engine-sdk-python
Classification: oVirt
Component: General (Show other bugs)
4.1.4
Unspecified Unspecified
unspecified Severity medium (vote)
: ovirt-4.1.3
: 4.1.5
Assigned To: Ondra Machacek
Gonza
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-06 11:45 EDT by Fabrice Bacchella
Modified: 2017-07-06 10:02 EDT (History)
4 users (show)

See Also:
Fixed In Version: python-ovirt-engine-sdk4-4.1.5
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-07-06 10:02:07 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
rule-engine: ovirt‑4.1+


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 77835 None None None 2017-06-06 12:06 EDT

  None (edit)
Description Fabrice Bacchella 2017-06-06 11:45:23 EDT
The Curl object is now local to functions call, but there is no common to each one so some code duplication is needed but forgotten. For example, the section

    def __send(self, request):
...
        # Configure debug mode:
        if self._debug and self._log is not None:
            curl.setopt(pycurl.VERBOSE, 1)
            curl.setopt(pycurl.DEBUGFUNCTION, self._curl_debug)

is missing in _get_sso_response. Without it, it's not possible to debug authentication failure.
Comment 1 Fabrice Bacchella 2017-06-06 12:22:13 EDT
Didn't a generic Connection._get_curl_instance() would'nt have been better ?

Actually there is a lof of duplicated code. And also forgotten code too, like

        curl.setopt(pycurl.COOKIEFILE, '/dev/null')
        curl.setopt(pycurl.COOKIEJAR, '/dev/null')

For my own usage, I have written the following function:

    def get_curl(self):
        new_curl = pycurl.Curl()

        settings = {
            # Don't handle signals
            pycurl.NOSIGNAL: True,
            # Don't keep persistent data
            pycurl.COOKIEFILE: '/dev/null',
            pycurl.COOKIEJAR: '/dev/null',
            pycurl.SHARE: self._share,

            # Follow redirect but not too much, it's needed for CAS
            pycurl.FOLLOWLOCATION: True,
            pycurl.MAXREDIRS: 5,

            # Strict TLS check
            pycurl.SSL_VERIFYPEER: True,
            pycurl.SSL_VERIFYHOST: 2,
            pycurl.CAINFO: self._ca_file

            # Debug setup
            pycurl.VERBOSE: False,
            pycurl.DEBUGFUNCTION: self._curl_debug,

            # Needed for SPNEGO authentication
            pycurl.HTTPAUTH: pycurl.HTTPAUTH_NEGOTIATE,
            pycurl.USERPWD: ':',

            # Needed for CAS login
            pycurl.UNRESTRICTED_AUTH: True,
            pycurl.POSTREDIR: pycurl.REDIR_POST_ALL,
            pycurl.USERAGENT: self._VALID_USER_AGENT

        }
        for key, value in settings.items():
            new_curl.setopt(key, value)

        return new_curl
Comment 2 Gonza 2017-06-21 09:39:49 EDT
Verified with:
python-ovirt-engine-sdk4-4.2.1-1.a1.20170607gitdec2258.el7.centos.x86_64

DEBUG:root:< POST /ovirt-engine/sso/oauth/token HTTP/1.1
DEBUG:root:< Host: engine.com
DEBUG:root:< User-Agent: PythonSDK/4.2.1a1.dev20170607+gitdec2258
DEBUG:root:< Accept: application/json
DEBUG:root:< Content-Length: 81
DEBUG:root:< Content-Type: application/x-www-form-urlencoded
DEBUG:root:< username=admin%40internal&scope=ovirt-app-api&password={password}&grant_type=password
DEBUG:root:* upload completely sent off: 81 out of 81 bytes
DEBUG:root:> HTTP/1.1 200 OK

Note You need to log in before you can comment on or make changes to this bug.