Bug 1459246 - no debug in Connection._get_sso_response
Summary: no debug in Connection._get_sso_response
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-engine-sdk-python
Classification: oVirt
Component: General
Version: 4.1.4
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ovirt-4.1.3
: 4.1.5
Assignee: Ondra Machacek
QA Contact: Gonza
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-06-06 15:45 UTC by Fabrice Bacchella
Modified: 2019-04-28 14:24 UTC (History)
3 users (show)

Fixed In Version: python-ovirt-engine-sdk4-4.1.5
Clone Of:
Environment:
Last Closed: 2017-07-06 14:02:07 UTC
oVirt Team: Infra
Embargoed:
rule-engine: ovirt-4.1+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 77835 0 None None None 2017-06-06 16:06:27 UTC

Description Fabrice Bacchella 2017-06-06 15:45:23 UTC 
The Curl object is now local to functions call, but there is no common to each one so some code duplication is needed but forgotten. For example, the section

    def __send(self, request):
...
        # Configure debug mode:
        if self._debug and self._log is not None:
            curl.setopt(pycurl.VERBOSE, 1)
            curl.setopt(pycurl.DEBUGFUNCTION, self._curl_debug)

is missing in _get_sso_response. Without it, it's not possible to debug authentication failure.
Comment 1 Fabrice Bacchella 2017-06-06 16:22:13 UTC 
Didn't a generic Connection._get_curl_instance() would'nt have been better ?

Actually there is a lof of duplicated code. And also forgotten code too, like

        curl.setopt(pycurl.COOKIEFILE, '/dev/null')
        curl.setopt(pycurl.COOKIEJAR, '/dev/null')

For my own usage, I have written the following function:

    def get_curl(self):
        new_curl = pycurl.Curl()

        settings = {
            # Don't handle signals
            pycurl.NOSIGNAL: True,
            # Don't keep persistent data
            pycurl.COOKIEFILE: '/dev/null',
            pycurl.COOKIEJAR: '/dev/null',
            pycurl.SHARE: self._share,

            # Follow redirect but not too much, it's needed for CAS
            pycurl.FOLLOWLOCATION: True,
            pycurl.MAXREDIRS: 5,

            # Strict TLS check
            pycurl.SSL_VERIFYPEER: True,
            pycurl.SSL_VERIFYHOST: 2,
            pycurl.CAINFO: self._ca_file

            # Debug setup
            pycurl.VERBOSE: False,
            pycurl.DEBUGFUNCTION: self._curl_debug,

            # Needed for SPNEGO authentication
            pycurl.HTTPAUTH: pycurl.HTTPAUTH_NEGOTIATE,
            pycurl.USERPWD: ':',

            # Needed for CAS login
            pycurl.UNRESTRICTED_AUTH: True,
            pycurl.POSTREDIR: pycurl.REDIR_POST_ALL,
            pycurl.USERAGENT: self._VALID_USER_AGENT

        }
        for key, value in settings.items():
            new_curl.setopt(key, value)

        return new_curl
Comment 2 Gonza 2017-06-21 13:39:49 UTC 
Verified with:
python-ovirt-engine-sdk4-4.2.1-1.a1.20170607gitdec2258.el7.centos.x86_64

DEBUG:root:< POST /ovirt-engine/sso/oauth/token HTTP/1.1
DEBUG:root:< Host: engine.com
DEBUG:root:< User-Agent: PythonSDK/4.2.1a1.dev20170607+gitdec2258
DEBUG:root:< Accept: application/json
DEBUG:root:< Content-Length: 81
DEBUG:root:< Content-Type: application/x-www-form-urlencoded
DEBUG:root:< username=admin%40internal&scope=ovirt-app-api&password={password}&grant_type=password
DEBUG:root:* upload completely sent off: 81 out of 81 bytes
DEBUG:root:> HTTP/1.1 200 OK
Note You need to log in before you can comment on or make changes to this bug.