Project

Profile

Help

Issue #6989

cert auth does not work with current binding gems

Added by jsherril@redhat.com 6 months ago. Updated 4 months ago.

Status:
CLOSED - WORKSFORME
Priority:
Normal
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
3. High
Version:
Master
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Katello
Sprint:
Sprint 77
Quarter:

Description

Our pulp settings.py has these settings added:

REMOTE_USER_ENVIRON_NAME = 'HTTP_REMOTE_USER'
AUTHENTICATION_BACKENDS = ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend']

REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = (
    'rest_framework.authentication.SessionAuthentication',
    'pulpcore.app.authentication.PulpRemoteUserAuthentication'
)

and authenticating with a cert works fine:

# curl https://`hostname`/pulp/api/v3/tasks/   --cert /etc/pki/katello/certs/pulp-client.crt  --key /etc/pki/katello/private/pulp-client.key

{"count":0,"next":null,"previous":null,"results":[]}[

However, using the bindings does not work, i always get:

Response body: {"detail":"Invalid username/password."}

This used to work, but after updating to master, it no longer does. After some investigation I realized that the bindings were adding basic auth headers even when basic auth wasn't used and this was related. I could mimick this with curl:

# curl https://`hostname`/pulp/api/v3/tasks/   --cert /etc/pki/katello/certs/pulp-client.crt  --key /etc/pki/katello/private/pulp-client.key    -u ':'

This works perfectly fine against 3.4, but not against pulpcore master. I even manually patched the local ruby bindings to omit basic auth: https://gist.github.com/jlsherrill/dece315a225a9de4365d176461591ef4

and that seemed to work around the issue.

I glanced through the commit log and didn't see anything all that relevant, so i wonder if it was a django update as i did notice an update there and with django-rest-framework

Tried with bindings 3.5.0.dev01592305561 (as well as 3.4.1)

History

#1 Updated by fao89 6 months ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to fao89

#2 Updated by fao89 6 months ago

  • Status changed from ASSIGNED to NEW
  • Assignee deleted (fao89)

#3 Updated by fao89 6 months ago

  • Triaged changed from No to Yes
  • Sprint set to Sprint 75

#4 Updated by rchan 5 months ago

  • Sprint changed from Sprint 75 to Sprint 76

#5 Updated by rchan 5 months ago

  • Sprint changed from Sprint 76 to Sprint 77

#6 Updated by dkliban@redhat.com 5 months ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to dkliban@redhat.com

I could not reproduce the issue. I used the cento7-katello-nightly box and upgraded pulpcore and related packages to 3.5.0. Is this issue still reproducing for you?

#7 Updated by sajha 4 months ago

Cannot reproduce this on pulpcore 3.5.0 with pulpcore_client-3.5.0 gem or pulpcore_client-3.4.z gem on a katello box.

#8 Updated by dkliban@redhat.com 4 months ago

  • Status changed from ASSIGNED to CLOSED - WORKSFORME

#9 Updated by fao89 4 months ago

I believe we should test it again since we changed the OpenAPI

Please register to edit this issue

Also available in: Atom PDF