[lxc-devel] [pylxd/master] Authenticate fixes
rockstar on Github
lxc-bot at linuxcontainers.org
Thu Nov 17 23:02:13 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 892 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20161117/8e31ef25/attachment.bin>
-------------- next part --------------
From 7cc9c3692304aedf3748d191eab9904ac7e196f6 Mon Sep 17 00:00:00 2001
From: Paul Hummer <paul.hummer at canonical.com>
Date: Thu, 17 Nov 2016 15:48:42 -0700
Subject: [PATCH 1/5] Default cert parameter to the certs that were generated
by `lxc $command`
---
pylxd/client.py | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/pylxd/client.py b/pylxd/client.py
index 768a9d8..b6408e4 100644
--- a/pylxd/client.py
+++ b/pylxd/client.py
@@ -181,6 +181,10 @@ class Client(object):
"""
+ DEFAULT_CERTS = (
+ os.path.expanduser('~/.config/lxc/client.crt'),
+ os.path.expanduser('~/.config/lxc/client.key'))
+
def __init__(self, endpoint=None, version='1.0', cert=None, verify=True):
self.cert = cert
if endpoint is not None:
@@ -188,6 +192,11 @@ def __init__(self, endpoint=None, version='1.0', cert=None, verify=True):
self.api = _APINode('http+unix://{}'.format(
parse.quote(endpoint, safe='')))
else:
+ # Extra trailing slashes cause LXD to 301
+ if cert is None and (
+ os.path.exists(self.DEFAULT_CERTS[0]) and
+ os.path.exists(self.DEFAULT_CERTS[1])):
+ cert = self.DEFAULT_CERTS
self.api = _APINode(endpoint, cert=cert, verify=verify)
else:
if 'LXD_DIR' in os.environ:
@@ -224,7 +233,7 @@ def trusted(self):
def authenticate(self, password):
if self.trusted:
return
- cert = open(self.cert[0]).read().encode('utf-8')
+ cert = open(self.api.session.cert[0]).read().encode('utf-8')
self.certificates.create(password, cert)
# Refresh the host info
From 00a6cf6a621f98aa8674eb1af6c3606cbc6c61e9 Mon Sep 17 00:00:00 2001
From: Paul Hummer <paul.hummer at canonical.com>
Date: Thu, 17 Nov 2016 15:49:29 -0700
Subject: [PATCH 2/5] Strip trailing slashes
This was a hell of a bug. LXD returns 301 redirects to the actual
URL. The `requests` library then switches from a POST to GET, and
this caused the `Client.authenticate` method to fail.
---
pylxd/client.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/pylxd/client.py b/pylxd/client.py
index b6408e4..606f11f 100644
--- a/pylxd/client.py
+++ b/pylxd/client.py
@@ -193,6 +193,7 @@ def __init__(self, endpoint=None, version='1.0', cert=None, verify=True):
parse.quote(endpoint, safe='')))
else:
# Extra trailing slashes cause LXD to 301
+ endpoint = endpoint.rstrip('/')
if cert is None and (
os.path.exists(self.DEFAULT_CERTS[0]) and
os.path.exists(self.DEFAULT_CERTS[1])):
From a41c503d9c59b5332e99f127dabcb5fc5e2a7b28 Mon Sep 17 00:00:00 2001
From: Paul Hummer <paul.hummer at canonical.com>
Date: Thu, 17 Nov 2016 15:50:48 -0700
Subject: [PATCH 3/5] Add integration test for Client.authenticate
---
integration/test_client.py | 35 +++++++++++++++++++++++++++++++++++
run_integration_tests | 5 ++++-
2 files changed, 39 insertions(+), 1 deletion(-)
create mode 100644 integration/test_client.py
diff --git a/integration/test_client.py b/integration/test_client.py
new file mode 100644
index 0000000..949c32e
--- /dev/null
+++ b/integration/test_client.py
@@ -0,0 +1,35 @@
+# Copyright (c) 2016 Canonical Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+import pylxd
+import requests
+from requests.packages.urllib3.exceptions import InsecureRequestWarning
+
+from integration.testing import IntegrationTestCase
+
+requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
+
+
+class TestClient(IntegrationTestCase):
+ """Tests for `Client`."""
+
+ def test_authenticate(self):
+ # This is another test with multiple assertions, as it is a test of
+ # flow, rather than a single source of functionality.
+ client = pylxd.Client('https://127.0.0.1:8443/', verify=False)
+
+ self.assertFalse(client.trusted)
+
+ client.authenticate('password')
+
+ self.assertTrue(client.trusted)
diff --git a/run_integration_tests b/run_integration_tests
index cdba3ee..625d402 100755
--- a/run_integration_tests
+++ b/run_integration_tests
@@ -11,9 +11,12 @@ sleep 5 # Wait for the network to come up
lxc exec $CONTAINER_NAME -- apt-get update
lxc exec $CONTAINER_NAME -- apt-get install -y tox python3-dev libssl-dev libffi-dev build-essential
+lxc exec $CONTAINER_NAME -- lxc config set core.trust_password password
+lxc exec $CONTAINER_NAME -- lxc config set core.https_address [::]
+
lxc exec $CONTAINER_NAME -- mkdir -p /opt/pylxd
# NOTE: rockstar (13 Sep 2016) - --recursive is not supported in lxd <2.1, so
# until we have pervasive support for that, we'll do this tar hack.
tar cf - * .git | lxc exec $CONTAINER_NAME -- tar xf - -C /opt/pylxd
lxc exec $CONTAINER_NAME -- /bin/sh -c "cd /opt/pylxd && tox -eintegration"
-lxc delete --force $CONTAINER_NAME
+#lxc delete --force $CONTAINER_NAME
From 94f5a2c8d9be5144758b4b2071f84858e4e5cd6f Mon Sep 17 00:00:00 2001
From: Paul Hummer <paul.hummer at canonical.com>
Date: Thu, 17 Nov 2016 15:55:50 -0700
Subject: [PATCH 4/5] Fix unit test
---
pylxd/tests/test_client.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pylxd/tests/test_client.py b/pylxd/tests/test_client.py
index 6eda6da..2fe573d 100644
--- a/pylxd/tests/test_client.py
+++ b/pylxd/tests/test_client.py
@@ -131,7 +131,7 @@ def test_authenticate(self):
certs = (
os.path.join(os.path.dirname(__file__), 'lxd.crt'),
os.path.join(os.path.dirname(__file__), 'lxd.key'))
- an_client = client.Client(cert=certs)
+ an_client = client.Client('https://lxd', cert=certs)
get_count = []
From ba6b8882901c2759b226ea929a00addfdcf7539e Mon Sep 17 00:00:00 2001
From: Paul Hummer <paul.hummer at canonical.com>
Date: Thu, 17 Nov 2016 15:58:25 -0700
Subject: [PATCH 5/5] Delete the integration test container on completion
---
run_integration_tests | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/run_integration_tests b/run_integration_tests
index 625d402..c1467db 100755
--- a/run_integration_tests
+++ b/run_integration_tests
@@ -19,4 +19,4 @@ lxc exec $CONTAINER_NAME -- mkdir -p /opt/pylxd
# until we have pervasive support for that, we'll do this tar hack.
tar cf - * .git | lxc exec $CONTAINER_NAME -- tar xf - -C /opt/pylxd
lxc exec $CONTAINER_NAME -- /bin/sh -c "cd /opt/pylxd && tox -eintegration"
-#lxc delete --force $CONTAINER_NAME
+lxc delete --force $CONTAINER_NAME
More information about the lxc-devel
mailing list