StopIteration error after Rally Upgrade and switch to LDAP authentication

[stumpjumper]

Hello. I have a few scripts using PyRal that worked fine until the IT department took over management of Rally. The Rally database used did not change, but we moved from On-Premises 2014.1 to 2014.2 and switched to using the Rally LDAP module for authentication. Below is a traceback showing the error. This occurs on both a Mac OS X 10.9 and Red Hat 6 Linux system.

Thank you for your time.

Version Info
pyral.version
(1, 1, 0)

Rally On-Premises 2014.2
Using Rally LDAP module for authentication

Mac OS 10.9.5
Python 2.7.8 (default, Jul 13 2014, 17:11:32)
[GCC 4.2.1 Compatible Apple LLVM 5.1 (clang-503.0.40)] on darwin
py27-requests @2.4.0_0 (via MacPorts)

Red Hat Enterprise Linux Workstation release 6.3 (Santiago)
Python 2.6.6 (r266:84292, Aug 28 2012, 10:55:56)
[GCC 4.4.6 20120305 (Red Hat 4.4.6-4)] on linux2
requests v2.3.0

Mac OS X traceback
(Note sure why the Mac OS run has the Unverified HTTPS request warning, my script is identical on both machines. I'm thinking it has something to do with the different requests version.)

$ query_rally.py --credentialsFromFile PB9225
/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py:730: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html (This warning will only appear once by default.)
InsecureRequestWarning)
Traceback (most recent call last):
File "./query_rally.py", line 371, in
main(sys.argv[1:])
File "./query_rally.py", line 347, in main
myQueryRally.setRallyObject()
File "./query_rally.py", line 137, in setRallyObject
verify_ssl_cert=self.verify_ssl_cert)
File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pyral/restapi.py", line 227, in init
self.contextHelper.check(self.server)
File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pyral/context.py", line 220, in check
self._getDefaults(response)
File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pyral/context.py", line 259, in _getDefaults
user = response.next()
File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pyral/rallyresp.py", line 256, in next
raise StopIteration
StopIteration

Linux traceback

$ query_rally.py --credentialsFromFile PB9225
Traceback (most recent call last):
File "query_rally.py", line 371, in
main(sys.argv[1:])
File "query_rally.py", line 347, in main
myQueryRally.setRallyObject()
File "query_rally.py", line 137, in setRallyObject
verify_ssl_cert=self.verify_ssl_cert)
File "/ascldap/users/aalorbe/trac/easy_install_files/2.6/site_packages/pyral-1.1.0-py2.6.egg/pyral/restapi.py", line 227, in init
self.contextHelper.check(self.server)
File "/ascldap/users/aalorbe/trac/easy_install_files/2.6/site_packages/pyral-1.1.0-py2.6.egg/pyral/context.py", line 220, in check
self._getDefaults(response)
File "/ascldap/users/aalorbe/trac/easy_install_files/2.6/site_packages/pyral-1.1.0-py2.6.egg/pyral/context.py", line 259, in _getDefaults
user = response.next()
File "/ascldap/users/aalorbe/trac/easy_install_files/2.6/site_packages/pyral-1.1.0-py2.6.egg/pyral/rallyresp.py", line 256, in next
raise StopIteration
StopIteration

[stumpjumper]

Also, a SSL Certificate was added to the Rally server when the IT department took over management of Rally.

[klehman-rally]

My recommendation on the initial approach given the environment you described is to take pyral out of the picture to attempt to determine if there is some other basic dynamic causing the symptoms you've observed. Here's a Python script that uses the requests module to make a simple Rally WSAPI request. Substitute your local Rally OnPrem server and suitable credentials. Does this run successfully in your environment?

#!/usr/local/bin/python2.7

################################################################################################

basic_rally_request - Use the Requests module to connect to Rally and pull back

Rally Subscription information

################################################################################################

import sys
import time
import urllib

import requests

################################################################################################

RALLY_SERVER = "rally1.rallydev.com"
USERNAME = "you@urentity.com"
PASSWORD = "private&2secret!"

RALLY_BASE_URL = "https://%s/slm/webservice/v2.0" % RALLY_SERVER
QUERY_STRING = "fetch=true&pagesize=200&start=1"

################################################################################################

def main(args):
resource_URL = "%s/Subscription?%s" % (RALLY_BASE_URL, QUERY_STRING)

print resource_URL
before = time.time()
response = requests.get(resource_URL, auth=(USERNAME, PASSWORD), timeout=5.0)
after = time.time()
print response.status_code
headers = response.headers
content = response.content
cookies = response.cookies
print "Request round-trip time: %7.2f secs" % (after - before)
print ""
print "RESPONSE HEADER"
print headers
print ""
print "RESPONSE BODY"
print content

################################################################################################
################################################################################################

if name == "main":
main(sys.argv[1:])
sys.exit(0)

[stumpjumper]

Thank you for the script. It seemed to work fine. The output is below.

$ basic_rally_request.py
https://rally.sandia.gov/slm/webservice/v2.0/Subscription?fetch=true&pagesize=200&start=1
200
Request round-trip time:    2.08 secs

RESPONSE HEADER
{'content-length': '623', 'rallyrequestid': 'localhost10gjtw20cao8h1hnd3gpshjfq4.localhost1476499', 'content-encoding': 'gzip', 'set-cookie': 'JSESSIONID=localhost10gjtw20cao8h1hnd3gpshjfq4.localhost;Path=/;Secure;HttpOnly, SUBBUCKETID=100;Path=/;Domain=rally.sandia.gov;Secure;HttpOnly', 'expires': 'Thu, 01 Jan 1970 00:00:00 GMT', 'vary': 'Accept-Encoding,User-Agent', 'keep-alive': 'timeout=15, max=100', 'connection': 'Keep-Alive', 'etag': '"016e9b6c7b745d024dd7a93861afcfdd8"', 'cache-control': 'private,no-cache,max-age=0,must-revalidate', 'date': 'Fri, 07 Nov 2014 20:35:08 GMT', 'p3p': 'CP="NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA"', 'content-type': 'text/javascript;  charset=utf-8'}

RESPONSE BODY
{"Subscription": {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally.sandia.gov/slm/webservice/v2.0/subscription/5104", "_refObjectUUID": "9d281e41-9797-45b3-8a4d-b8d094008661", "_objectVersion": "16", "_refObjectName": "sandia_sierra_-132", "CreationDate": "2007-05-08T18:51:30.000Z", "_CreatedAt": "May 8, 2007", "ObjectID": 5104, "VersionId": "16", "ExpirationDate": "2015-01-01T07:00:00.000Z", "MaximumCustomUserFields": 5, "MaximumProjects": -1, "Modules": "Integration Hub,Rally Portfolio Manager,HP Integration,IBM Integration,Rally Quality Manager,Rally Support Manager,Rally Time Tracker,IP Restriction,Extension Whitelist,Usage Report", "Name": "sandia_sierra_-132", "PasswordExpirationDays": 0, "PreviousPasswordCount": 10, "ProjectHierarchyEnabled": true, "RevisionHistory": {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally.sandia.gov/slm/webservice/v2.0/revisionhistory/5624", "_refObjectUUID": "51b858f8-c388-4440-bf91-5d8f81407d93", "_type": "RevisionHistory"}, "SessionTimeoutSeconds": null, "StoryHierarchyEnabled": true, "StoryHierarchyType": "Unlimited", "SubscriptionID": 100, "SubscriptionType": "Enterprise", "Workspaces": {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "_ref": "https://rally.sandia.gov/slm/webservice/v2.0/Subscription/5104/Workspaces", "_type": "Workspace", "Count": 4}, "Errors": [], "Warnings": []}}

[stumpjumper]

I think I may have found the issue. Our on-premise Rally server uses LDAP for authentication. Thus when I look at my user information in Rally I have a "User Name" which is a full e-mail address joeuser@domain.com, and I have an "On-Premise LDAP User Name" which is just the username portion of the e-mail address, joeuser. When I create my Rally object I pass in my LDAP username and password, which allows authentication to work just fine. But I think the queries to Rally fail after that since PyRal has my LDAP username, not my Rally user name.

[stumpjumper]

I modified restapi.py and was able to get my code working again. Here are the changes I made

$ diff restapi.py /tmp/orig/restapi.py
175c175
<     def __init__(self, server=SERVER, user=None, auth_user=None, password=None, apikey=None, 
---
>     def __init__(self, server=SERVER, user=None, password=None, apikey=None,
177,182c177,181
<         self.server      = server 
<         self.user        = user      or USER_NAME
<         self.auth_user   = auth_user or self.user
<         self.password    = password  or PASSWORD
<         self.apikey      = apikey
<         self.version     = WS_API_VERSION  # we only support v2.0 now
---
>         self.server   = server 
>         self.user     = user     or USER_NAME
>         self.password = password or PASSWORD
>         self.apikey   = apikey
>         self.version  = WS_API_VERSION  # we only support v2.0 now
218c217
<             self.session.auth = requests.auth.HTTPBasicAuth(self.auth_user, self.password)
---
>             self.session.auth = requests.auth.HTTPBasicAuth(self.user, self.password)

[klehman-rally]

incorporated user contributed code in 1.1.1