Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Digest auth support for uri module #17089

Closed
wants to merge 1 commit into from
Closed

Add Digest auth support for uri module #17089

wants to merge 1 commit into from

Conversation

SergK
Copy link

@SergK SergK commented Aug 15, 2016

ISSUE TYPE
  • Bug Report
ANSIBLE VERSION
ansible 2.1.0.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides
CONFIGURATION

default

OS / ENVIRONMENT

ansible host:

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS"

target host:

dockerized - Debian GNU/Linux 8 (jessie)
SUMMARY

Digest authentication mechanism doesn't work for uri module

STEPS TO REPRODUCE

gerrit-user.json

    {
    "name": "Gerrit User",
    "email": "john.doe@example.com",
    "ssh_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3KFWWQvwOJXgTsS9UOsjO4eT9I1mZ+KV0Fo3b8wLmO4SyCwpFSIB14Yn9BkvCZJbjJ6jwrd49rPw1jmAvNkRO38zrq64V+7Pjo5FYGsV1JlqLVIt2td27QHUGocqd/VxmSxDvMy29Y1XBummzl2KN+4LfClKdfISZeWHzRuLENxdP446bvIkZopwKfL+PGQEMGy96h9f2DH7UrwJ+r0XANlmSOpqrgwtU8H5zanveUQLYk4+WdlAmbRu44Lgwz3tSZL5ux0OCk9z+W7TuNkgvuT+nIRg/5bAi46nq9mnV8qAyHTpH0C2qeqtH0QjJk796I+AxOJGPIZx6jfmTRWMp gerrit@example.com",
    "http_password": "aaaaa",
    "groups": [
      "Non-Interactive Users"
    ]
  }

For now work around is to use curl:

curl -X PUT --digest --user admin:secret --data-binary @gerrit-user.json --header "Content-Type: application/json" http://localhost:8080/a/accounts/john

Use uri module instead of curl

# ansible playbook snip:
- uri:
    url: http://localhost:8080/a/accounts/john
    method: PUT
    user: admin
    password: secret
    body: "{{ lookup('file','gerrit-user.json') }}"
    status_code: 201
    body_format: json
    validate_certs: no
    headers:
      Content-Type: application/json
EXPECTED RESULTS

Digest Auth works as expected

ACTUAL RESULTS
TASK [gerrit : uri] ************************************************************
task path: /home/sergk/projects/ansible/roles/gerrit/tasks/manage.yml:13
<ci-gerrit> ESTABLISH DOCKER CONNECTION FOR USER: root
<ci-gerrit> EXEC ['/usr/bin/docker', 'exec', '-u', u'root', '-i', u'ci-gerrit', u'/bin/sh', '-c', u'/bin/sh -c \'( umask 77 && mkdir -p "` echo /tmp/.ansible/ansible-tmp-1470233480.82-148065190795595 `" && echo ansible-tmp-1470233480.82-148065190795595="` echo /tmp/.ansible/ansible-tmp-1470233480.82-148065190795595 `" ) && sleep 0\'']
<ci-gerrit> PUT /tmp/tmpHR_lO5 TO /tmp/.ansible/ansible-tmp-1470233480.82-148065190795595/uri
<ci-gerrit> EXEC ['/usr/bin/docker', 'exec', '-u', u'root', '-i', u'ci-gerrit', u'/bin/sh', '-c', u'/bin/sh -c \'LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=en_US.UTF-8 /usr/bin/env python /tmp/.ansible/ansible-tmp-1470233480.82-148065190795595/uri; rm -rf "/tmp/.ansible/ansible-tmp-1470233480.82-148065190795595/" > /dev/null 2>&1 && sleep 0\'']
fatal: [ci-gerrit]: FAILED! => {"cache_control": "no-cache, no-store, max-age=0, must-revalidate", "changed": false, "connection": "close", "content": "Unauthorized", "content_length": "12", "content_type": "text/plain; charset=ISO-8859-1", "date": "Wed, 03 Aug 2016 14:11:21 GMT", "expires": "Fri, 01 Jan 1990 00:00:00 GMT", "failed": true, "invocation": {"module_args": {"backup": null, "body": {"email": "john.doe@example.com", "groups": ["Non-Interactive Users"], "http_password": "aaaaa", "name": "Gerrit User", "ssh_key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQD3KFWWQvwOJXgTsS9UOsjO4eT9I1mZ+KV0Fo3b8wLmO4SyCwpFSIB14Yn9BkvCZJbjJ6jwrd49rPw1jmAvNkRO38zrq64V+7Pjo5FYGsV1JlqLVIt2td27QHUGocqd/VxmSxDvMy29Y1XBummzl2KN+4LfClKdfISZeWHzRuLENxdP446bvIkZopwKfL+PGQEMGy96h9f2DH7UrwJ+r0XANlmSOpqrgwtU8H5zanveUQLYk4+WdlAmbRu44Lgwz3tSZL5ux0OCk9z+W7TuNkgvuT+nIRg/5bAi46nq9mnV8qAyHTpH0C2qeqtH0QjJk796I+AxOJGPIZx6jfmTRWMp gerrit@example.com"}, "body_format": "json", "content": null, "creates": null, "delimiter": null, "dest": null, "directory_mode": null, "follow": false, "follow_redirects": "safe", "force": false, "force_basic_auth": false, "group": null, "headers": {"Content-Type": "application/json"}, "http_agent": "ansible-httpget", "method": "PUT", "mode": null, "owner": null, "password": "secret", "regexp": null, "remote_src": null, "removes": null, "return_content": false, "selevel": null, "serole": null, "setype": null, "seuser": null, "src": null, "status_code": ["201"], "timeout": 30, "url": "http://localhost:8080/a/accounts/john", "url_password": "secret", "url_username": "admin", "use_proxy": true, "user": "admin", "validate_certs": false}, "module_name": "uri"}, "msg": "Status code was not [201]: HTTP Error 401: Unauthorized", "pragma": "no-cache", "redirected": false, "status": 401, "url": "http://localhost:8080/a/accounts/john", "www_authenticate": "Digest realm=\"Gerrit Code Review\", domain=\"http://localhost:8080/\", qop=\"auth\", nonce=\"SRKqsFiUYVh8DNURJ28iG5o49b17WDobRQV4DQ==$\""}

PLAY RECAP *********************************************************************
ci-gerrit              : ok=24   changed=15   unreachable=0    failed=1

It seems that we don't have Digest Auth support in urls.py

@alikins alikins added this to the 2.2.0 milestone Aug 15, 2016
@bart2 bart2 mentioned this pull request Dec 4, 2016
Merged
@ansibot ansibot added affects_2.3 This issue/PR affects Ansible v2.3 bugfix_pullrequest c:module_utils/ labels Dec 13, 2016
@ansibot ansibot added needs_rebase https://docs.ansible.com/ansible/devel/dev_guide/developing_rebasing.html needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. labels Dec 15, 2016
@mattclay
Copy link
Member

@SergK Thanks for the original fix. This has been merged as part of #18736.

@mattclay mattclay closed this Dec 22, 2016
@ansibot ansibot added feature This issue/PR relates to a feature request. bug This issue/PR relates to a bug. and removed feature_pull_request labels Mar 4, 2018
@ansible ansible locked and limited conversation to collaborators Apr 26, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
affects_2.3 This issue/PR affects Ansible v2.3 bug This issue/PR relates to a bug. c:module_utils/ feature This issue/PR relates to a feature request. needs_rebase https://docs.ansible.com/ansible/devel/dev_guide/developing_rebasing.html needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR.
Projects
None yet
Milestone
2.2.0
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@SergK @mattclay @alikins @bcoca @ansibot