New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nautilus: mgr/dashboard: fix error when enabling SSO with cert. file #34129
nautilus: mgr/dashboard: fix error when enabling SSO with cert. file #34129
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great, thanks @alfonsomthd ! Just a few comments.
@@ -186,13 +187,13 @@ def handle_sso_command(cmd): | |||
# pylint: disable=redefined-builtin | |||
FileNotFoundError = IOError | |||
try: | |||
f = open(sp_x_509_cert, 'r') | |||
f = open(sp_x_509_cert, 'r', encoding='utf-8') if six.PY3 else open(sp_x_509_cert, 'rb') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2 alternatives:
- From this:
from io import open # py27 - py3 compatible
open(sp_x_509_cert, 'r') # io.open 'encoding' defaults to 'UTF-8'
>>> <_io.TextIOWrapper name='/tmp/ycm_0lpood4k.log' encoding='utf-8'>
- Alternatively, what about a more compact form?
f = open(sp_x_509_cert, 'r', encoding='utf-8') if six.PY3 else open(sp_x_509_cert, 'rb') | |
f = open(sp_x_509_cert, 'r', **{'encoding':'utf-8'} if six.PY3 else {}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried this solution (from io
) but in this case it does not work for py2. i.e. later idp_metadata parsing crashes.
f = open(sp_x_509_cert, 'r', encoding='utf-8') if six.PY3 else open(sp_x_509_cert, 'rb') | ||
sp_x_509_cert = f.read() | ||
f.close() | ||
except FileNotFoundError: | ||
pass | ||
try: | ||
f = open(sp_private_key, 'r') | ||
f = open(sp_private_key, 'r', encoding='utf-8') if six.PY3 else open(sp_private_key, 'rb') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand you don't want to change this too much compared to master/octopus, but I wanted to bring in the context manager form:
with open() as f:
sp_private_key = f.read()
# no need to explicitly close
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Provided it's a bugfix, I prefer to introduce the minimal changes in code structure.
Nautilus dedicated fix: added py2 compatibility code. Also: * Disabled security setting 'wantNameIdEncrypted': not all Identity Providers support this and we are already requiring encrypted assertions (which is the default). Fixes: https://tracker.ceph.com/issues/44666 Signed-off-by: Alfonso Martínez <almartin@redhat.com>
d6aac21
to
3dbadfd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
jenkins test make check |
1 similar comment
jenkins test make check |
i was testing the python3 changes in qa/ directory along with this change, so there were lots of noises. but none of the failures were related to this change. |
Since in master the solution is pure py3 code,
instead of backporting I've created this commit that provides py2 compatibility code.
Fixes: https://tracker.ceph.com/issues/44666
Checklist
Show available Jenkins commands
jenkins retest this please
jenkins test crimson perf
jenkins test signed
jenkins test make check
jenkins test make check arm64
jenkins test submodules
jenkins test dashboard
jenkins test dashboard backend
jenkins test docs
jenkins render docs
jenkins test ceph-volume all
jenkins test ceph-volume tox