Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nautilus: mgr/dashboard: fix error when enabling SSO with cert. file #34129

Merged
merged 1 commit into from Apr 3, 2020
Merged

nautilus: mgr/dashboard: fix error when enabling SSO with cert. file #34129

merged 1 commit into from Apr 3, 2020

Conversation

alfonsomthd
Copy link
Contributor

Since in master the solution is pure py3 code,
instead of backporting I've created this commit that provides py2 compatibility code.

Fixes: https://tracker.ceph.com/issues/44666

Checklist

  • References tracker ticket
  • Updates documentation if necessary
  • Includes tests for new functionality or reproducer for bug
Show available Jenkins commands
  • jenkins retest this please
  • jenkins test crimson perf
  • jenkins test signed
  • jenkins test make check
  • jenkins test make check arm64
  • jenkins test submodules
  • jenkins test dashboard
  • jenkins test dashboard backend
  • jenkins test docs
  • jenkins render docs
  • jenkins test ceph-volume all
  • jenkins test ceph-volume tox

@alfonsomthd alfonsomthd requested review from LenzGr, callithea, epuertat and a team March 23, 2020 17:47
epuertat
epuertat approved these changes Mar 23, 2020
View reviewed changes
Copy link
Member

@epuertat epuertat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, thanks @alfonsomthd ! Just a few comments.

src/pybind/mgr/dashboard/services/sso.py Outdated
@@ -186,13 +187,13 @@ def handle_sso_command(cmd):
# pylint: disable=redefined-builtin
FileNotFoundError = IOError
try:
f = open(sp_x_509_cert, 'r')
f = open(sp_x_509_cert, 'r', encoding='utf-8') if six.PY3 else open(sp_x_509_cert, 'rb')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 alternatives:

from io import open # py27 - py3 compatible

open(sp_x_509_cert, 'r')  # io.open 'encoding' defaults to 'UTF-8'
>>> <_io.TextIOWrapper name='/tmp/ycm_0lpood4k.log' encoding='utf-8'>
  • Alternatively, what about a more compact form?
Suggested change
f = open(sp_x_509_cert, 'r', encoding='utf-8') if six.PY3 else open(sp_x_509_cert, 'rb')
f = open(sp_x_509_cert, 'r', **{'encoding':'utf-8'} if six.PY3 else {})

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried this solution (from io) but in this case it does not work for py2. i.e. later idp_metadata parsing crashes.

src/pybind/mgr/dashboard/services/sso.py Outdated
Comment on lines 190 to 196
f = open(sp_x_509_cert, 'r', encoding='utf-8') if six.PY3 else open(sp_x_509_cert, 'rb')
sp_x_509_cert = f.read()
f.close()
except FileNotFoundError:
pass
try:
f = open(sp_private_key, 'r')
f = open(sp_private_key, 'r', encoding='utf-8') if six.PY3 else open(sp_private_key, 'rb')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand you don't want to change this too much compared to master/octopus, but I wanted to bring in the context manager form:

with open() as f:
  sp_private_key = f.read()
# no need to explicitly close

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Provided it's a bugfix, I prefer to introduce the minimal changes in code structure.

@alfonsomthd
mgr/dashboard: fix error when enabling SSO with cert. file
3dbadfd 
Nautilus dedicated fix: added py2 compatibility code.
Also:
* Disabled security setting 'wantNameIdEncrypted': not all Identity Providers support this and we are already requiring encrypted assertions (which is the default).

Fixes: https://tracker.ceph.com/issues/44666
Signed-off-by: Alfonso Martínez <almartin@redhat.com>
@alfonsomthd alfonsomthd force-pushed the nautilus-44666-fix-sso-certificate-file branch from d6aac21 to 3dbadfd Compare March 24, 2020 08:39
@tchaikov tchaikov added this to the nautilus milestone Mar 25, 2020
@smithfarm smithfarm changed the title nautilus mgr/dashboard: fix error when enabling SSO with cert. file nautilus: mgr/dashboard: fix error when enabling SSO with cert. file Mar 25, 2020
callithea
callithea approved these changes Mar 31, 2020
View reviewed changes
Copy link
Member

@callithea callithea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@callithea
Copy link
Member

jenkins test make check

1 similar comment
@callithea
Copy link
Member

jenkins test make check

@tchaikov
Copy link
Contributor

tchaikov commented Apr 3, 2020
edited

i was testing the python3 changes in qa/ directory along with this change, so there were lots of noises. but none of the failures were related to this change.

@LenzGr LenzGr merged commit d2ed5cd into ceph:nautilus Apr 3, 2020
@alfonsomthd alfonsomthd deleted the nautilus-44666-fix-sso-certificate-file branch April 9, 2020 07:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@callithea callithea callithea approved these changes

@epuertat epuertat epuertat approved these changes

@LenzGr LenzGr Awaiting requested review from LenzGr

Assignees
No one assigned
Labels
bug-fix dashboard
Projects
None yet
Milestone
nautilus
5 participants
@alfonsomthd @callithea @tchaikov @epuertat @LenzGr