Reef: mgr/dashboard: Simplify authentication protocol #55689
Conversation
mcv21
requested review from
afreen23 and
nizamial09
and removed request for
a team
No, there were no conflicts cherry-picking the three commits from the original PR. |
By removing the dependency to PyJWT we also remove the dependency to the cryptographic library which in the dashboard module will create a crash. In newer implementations of the library PyO3 is used to run rust code in order to encrypt with Elliptic Curves. This is never used in the dashboard communication so a much simpler implementation where we only use the hmac sha256 algorithm to create the signed JWT message could be used. Fixes: https://forum.proxmox.com/threads/ceph-warning-post-upgrade-to-v8.129371 Signed-off-by: Daniel Persson <mailto.woden@gmail.com> (cherry picked from commit c616a9d)
Move the JWT requirement to the test requirements file. Also remove JWT from ceph specification and debian build. Signed-off-by: Daniel Persson <mailto.woden@gmail.com> (cherry picked from commit c1ea66f)
Seemed that the test dependencies was separated in two different requirements files one for the testing and one for linting. Added the JWT dependency in the linting file as well. Signed-off-by: Daniel Persson <mailto.woden@gmail.com> (cherry picked from commit 06765e6)
mcv21
force-pushed
the
wip-63529-reef
branch
from
90fb753
to
04b3792
Compare
|
jenkins retest this please |
|
@nizamial09 I don't know why the Pull Request Triage job is failing ("Could not resolve to a ProjectV2 with the number 2.") but I think that's a CI thing rather than a problem with the MR. |
you can ignore that failure (i remember fixing it in the main branch before and probably missed to backport it in other branches). once the other required checks like make check and api tests are passed, I'll merge this. thank you! |
|
@nizamial09 I'm not sure about the dashboard tests - I don't have permissions to view the images from the dashboard test job, and the e2e error log looks like a docker issue rather than a problem with this MR... |
the failures are known. so its okay. I'll trigger a shaman run just to make sure we are on the safe side here |
nizamial09
added
needs-qa
wip-nia-testing
wip-nizamial09-testing
and removed
wip-nia-testing
labels
|
shaman build passed ✔️ |
Removes the (limited) runtime usages of python-jwt, and therefore, python-cryptography from the mgr dashboard module. This should restore dashboard functionality, if used alongside a patched pyo3 for python-bcrypt. Upstream-Ref: ceph/ceph@33d8bef References: ceph/ceph#55689 References: https://tracker.ceph.com/issues/63529 References: #20 References: https://git.st8l.com/luxolus/pyo3/commit/44d6919168621b46e4e884130ca43338655b020c
Removes the (limited) runtime usages of python-jwt, and therefore, python-cryptography from the mgr dashboard module. This should restore dashboard functionality, if used alongside a patched pyo3 for python-bcrypt. Upstream-Ref: ceph/ceph@33d8bef References: ceph/ceph#55689 References: https://tracker.ceph.com/issues/63529 References: #20 References: https://git.st8l.com/luxolus/pyo3/commit/44d6919168621b46e4e884130ca43338655b020c
Removes the (limited) runtime usages of python-jwt, and therefore, python-cryptography from the mgr dashboard module. This should restore dashboard functionality, if used alongside a patched pyo3 for python-bcrypt. Upstream-Ref: ceph/ceph@33d8bef References: ceph/ceph#55689 References: https://tracker.ceph.com/issues/63529 References: #20 References: https://git.st8l.com/luxolus/pyo3/commit/44d6919168621b46e4e884130ca43338655b020c
This is a backport of #54710
Which is a partial fix for https://tracker.ceph.com/issues/63529
While it's not a total fix, it will enable the dashboard in reef on systems with a recent PyO3 (e.g. Debian Bookworm, Arch), so I think is a useful backport for reef.
Conflicts:
All three commits cherry-picked cleanly with no conflicts.