Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Client command should urlencode password #210

Closed
mogul opened this issue Mar 29, 2021 · 1 comment
Closed

[BUG] Client command should urlencode password #210

mogul opened this issue Mar 29, 2021 · 1 comment
Assignees
@winnab
Labels
bug Something isn't working good first issue Good for newcomers help wanted The team has de-prioritized this and could use your help!

Comments

@mogul
Copy link
Contributor

mogul commented Mar 29, 2021
edited

Description

GIVEN the broker is serving based on the password from the SECURITY_USER_PASSWORD environment variable
AND the SECURITY_USER_PASSWORD contains a URL-sensitive symbol such as %
WHEN I run cloud-service-broker client catalog...

Expected Behavior

...THEN I should see the catalog command complete successfully

Actual Behavior

...BUT instead I see

2021/03/29 18:54:57 Could not create API client: parse "http://f9a544d5-0fe9-90cd-5e4c-8bc9b3a2e4fa:M*P2JFDsE3i@[+zX@localhost:8080/v2/": net/url: invalid userinfo

Possible Fix

The password should be URL-encoded before generating the client URL string here:
https://github.com/cloudfoundry-incubator/cloud-service-broker/blob/82ec90df2e9d5c9b8f3a49e87d40f9401bfc4d97/pkg/client/client.go#L51

Steps to Reproduce

  1. Get CSB running with a valid configuration.
  2. Set the password to one with a % in it.
  3. Run cloud-service-broker serve
  4. Run cloud-service-broker client catalog

Context

We run the CSB as a Cloud Foundry app. Sometimes CF and the CSB get out of sync when a binding operations times out and we need to manually clean up service instances. On the CF side, we do cf purge-service-instance. Then we cf ssh into the CSB application, and run cloud-service-broker client [unbind|deprovision] .... If the password that was used for the app includes a % you get confusing Not authorized responses even though you're using the exact same password that the CSB is pulling from the environment when CF ran cloud-service-broker serve as a startup command. You have to know that the password needs to be url-encoded before it can be used by the client command, and take the extra step to urlencode it yourself.

Your Environment

  • Version used: latest
  • Operating System and version (desktop): N/A
  • Link to your project (if public): https://github.com/GSA/datagov-ssb
  • Platform (Azure/AWS/GCP): N/A
  • Applicable Services: N/A
@mogul mogul added the bug Something isn't working label Mar 29, 2021
@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/177548318

The labels on this github issue will be updated when the story is started.

@winnab winnab added good first issue Good for newcomers help wanted The team has de-prioritized this and could use your help! labels Apr 6, 2021
dmachard added a commit to dmachard/cloud-service-broker that referenced this issue Apr 20, 2021
@dmachard
fix for issue cloudfoundry#210
b02e151
@dmachard dmachard mentioned this issue Apr 20, 2021
Merged
pivotal-marcela-campo pushed a commit that referenced this issue Apr 22, 2021
@dmachard
fix for issue #210 (#229)
fb381d8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@winnab winnab

Labels
bug Something isn't working good first issue Good for newcomers help wanted The team has de-prioritized this and could use your help!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mogul @winnab @cf-gitbot @pivotal-marcela-campo