The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using https://tickets.puppetlabs.com. See the following page for information on filing tickets with JIRA:

Feature #5126

Support Basic Auth in external_node registration script

Added by Stephen Sadowski over 5 years ago. Updated almost 5 years ago.

Status:ClosedStart date:10/27/2010
Priority:HighDue date:
Assignee:-% Done:

0%

Category:-
Target version:1.2.0
Keywords: Affected URL:
Branch:https://github.com/nfagerlund/puppet-dashboard/tree/ticket/next/5126 Affected Dashboard version:

Description

bin/external_node doesn’t work with basic auth in 1.0.3 or 1.0.4 – patch below.

Perhaps also consider that url parse should be used for user/password and host could be set via ARGV.

--- external_node.old   2010-10-27 19:51:50.000000000 +0000
+++ external_node.new   2010-10-27 19:55:32.000000000 +0000
@@ -12,11 +12,17 @@
 require 'uri'
 require 'net/http'

+USER=""
+PASSWORD=""
 BASE="http://localhost:3000"
 NODE = ARGV.first

 url = URI.parse("#{BASE}/nodes/#{NODE}")
+
 req = Net::HTTP::Get.new(url.path, 'Accept' => 'text/yaml')
+if (USER != "") then
+       req.basic_auth USER,PASSWORD
+end
 res = Net::HTTP.start(url.host, url.port) {|http| http.request(req) }

 case res
~           

Related issues

Related to Puppet - Bug #7173: Puppet master can't submit reports to an HTTP server usin... In Topic Branch Pending Review 04/19/2011

History

#1 Updated by James Turnbull over 5 years ago

  • Status changed from Unreviewed to Needs Decision
  • Assignee set to Nigel Kersten

#2 Updated by Nigel Kersten over 5 years ago

  • Status changed from Needs Decision to Needs More Information
  • Assignee changed from Nigel Kersten to Matt Robinson
  • Priority changed from Normal to High
  • Target version set to 1.0.5

Matt, I just picked on you, feel free to find another dev to work on this.

I really really need to know if this is still a problem in our proposed 1.0.5 code base. Feel free to grab a PS person to verify if needed.

#3 Updated by Nigel Kersten over 5 years ago

ping?

#4 Updated by Matt Robinson about 5 years ago

  • Status changed from Needs More Information to Accepted
  • Assignee deleted (Matt Robinson)

It’s hard to tell by reading the proposed patch, but wouldn’t this cause people NOT using Basic Auth to be unable to connect? Maybe you could submit the patch as a github branch? Hmm, it looks like it’s conditional on if you define USER, so something like that should work, but the patch looks like it got truncated and the file has changed quite a bit since the patch was submitted, so this would just be a guideline.

Perhaps this is something we want to add in a commented out portion of the script with comments explaining how to enable, or we make it so that you can change a variable to enable basic auth. We did something like this so that if you were using https in the url it would turn on SSL for you.

#5 Updated by Stephen Sadowski about 5 years ago

If the USER is not set, the basic_auth doesn’t get set.

The formatting for the patch is weird above.. but basically this takes care of someone who’s not using http auth:

+if (USER != “”) then + req.basic_auth USER,PASSWORD +end

#6 Updated by James Turnbull about 5 years ago

  • Target version deleted (1.0.5)

#7 Updated by Nick Fagerlund about 5 years ago

Matt and I were working on this this afternoon. Here’s an alternate patch that just parses the URL —– if it looks like http://puppet:puppet@redmaster.magpie.lan:3000, it’ll use auth; otherwise, not.

--- a/bin/external_node
+++ b/bin/external_node
@@ -29,6 +29,8 @@ url = ENV['PUPPET_DASHBOARD_URL'] || DASHBOARD_URL
 uri = URI.parse("#{url}/nodes/#{NODE}")
 require 'net/https' if uri.scheme == 'https'

+request = Net::HTTP::Get.new(uri.path, initheader = {'Accept' => 'text/yaml'})
+request.basic_auth uri.user, uri.password if uri.user
 http = Net::HTTP.new(uri.host, uri.port)
 if uri.scheme == 'https'
   cert = File.read(cert_path)
@@ -39,7 +41,8 @@ if uri.scheme == 'https'
   http.ca_file = ca_path
   http.verify_mode = OpenSSL::SSL::VERIFY_PEER
 end
-result = http.start { http.request_get(uri.path, 'Accept' => 'text/yaml') }
+result = http.start {|http| http.request(request)}
+

 case result
 when Net::HTTPSuccess; puts result.body; exit 0

The more verbose request building appears to be unfortunately necessary.

#8 Updated by Nick Fagerlund almost 5 years ago

  • Status changed from Accepted to In Topic Branch Pending Review
  • Branch changed from 1.0.4 to https://github.com/nfagerlund/puppet-dashboard/tree/ticket/next/5126

Patch mailed, seeking review.

#9 Updated by Nick Fagerlund almost 5 years ago

  • Status changed from In Topic Branch Pending Review to Merged - Pending Release

Reviewed by Jacob and pushed to next.

#10 Updated by James Turnbull almost 5 years ago

  • Target version set to 1.2.0

#11 Updated by Michael Stahnke almost 5 years ago

  • Status changed from Merged - Pending Release to Closed

in 1.2rc1

Also available in: Atom PDF