Issue #8584: ACME communication with dogtag REST endpoints should be using the cookie it creates - freeipa

freeipa

#8584 ACME communication with dogtag REST endpoints should be using the cookie it creates

Closed: fixed 3 years ago by abbra. Opened 3 years ago by abbra.

The cookie in ACME processing was supposed to be passed as a part of the REST request but we did not pass those additional headers. Pylint on Rawhide noticed that headers objects were left unused.

2020-11-13T11:26:46.1038078Z Please wait ...
2020-11-13T11:26:46.1038385Z 
2020-11-13T11:28:02.8563776Z ************* Module ipaserver.install.ipa_acme_manage
2020-11-13T11:28:02.8565974Z ipaserver/install/ipa_acme_manage.py:50: [W0612(unused-variable), acme_state.__exit__] Unused variable 'headers')
2020-11-13T11:28:02.8567071Z ipaserver/install/ipa_acme_manage.py:57: [W0612(unused-variable), acme_state.enable] Unused variable 'headers')
2020-11-13T11:28:02.8568031Z ipaserver/install/ipa_acme_manage.py:63: [W0612(unused-variable), acme_state.disable] Unused variable 'headers')
2020-11-13T11:28:03.0414660Z ipaserver/install/ipa_acme_manage.py:50: [W0612(unused-variable), acme_state.__exit__] Unused variable 'headers')
2020-11-13T11:28:03.0416409Z ipaserver/install/ipa_acme_manage.py:57: [W0612(unused-variable), acme_state.enable] Unused variable 'headers')
2020-11-13T11:28:03.0417399Z ipaserver/install/ipa_acme_manage.py:63: [W0612(unused-variable), acme_state.disable] Unused variable 'headers')
2020-11-13T11:28:03.4562279Z ipaserver/install/ipa_acme_manage.py:50: [W0612(unused-variable), acme_state.__exit__] Unused variable 'headers')
2020-11-13T11:28:03.4563879Z ipaserver/install/ipa_acme_manage.py:57: [W0612(unused-variable), acme_state.enable] Unused variable 'headers')
2020-11-13T11:28:03.4565294Z ipaserver/install/ipa_acme_manage.py:63: [W0612(unused-variable), acme_state.disable] Unused variable 'headers')
2020-11-13T11:28:03.8391323Z ipaserver/install/ipa_acme_manage.py:50: [W0612(unused-variable), acme_state.__exit__] Unused variable 'headers')
2020-11-13T11:28:03.8393040Z ipaserver/install/ipa_acme_manage.py:57: [W0612(unused-variable), acme_state.enable] Unused variable 'headers')
2020-11-13T11:28:03.8393811Z ipaserver/install/ipa_acme_manage.py:63: [W0612(unused-variable), acme_state.disable] Unused variable 'headers')
2020-11-13T11:28:06.8384030Z ipaserver/install/ipa_acme_manage.py:50: [W0612(unused-variable), acme_state.__exit__] Unused variable 'headers')
2020-11-13T11:28:06.8385241Z ipaserver/install/ipa_acme_manage.py:57: [W0612(unused-variable), acme_state.enable] Unused variable 'headers')
2020-11-13T11:28:06.8385979Z ipaserver/install/ipa_acme_manage.py:63: [W0612(unused-variable), acme_state.disable] Unused variable 'headers')
2020-11-13T11:28:08.5773358Z ipaserver/install/ipa_acme_manage.py:50: [W0612(unused-variable), acme_state.__exit__] Unused variable 'headers')
2020-11-13T11:28:08.5775131Z ipaserver/install/ipa_acme_manage.py:57: [W0612(unused-variable), acme_state.enable] Unused variable 'headers')
2020-11-13T11:28:08.5776117Z ipaserver/install/ipa_acme_manage.py:63: [W0612(unused-variable), acme_state.disable] Unused variable 'headers')
2020-11-13T11:28:08.7965764Z ipaserver/install/ipa_acme_manage.py:50: [W0612(unused-variable), acme_state.__exit__] Unused variable 'headers')
2020-11-13T11:28:08.7967422Z ipaserver/install/ipa_acme_manage.py:57: [W0612(unused-variable), acme_state.enable] Unused variable 'headers')
2020-11-13T11:28:08.7968600Z ipaserver/install/ipa_acme_manage.py:63: [W0612(unused-variable), acme_state.disable] Unused variable 'headers')
2020-11-13T11:28:09.0848289Z ipaserver/install/ipa_acme_manage.py:50: [W0612(unused-variable), acme_state.__exit__] Unused variable 'headers')
2020-11-13T11:28:09.0849746Z ipaserver/install/ipa_acme_manage.py:57: [W0612(unused-variable), acme_state.enable] Unused variable 'headers')
2020-11-13T11:28:09.0850573Z ipaserver/install/ipa_acme_manage.py:63: [W0612(unused-variable), acme_state.disable] Unused variable 'headers')

and so on.

I have a fix in my Rawhide adaptation patchset:
https://github.com/freeipa/freeipa/pull/5258/commits/a249c4d14a1c4a9fe87bb1e3436cb3d065de606d

rcritten commented 3 years ago

I fixed it in a slightly different way. There is a **kw option available to pass things like the set of headers so I used that interface.

PR https://github.com/freeipa/freeipa/pull/5271

Metadata Update from @abbra:
- Assignee reset

3 years ago

Metadata Update from @abbra:
- Issue assigned to rcritten

3 years ago

abbra commented 3 years ago

master:

f513a55 ipa-kdb: fix gcc complaints
fc11c56 ipa-kdb: fix gcc complaints in kdb tests
d99b7d0 ipa-sam: fix gcc complaints on Rawhide
b36f224 ipa-otpd: fix gcc complaints in Rawhide
935a461 ipa-acme-manage: user a cookie created for the communication with dogtag REST endpoints
6e1eaad Azure CI: use Ubuntu-20.04 image by default
1bf0d62 Azure CI: use PPA to provide newer libseccomp version
2e382cd Drop upper bound on krb5 version in freeipa.spec
39d0dd3 spec: use pkgconf to find out krb5 version
f977629 Azure CI: mask chronyd in the container

Metadata Update from @abbra:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata

Assignee

rcritten

Tags

None

Blocking

None

Depending on

None

Priority

critical

Milestone

FreeIPA 4.9

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

freeipa

Source Code

#8584 ACME communication with dogtag REST endpoints should be using the cookie it creates Closed: fixed 3 years ago by abbra. Opened 3 years ago by abbra.

Metadata

#8584 ACME communication with dogtag REST endpoints should be using the cookie it creates

Closed: fixed 3 years ago by abbra. Opened 3 years ago by abbra.