pungi

Clone

#1635 Ignore existing kerberos ticket for CTS auth
Merged 2 years ago by lsedlar. Opened 2 years ago by lsedlar.
lsedlar/pungi cts-ignore-ticket  into  master

file modified
+2 
@@ -102,6 +102,7 @@ 
 

              if "$HOSTNAME" in cts_keytab:
 

                  cts_keytab = cts_keytab.replace("$HOSTNAME", socket.gethostname())
 

              os.environ["KRB5_CLIENT_KTNAME"] = cts_keytab
 

+             os.environ["KRB5CCNAME"] = "DIR:%s" % tempfile.mkdtemp()
 

  

          try:
 

              # Create compose in CTS and get the reserved compose ID.
 
@@ -116,6 +117,7 @@ 
 

              rv.raise_for_status()
 

          finally:
 

              if cts_keytab:
 

+                 shutil.rmtree(os.environ["KRB5CCNAME"].split(":", 1)[1])
 

                  os.environ.clear()
 

                  os.environ.update(environ_copy)

Point KRB5CCNAME to a fresh directory. This should avoid problems if there is a valid existing ticket without the required builder permissions.

Looks good to me. :thumbsup:

rebased onto f07f07f975f64408b1061dc37e8fd3c909a7252a
2 years ago

When KRB5CCNAME is set to a path only, it expects a file, which needs to be deleted with os.remove. But this patch already puts a directory in there. A directory can be used for the credentials cache by prefixing it with DIR:, which slightly complicates the cleanup.
Edited 2 years ago by lsedlar

rebased onto 0f4c48bfa61cb0191b3b3f7af45a34a5eaf580dd
2 years ago

rebased onto fa967f7
2 years ago

Pull-Request has been merged by lsedlar
2 years ago
Metadata
None
No Tags
Changes Summary 1
+2 -0
file changed
pungi/compose.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.