cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leo Simons <LSim...@schubergphilis.com>
Subject bug in CLOUDSTACK-6784: partially implemented "typeInfo" breaks signing
Date Thu, 05 Jun 2014 14:01:43 GMT
Hey folks,

I had a fun day trying to follow

  
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Marvin+-+Testing+wit
h+Python

I¹m on the master branch. I believe that the recent change

  
https://github.com/apache/cloudstack/commit/20a31b43d6c0b395c7f2c449ce2f486
665a2b55a#diff-09eb6591c1adb5cadc5ccfa9de8ffa6bR128

Causes that marvin-from-scratch process to fail, resulting in the server
complaining with messages like

  INFO  ... User signature: iuEkBp/8gHlaZjZflOr/gNLvly0= is not equaled to
computed signature: 7V3jl71SYNDHIbx4VTZDds7mQaA=

Which causes all marvin tests to fail. The reason is that the python
message digest calculation is using the whole typeInfo hash, i.e. In python

  
https://github.com/apache/cloudstack/blob/master/tools/marvin/marvin/clouds
tackConnection.py#L132

it considers the unencoded request to be (for example)

  
apikey=sb5gzz5autjcrxosf52ryvtvv6fsxwkmqtsjewvaiagq_p_ekxenr7ehjvc8s0j1ojcx
_nlyoqnukzzl4xlr9w
  &command=listdomains
  &response=json
  &typeinfo=%7b%27name%27%3a%20%27string%27%2c%20%27
    keyword%27%3a%20%27string%27%2c%20%27level%27%3a%20%27
    integer%27%2c%20%27id%27%3a%20%27
    uuid%27%2c%20%27pagesize%27%3a%20%27integer%27%2c%20%27
    page%27%3a%20%27
    integer%27%2c%20%27listall%27%3a%20%27boolean%27%7d


whereas on the java side

  
https://github.com/apache/cloudstack/blob/master/server/src/com/cloud/api/A
piServer.java#L815

somehow the typeInfo is collapsed, so it¹s unencoded request looks
something like

  
apikey=sb5gzz5autjcrxosf52ryvtvv6fsxwkmqtsjewvaiagq_p_ekxenr7ehjvc8s0j1ojcx
_nlyoqnukzzl4xlr9w
    &command=listdomains
    &response=json
    &typeinfo=listall



And so the digests don¹t match. With the patch below to filter out type
info from digest calculation, marvin tests work for me, though with many
warnings like

  WARN Š Received unknown parameters for command addRegion. Unknown
parameters : typeinfo

Obviously that's a pretty horrible patch and it should not be appliedŠI
don¹t know enough about the codebase yet to suggest what the right fix
would be. (My best guess for why this problem wasn¹t caught earlier/yet is
that it requires re-generating the api code and then re-installing the
marvin package before it becomes a problem.)

SoŠmy best suggestion for now (based on pretty limited understanding)
would be to move the typeInfo support to a feature branch until it¹s also
fully implemented server-side?


Cheers,


Leo

-----

diff --git a/server/src/com/cloud/api/ApiServer.java
b/server/src/com/cloud/api/ApiServer.java
index cd1f81a..2a888ad 100755
--- a/server/src/com/cloud/api/ApiServer.java
+++ b/server/src/com/cloud/api/ApiServer.java
@@ -827,6 +827,10 @@ public class ApiServer extends ManagerBase implements
HttpRequestHandler, ApiSer
                         expires = paramValue;
                     }
 
+                    if ("typeInfo".equals(paramName)) {
+                        continue;
+                    }
+
                     if (unsignedRequest == null) {
                         unsignedRequest = paramName + "=" +
URLEncoder.encode(paramValue, UTF_8).replaceAll("\\+", "%20");
                     } else {
diff --git a/tools/marvin/marvin/cloudstackConnection.py
b/tools/marvin/marvin/cloudstackConnection.py
index c49edf3..aa044b5 100644
--- a/tools/marvin/marvin/cloudstackConnection.py
+++ b/tools/marvin/marvin/cloudstackConnection.py
@@ -145,8 +145,10 @@ class CSConnection(object):
                  str.lower(
                      urllib.quote_plus(str(r[1]))
                 ).replace("+", "%20")]
-            ) for r in params]
+            ) for r in params if r[0] != "typeInfo"]
         )
signature = base64.encodestring(hmac.new(
             self.securityKey, hash_str, hashlib.sha1).digest()).strip()
         return signature


Mime
View raw message