chef / mixlib-authentication Goto Github PK
View Code? Open in Web Editor NEWAuthN signing and verification. Appears in both the client and server
License: Apache License 2.0
mixlib-authentication's Issues
Version 1.4.3 breaks the Chef gem < 14, berks, and Chefspec gems
Hi,
Earlier today we had builds starting to fail around our chef cookbooks and roles uploads. Upon inspecting I determined that this is caused by version 1.4.3 of mixlib-authentication, albeit kind of indirectly.
As you can see both have errors using the chef-linked gems:
Roles - using berks
bundler: failed to load command: berks (/var/app/jenkins/bundles/ruby/2.3.0/bin/berks)
NoMethodError: undefined method `trace' for #Logger:0x007f6f5f75f578App cookbook - chefspec
- bundle exec rspec
Chef encountered an error attempting to load the node data for "chefspec"
Unexpected Error:
NoMethodError: undefined method `trace' for #Logger:0x007fe5444919a8
Did you mean? trace_var
trap
This gem is used by basically any gem that wants to speak to the Chef server. This includes chefspec, berks (via ridley gem) etc. This is made worse by those gems in question having the following version requirements:
chef (versions 12.x and 13.x): (~> 1.4)
ridley (5.1.1): (>=1.3.0)
It appears this change: 23e5b67
Depends on this in the mixlib-log gem (in version 2.1.0) : chef/mixlib-log@6bf78bb#diff-19783d72fc4cc244ae938eef663eb3a9
However, walking and resolving our gemfile dependencies doesn't give us this version. Our Chef gems (of varying versions) ask for mixlib-log (~> 1.3) picking up 1.7.0. This causes it to go boom with this version of mixlib-authentication.
mixlib-authentication is a dependency of the chef gem and berkshelf (via the Ridley gem). Version 1.4.3 which uses functionality from mixlib-log but this functionality was only added in mixlib-log 2.1.0 and this version isn’t a dependency of mixlib-authentication.
The issue in our case is the versions of the chef gem/berkshelf we use want mixlib-log (~> 1.3). This causes it to blow up because the functionality used by mixlib-authentication isn’t present in the version of mixlib-log we pull in (1.7.0). I expect this isn’t the case in Chef 14 but this essentially breaks the chef (12/13) gems with this change. All the chef versions before 14 and berkshelf/ridley want mixlib-authentication ~> 1.4 hence when 1.4.3 was released it gets pulled in and causes the chef and berkshelf gems to break.
I'm not sure what the best fix is here but this is basically a breaking change via dependencies and it being a patch release isn't being great as it is being picked up everywhere as shown above.
Hashed Path HTTP header violates RFC
Hey there,
I've recently discovered that the authentication headers created by Mixlib::Authentication are actually in violation of Internet RFCs. Specifically, HTTP headers cannot contain space characters. Unfortunately, due to this it is causing issues with other software I am using that sees this as an invalid request.
Should we consider revising this to no longer use the space in the header?
In rfc2616 an HTTP header name is defined as such:
CTL = <any US-ASCII control character
(octets 0 - 31) and DEL (127)>
...
token = 1*<any CHAR except CTLs or separators>
separators = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT
...
message-header = field-name ":" [ field-value ]
field-name = token
Per this RFC, a token cannot contain spaces and an HTTP field header is considered a token.
Cheers!
-Tim
Dependabot can't parse your Gemfile
Dependabot couldn't parse the Gemfile found at /Gemfile.
The error Dependabot encountered was:
Dependabot only supports uninterpolated string arguments to eval_gemfile. Got `__FILE__ + ".local"`
Gem::ImpossibleDependenciesError
gem install chef results in the following.
ERROR: While executing gem ... (Gem::ImpossibleDependenciesError)
mixlib-authentication-1.4.0 requires rspec-core (~> 3.2) but it conflicted:
Activated rspec-core-3.4.2 instead of (= 3.5.0.beta1) via:
rspec-3.5.0.beta1, serverspec-2.29.2, chef-12.7.2
1.4.0 tag missing
looks like 1.4.0 tag was not pushed:
https://github.com/chef/mixlib-authentication/releases
perhaps even some more commits to master missing?
https://rubygems.org/gems/mixlib-authentication has more versions than in github:
- 1.4.0 - January 19, 2016 (22 KB)
- 1.4.0.rc.1 - December 16, 2015 (22 KB)
- 1.4.0.rc.0 - December 11, 2015 (22 KB)
Version 1.4.3 introduces logger bug
➜ test git:(knife_fix) ✗ bundle exec knife role list -VV
INFO: Using configuration from /Users/matt/.chef/knife.rb
DEBUG: Chef::HTTP calling Chef::HTTP::JSONInput#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::JSONOutput#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::CookieManager#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::Decompressor#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::Authenticator#handle_request
DEBUG: Signing the request as matt
/Users/matt/.rvm/gems/ruby-2.3.0/gems/mixlib-log-1.7.1/lib/mixlib/log.rb:152:in `block in method_missing': undefined method `trace' for #<Logger:0x007fccffed13f8> (NoMethodError)
Did you mean? trace_var
trap
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/mixlib-log-1.7.1/lib/mixlib/log.rb:152:in `each'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/mixlib-log-1.7.1/lib/mixlib/log.rb:152:in `method_missing'
from /Users/matt/.rvm/gems/ruby-2.3.0/bundler/gems/mixlib-authentication-a5b9bc93e291/lib/mixlib/authentication/signedheaderauth.rb:250:in `do_sign'
from /Users/matt/.rvm/gems/ruby-2.3.0/bundler/gems/mixlib-authentication-a5b9bc93e291/lib/mixlib/authentication/signedheaderauth.rb:111:in `sign'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http/auth_credentials.rb:51:in `signature_headers'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http/authenticator.rb:102:in `authentication_headers'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http/authenticator.rb:51:in `handle_request'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http.rb:296:in `block in apply_request_middleware'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http.rb:294:in `each'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http.rb:294:in `inject'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http.rb:294:in `apply_request_middleware'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http.rb:146:in `request'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http.rb:115:in `get'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/role.rb:207:in `list'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/knife/role_list.rb:38:in `run'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/knife.rb:443:in `block in run_with_pretty_exceptions'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/local_mode.rb:44:in `with_server_connectivity'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/knife.rb:442:in `run_with_pretty_exceptions'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/knife.rb:219:in `run'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/application/knife.rb:156:in `run'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/bin/knife:25:in `<top (required)>'
from /Users/matt/.rvm/gems/ruby-2.3.0/bin/knife:23:in `load'
from /Users/matt/.rvm/gems/ruby-2.3.0/bin/knife:23:in `<main>'
from /Users/matt/.rvm/gems/ruby-2.3.0/bin/ruby_executable_hooks:15:in `eval'
from /Users/matt/.rvm/gems/ruby-2.3.0/bin/ruby_executable_hooks:15:in `<main>'
Gemfile:
source 'https://rubygems.org'
gem 'chef', '~> 12.21.0'
gem 'mixlib-authentication', '= 1.4.3', :git => 'https://github.com/chef/mixlib-authentication', branch: 'v1.4.3'
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.