chef / mixlib-authentication Goto Github PK
View Code? Open in Web Editor NEWAuthN signing and verification. Appears in both the client and server
License: Apache License 2.0
AuthN signing and verification. Appears in both the client and server
License: Apache License 2.0
Hi,
Earlier today we had builds starting to fail around our chef cookbooks and roles uploads. Upon inspecting I determined that this is caused by version 1.4.3 of mixlib-authentication
, albeit kind of indirectly.
As you can see both have errors using the chef-linked gems:
Roles - using berks
bundler: failed to load command: berks (/var/app/jenkins/bundles/ruby/2.3.0/bin/berks)
NoMethodError: undefined method `trace' for #Logger:0x007f6f5f75f578App cookbook - chefspec
- bundle exec rspec
Chef encountered an error attempting to load the node data for "chefspec"
Unexpected Error:
NoMethodError: undefined method `trace' for #Logger:0x007fe5444919a8
Did you mean? trace_var
trap
This gem is used by basically any gem that wants to speak to the Chef server. This includes chefspec, berks (via ridley gem) etc. This is made worse by those gems in question having the following version requirements:
chef (versions 12.x and 13.x): (~> 1.4)
ridley (5.1.1): (>=1.3.0)
It appears this change: 23e5b67
Depends on this in the mixlib-log gem (in version 2.1.0) : chef/mixlib-log@6bf78bb#diff-19783d72fc4cc244ae938eef663eb3a9
However, walking and resolving our gemfile dependencies doesn't give us this version. Our Chef gems (of varying versions) ask for mixlib-log (~> 1.3) picking up 1.7.0. This causes it to go boom with this version of mixlib-authentication.
mixlib-authentication
is a dependency of the chef gem and berkshelf (via the Ridley gem). Version 1.4.3 which uses functionality from mixlib-log
but this functionality was only added in mixlib-log
2.1.0 and this version isn’t a dependency of mixlib-authentication
.
The issue in our case is the versions of the chef gem/berkshelf we use want mixlib-log (~> 1.3)
. This causes it to blow up because the functionality used by mixlib-authentication
isn’t present in the version of mixlib-log
we pull in (1.7.0). I expect this isn’t the case in Chef 14 but this essentially breaks the chef (12/13) gems with this change. All the chef versions before 14 and berkshelf/ridley want mixlib-authentication ~> 1.4
hence when 1.4.3 was released it gets pulled in and causes the chef and berkshelf gems to break.
I'm not sure what the best fix is here but this is basically a breaking change via dependencies and it being a patch release isn't being great as it is being picked up everywhere as shown above.
Hey there,
I've recently discovered that the authentication headers created by Mixlib::Authentication
are actually in violation of Internet RFCs. Specifically, HTTP headers cannot contain space characters. Unfortunately, due to this it is causing issues with other software I am using that sees this as an invalid request.
Should we consider revising this to no longer use the space in the header?
In rfc2616 an HTTP header name is defined as such:
CTL = <any US-ASCII control character
(octets 0 - 31) and DEL (127)>
...
token = 1*<any CHAR except CTLs or separators>
separators = "(" | ")" | "<" | ">" | "@"
| "," | ";" | ":" | "\" | <">
| "/" | "[" | "]" | "?" | "="
| "{" | "}" | SP | HT
...
message-header = field-name ":" [ field-value ]
field-name = token
Per this RFC, a token cannot contain spaces and an HTTP field header is considered a token.
Cheers!
-Tim
Dependabot couldn't parse the Gemfile found at /Gemfile
.
The error Dependabot encountered was:
Dependabot only supports uninterpolated string arguments to eval_gemfile. Got `__FILE__ + ".local"`
gem install chef
results in the following.
ERROR: While executing gem ... (Gem::ImpossibleDependenciesError)
mixlib-authentication-1.4.0 requires rspec-core (~> 3.2) but it conflicted:
Activated rspec-core-3.4.2 instead of (= 3.5.0.beta1) via:
rspec-3.5.0.beta1, serverspec-2.29.2, chef-12.7.2
looks like 1.4.0 tag was not pushed:
https://github.com/chef/mixlib-authentication/releases
perhaps even some more commits to master missing?
https://rubygems.org/gems/mixlib-authentication has more versions than in github:
➜ test git:(knife_fix) ✗ bundle exec knife role list -VV
INFO: Using configuration from /Users/matt/.chef/knife.rb
DEBUG: Chef::HTTP calling Chef::HTTP::JSONInput#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::JSONOutput#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::CookieManager#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::Decompressor#handle_request
DEBUG: Chef::HTTP calling Chef::HTTP::Authenticator#handle_request
DEBUG: Signing the request as matt
/Users/matt/.rvm/gems/ruby-2.3.0/gems/mixlib-log-1.7.1/lib/mixlib/log.rb:152:in `block in method_missing': undefined method `trace' for #<Logger:0x007fccffed13f8> (NoMethodError)
Did you mean? trace_var
trap
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/mixlib-log-1.7.1/lib/mixlib/log.rb:152:in `each'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/mixlib-log-1.7.1/lib/mixlib/log.rb:152:in `method_missing'
from /Users/matt/.rvm/gems/ruby-2.3.0/bundler/gems/mixlib-authentication-a5b9bc93e291/lib/mixlib/authentication/signedheaderauth.rb:250:in `do_sign'
from /Users/matt/.rvm/gems/ruby-2.3.0/bundler/gems/mixlib-authentication-a5b9bc93e291/lib/mixlib/authentication/signedheaderauth.rb:111:in `sign'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http/auth_credentials.rb:51:in `signature_headers'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http/authenticator.rb:102:in `authentication_headers'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http/authenticator.rb:51:in `handle_request'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http.rb:296:in `block in apply_request_middleware'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http.rb:294:in `each'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http.rb:294:in `inject'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http.rb:294:in `apply_request_middleware'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http.rb:146:in `request'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/http.rb:115:in `get'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/role.rb:207:in `list'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/knife/role_list.rb:38:in `run'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/knife.rb:443:in `block in run_with_pretty_exceptions'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/local_mode.rb:44:in `with_server_connectivity'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/knife.rb:442:in `run_with_pretty_exceptions'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/knife.rb:219:in `run'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/lib/chef/application/knife.rb:156:in `run'
from /Users/matt/.rvm/gems/ruby-2.3.0/gems/chef-12.21.31/bin/knife:25:in `<top (required)>'
from /Users/matt/.rvm/gems/ruby-2.3.0/bin/knife:23:in `load'
from /Users/matt/.rvm/gems/ruby-2.3.0/bin/knife:23:in `<main>'
from /Users/matt/.rvm/gems/ruby-2.3.0/bin/ruby_executable_hooks:15:in `eval'
from /Users/matt/.rvm/gems/ruby-2.3.0/bin/ruby_executable_hooks:15:in `<main>'
Gemfile:
source 'https://rubygems.org'
gem 'chef', '~> 12.21.0'
gem 'mixlib-authentication', '= 1.4.3', :git => 'https://github.com/chef/mixlib-authentication', branch: 'v1.4.3'
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.