search

jssimporter / python-jss

python-jss is deprecated. Please see the wiki for alternatives.
GNU General Public License v3.0
102 stars 41 forks source link

SSL related issue... #37

Closed everetteallen closed 9 years ago

everetteallen commented 9 years ago

So looks like this could be related to other issues but since I am seeing it in autopkg, autopkgr, and spruce all showing from python_jss-0.5.9-py2.7.egg/jss/jss.py. Just started after the Casper 9.72 update. Getting: back:~ serveradmin$ defaults write com.github.autopkg JSS_VERIFY_SSL -bool True back:~ serveradmin$ /Users/serveradmin/Desktop/Spruce-1.0.1/Spruce.py --report Traceback (most recent call last): File "/Users/serveradmin/Desktop/Spruce-1.0.1/Spruce.py", line 367, in main() File "/Users/serveradmin/Desktop/Spruce-1.0.1/Spruce.py", line 358, in main report(j, args.verbose) File "/Users/serveradmin/Desktop/Spruce-1.0.1/Spruce.py", line 230, in report all_policies = j.Policy().retrieve_all() File "/Library/Python/2.7/site-packages/python_jss-0.5.9-py2.7.egg/jss/jss.py", line 394, in Policy return self.factory.get_object(Policy, data) File "/Library/Python/2.7/site-packages/python_jss-0.5.9-py2.7.egg/jss/jss.py", line 467, in get_object result = self.jss.get(url) File "/Library/Python/2.7/site-packages/python_jss-0.5.9-py2.7.egg/jss/jss.py", line 195, in get self._error_handler(JSSGetError, response) File "/Library/Python/2.7/site-packages/python_jss-0.5.9-py2.7.egg/jss/jss.py", line 179, in _error_handler raise exception jss.exceptions.JSSGetError: Response Code: 401 Response: Unauthorized. The request requires user authentication

also: back:~ serveradmin$ defaults read com.github.autopkg { "API_PASSWORD" = uwish; "API_USERNAME" = autopkgapi; "CACHE_DIR" = "/Users/serveradmin/Library/AutoPkg/Cache"; "GIT_PATH" = "/usr/local/git/bin/git"; "JSS_REPOS" = ( { type = JDS; } ); "JSS_URL" = "https://nc.jamfcloud.com:443"; "JSS_VERIFY_SSL" = 1;

NOTE: switching to "JSS_VERIFY_SSL" = 0 gives hundreds of these: /Library/Python/2.7/site-packages/python_jss-0.5.9-py2.7.egg/jss/contrib/requests/packages/urllib3/connectionpool.py:769: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html InsecureRequestWarning)

Am I just missing some thing? These smell like earlier reports but nothing I see there fixes or works around the issue.

sheagcraig commented 9 years ago

Actually, my initial guess would be to look at the username and password for special" characters not getting escaped properly.

The other possibility is that the API user is lacking the permissions for the object in question. In the example above, it would be the API user trying to GET (read) the Policy object type.

Turning off the SSL will rightly spill out a ton of warnings. There's another option that can suppress those, but they're there to try to encourage people to not make insecure requests!

everetteallen commented 9 years ago

Right, found the issue, Since I don't create policies I had removed all access. I added back read access for all the documented JSSImporter JSS objects and that has fixed the issue for me. Makes sense in terms of spruce, I just did not expect it in autopkg/r where recipes don't call for policy (etc) creation. Thanks!

sheagcraig commented 9 years ago

Hmm. My initial reaction would be to agree-I don't think it would need privs on policies if none are configured to be created/updated!

And looking through the code (albeit kind of quickly), I don't see where it would hang. If you've got a chance, could you send me the traceback of Autopkg[r] failing without policy privs? Thanks!