Closed spheromak closed 10 years ago
I suppose the real issue here was that this didn't error out somewhere in the API. I had to catch this in the body of the response.
yes, nice find, the chef api authentication scheme is by far the biggest clusterfuck i've ever seen. with GET requests, it works like this: https://github.com/marpaia/chef-golang/blob/master/api.go#L413-425
Perhaps it needs to sign different material (perhaps body contents as well?) with POST requests?
you're totally right about no finding it in the API though, when a request's authentication fails, is the HTTP response code different or is it just the body?
I think it was just the body.
@marpaia you on freenode atm ?
@spheromak i'm not but hit me up via messenger on facebook: https://www.facebook.com/mike.arpaia
Yes, the body needs to be hashed, and yes, it's an absolute nightmare. This may be useful for figuring out how to hash the body: https://github.com/ctdk/goiardi/blob/auth/authentication/authentication.go#L219. It took a while, but all that authentication stuff's passing the chef-pedant tests now, so it should be working the same as chef's authentication for PUT and POST.
There may be some corner cases where it isn't, but so far chef-pedant hasn't revealed any problems. The only areas it gets dreadfully unhappy is a few chef-pedant tests were it calculates the hash with a body for requests to GET and DELETE. Chef-server apparently will read the body and authenticate the request (then giving a 405 because the method isn't allowed), while go (and by extension goiardi) does not have any body in GET or DELETE requests, so authorization fails.
@ctdk thanks for the help I got goiardi up and running with auth for testing. It does behave the same as chef-server. I will look into adding the body inspection in the client api
just wanted to update for anyone looking here. haven't been able to get at this for last few weeks, but hoping to get something kicked out relatively soon.
Fixed in #12
I moved some code to using a real chef-server today, and noticed my post methods were not authing right.
I will debug more, and attach a PR when i figure out whats up.