search

stdevel / katprep

Python toolkit for automating system maintenance and generating patch reports along with Foreman/Katello and Red Hat Satellite 6.x
GNU General Public License v3.0
35 stars 6 forks source link

Utilizing encrypted authentication containers not possible #85

Closed stdevel closed 6 years ago

stdevel commented 6 years ago

Describe the bug Currently, it is not possible to utilize encrypted authentication containers. Authentication data is only submitted correctly when the authentication container is unencrypted.

To Reproduce

  1. Encrypt an authentication container using katprep_authconfig file.auth password
  2. Utilize a katprep command such as katprep_snapshot

Expected behavior Authentication information is decrypted with the specified password and used for authentication.

Screenshots See log below.

Environment (please complete the following information):

Additional context

$ katprep_snapshot -C katprep_crypt.auth
Authentication container password:
Traceback (most recent call last):
  File "/home/cstan/.local/bin/katprep_snapshot", line 9, in <module>
    load_entry_point('katprep==0.5.0', 'console_scripts', 'katprep_snapshot')()
  File "/home/cstan/katprep/katprep/snapshot.py", line 312, in cli
    main(options, args)
  File "/home/cstan/katprep/katprep/snapshot.py", line 282, in main
    sat_pass, options.ssl_verify
  File "/home/cstan/katprep/katprep/clients/ForemanAPIClient.py", line 84, in __init__
    self.validate_api_support()
  File "/home/cstan/katprep/katprep/clients/ForemanAPIClient.py", line 256, in validate_api_support
    self.api_get("/status")
  File "/home/cstan/katprep/katprep/clients/ForemanAPIClient.py", line 207, in api_get
    return self.__api_request("get", sub_url, "", hits, page)
  File "/home/cstan/katprep/katprep/clients/ForemanAPIClient.py", line 177, in __api_request
    raise InvalidCredentialsException("Unable to authenticate")
katprep.clients.InvalidCredentialsException: Unable to authenticate
stdevel commented 6 years ago

Looks like the library does not decrypt the login information at all; encrypted information are handed to katprep tools:

$ katprep_snapshot -C katprep_crypt.auth -d
Authentication container password:
...
DEBUG:katprep_snapshot:Arguments: None
DEBUG:katprep_snapshot:Output file will be: './errata-snapshot-report-st-katello01-20180720-1433.json'
DEBUG:ForemanAPIClient:Hostname/User/Pass: st-katello01.stankowic.loc/svc-katprep/s/gAAAAA...

Investigating in branch bug-crypted_authcontainer-issue85.

stdevel commented 6 years ago

katprep_populate, katprep_parameters and katprep_maintenane where using AuthContainers with missing password parameter - therefore even correct passwords were ignored. Fixed in commit fcd2fc9cf6fbfe1fad2efde2ecb79a2b6e1a7ae4.

stdevel commented 6 years ago

Fixed in commit 12f2c96a2d0769a8458abc8846b101f5d9282fe9.