Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pylxd/client: guard against cert=None #618

Merged
merged 3 commits into from
Dec 12, 2024
Merged

pylxd/client: guard against cert=None #618

merged 3 commits into from
Dec 12, 2024

Conversation

simondeziel
Copy link
Member 

>>> import pylxd
>>> c = pylxd.Client(endpoint="https://127.0.0.1:8443/", cert=None,  verify=False)
/opt/pylxd/.tox/integration/lib/python3.12/site-packages/urllib3/connectionpool.py:1099: InsecureRequestWarning: Unverified HTTPS request is being made to host '127.0.0.1'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
  warnings.warn(
>>> c.authenticate("password")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/opt/pylxd/.tox/integration/lib/python3.12/site-packages/pylxd/client.py", line 573, in authenticate
    cert = open(self.api.session.cert[0]).read().encode("utf-8")
                ~~~~~~~~~~~~~~~~~~~~~^^^
TypeError: 'NoneType' object is not subscriptable

@simondeziel simondeziel requested a review from hamistao December 11, 2024 22:48
@simondeziel simondeziel marked this pull request as ready for review December 11, 2024 22:48
@simondeziel
Copy link
Member Author

simondeziel commented Dec 11, 2024
edited
Loading

@hamistao while touching that part of the code, I noticed that Certificates.create() is badly named as it doesn't create any cert but "onboard" an existing certificate on the LXD remote by mean of a token or a password.

@hamistao
Copy link
Contributor

@hamistao while touching that part of the code, I noticed that Certificates.create() is badly named as it doesn't create any cert but "onboard" an existing certificate on the LXD remote by mean of a token or a password.

I noticed the same thing, but I don't think we can do anything about it besides maybe putting a comment to explain what the funciton does.

hamistao
hamistao reviewed Dec 11, 2024
View reviewed changes
pylxd/client.py Outdated
Comment on lines 577 to 581
try:
cert = open(self.api.session.cert[0]).read().encode("utf-8")
except FileNotFoundError:
raise exceptions.ClientConnectionFailed("Client certificate not found")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the purpose is just to check if the file exists, just open(self.api.session.cert[0]) should suffice.
Also, I think we should close the file in case it exists.

@codecov Codecov
Copy link

codecov bot commented Dec 12, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 66.66667% with 2 lines in your changes missing coverage. Please review.

Project coverage is 95.38%. Comparing base (de04a29) to head (e4ba9b9).
Report is 53 commits behind head on main.

Files with missing lines Patch % Lines
pylxd/client.py 66.66% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #618      +/-   ##
==========================================
- Coverage   96.24%   95.38%   -0.86%     
==========================================
  Files          32       32              
  Lines        3165     3229      +64     
==========================================
+ Hits         3046     3080      +34     
- Misses        119      149      +30

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@simondeziel
pylxd/client: guard against cert=None
1bb4ec7 
```
>>> import pylxd
>>> c = pylxd.Client(endpoint="https://127.0.0.1:8443", cert=None,  verify=False)
/opt/pylxd/.tox/integration/lib/python3.12/site-packages/urllib3/connectionpool.py:1099: InsecureRequestWarning: Unverified HTTPS request is being made to host '127.0.0.1'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
  warnings.warn(
>>> c.authenticate("password")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/opt/pylxd/.tox/integration/lib/python3.12/site-packages/pylxd/client.py", line 573, in authenticate
    cert = open(self.api.session.cert[0]).read().encode("utf-8")
                ~~~~~~~~~~~~~~~~~~~~~^^^
TypeError: 'NoneType' object is not subscriptable
```

Signed-off-by: Simon Deziel <[email protected]>
@simondeziel
doc/source/authentication: use HTTPS scheme in example
4841bf5 
Signed-off-by: Simon Deziel <[email protected]>
@simondeziel
doc/source/usage: use HTTPS scheme in example
f236500 
Signed-off-by: Simon Deziel <[email protected]>
hamistao
hamistao approved these changes Dec 12, 2024
View reviewed changes
Copy link
Contributor

@hamistao hamistao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the sudden review, but this looks good to me!

@simondeziel simondeziel merged commit c2f0f6b into canonical:main Dec 12, 2024
14 checks passed
@simondeziel simondeziel deleted the no-cert branch December 12, 2024 18:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hamistao hamistao hamistao approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@simondeziel @hamistao