You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by phillipkent <gi...@git.apache.org> on 2016/04/08 14:50:17 UTC
[GitHub] cloudstack-docs pull request: Add note in dev.rst about use of the...
GitHub user phillipkent opened a pull request:
https://github.com/apache/cloudstack-docs/pull/17
Add note in dev.rst about use of the safe option in urllib.quote_plus()
There is a mismatch between the URL encoding behavior of Python and CloudStack's internal URL encoder (Java URLEncoder): Python encodes * (asterisk) characters, while Java does not. When an API call contains a * character, an authentication failure will occur because the computed signatures will not agree.
The solution is to add the option "safe = '*'" to Python's urllib.quote_plus().
NOTE: I can only test this problem on CloudStack version 4.3.2 and I don't have access to later versions where the behavior might be different. But the issue was confirmed by @bhaisaab for Cloudmonkey (see https://github.com/apache/cloudstack-cloudmonkey/pull/11).
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/phillipkent/cloudstack-docs dev_add_urllib_safe_option
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cloudstack-docs/pull/17.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #17
----
commit 152589eb15ec87167472b3d1f340445d87e66a7a
Author: Phillip Kent <ph...@xmlsoup.com>
Date: 2016-04-08T12:30:28Z
Add note in dev.rst about use of the safe option in Python urllib.quote_plus()
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack-docs pull request: Add note in dev.rst about use of the...
Posted by bhaisaab <gi...@git.apache.org>.
Github user bhaisaab commented on the pull request:
https://github.com/apache/cloudstack-docs/pull/17#issuecomment-207517469
I've also find this to be an issue with Marvin, and the same fix works with Marvin as well. I'll be send that PR soon.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack-docs pull request: Add note in dev.rst about use of the...
Posted by phillipkent <gi...@git.apache.org>.
Github user phillipkent commented on the pull request:
https://github.com/apache/cloudstack-docs/pull/17#issuecomment-207598302
@bhaisaab Just to clarify, the problem isn't when * is between other characters, it is a * anywhere in the request URL which will lead to disagreement of the signatures when CS attempts to validate the incoming API request.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] cloudstack-docs pull request: Add note in dev.rst about use of the...
Posted by bhaisaab <gi...@git.apache.org>.
Github user bhaisaab commented on the pull request:
https://github.com/apache/cloudstack-docs/pull/17#issuecomment-207517322
LGTM, I tested this against ACS 4.5 whenever an API arg (of type string) has an asterisk between text (something like arg="some*value"). When @phillipkent originally opened the issue I could not reproduce this at the time, but I could reproduce this recently.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---