search for: needs_auth

Old imageio proxy was using Authorization header for GET and PUT requests. Remove unneeded authorization when sending OPTIONS request. Remove unneeded duplicated comments about authorization for old imageio, and replace them with a comment when we set needs_auth. --- v2v/rhv-upload-plugin.py | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py index 8805e3552..f404bd758 100644 --- a/v2v/rhv-upload-plugin.py +++ b/v2v/rhv-upload-plugin.py @@ -191,16 +191,17 @@ def open(readonly...

...t a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py index 7c5084efd..419008517 100644 --- a/v2v/rhv-upload-plugin.py +++ b/v2v/rhv-upload-plugin.py @@ -165,63 +165,60 @@ def open(readonly): context = context ) + # The first request is to fetch the features of the server. + needs_auth = not params['rhv_direct'] + can_flush = False + can_trim = False + can_zero = False + + http.putrequest("OPTIONS", destination_url.path) + http.putheader("Authorization", transfer.signed_ticket) + http.endheaders() + + r = http.getresponse() + if...

...t a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py index 7c5084efd..5be426897 100644 --- a/v2v/rhv-upload-plugin.py +++ b/v2v/rhv-upload-plugin.py @@ -165,63 +165,60 @@ def open(readonly): context = context ) + # The first request is to fetch the features of the server. + needs_auth = not params['rhv_direct'] + can_flush = False + can_trim = False + can_zero = False + + http.putrequest("OPTIONS", destination_url.path) + http.putheader("Authorization", transfer.signed_ticket) + http.endheaders() + + r = http.getresponse() + if...

...00, Nir Soffer wrote: > Old imageio proxy was using Authorization header for GET and PUT > requests. Remove unneeded authorization when sending OPTIONS request. > > Remove unneeded duplicated comments about authorization for old > imageio, and replace them with a comment when we set needs_auth. I'll push it, thanks. Can we get rid of the Authorization stuff completely yet? Rich. > v2v/rhv-upload-plugin.py | 12 +++++------- > 1 file changed, 5 insertions(+), 7 deletions(-) > > diff --git a/v2v/rhv-upload-plugin.py b/v2v/rhv-upload-plugin.py > index 8805e3552..f40...

...ad-plugin.py > index 7c5084efd..5be426897 100644 > --- a/v2v/rhv-upload-plugin.py > +++ b/v2v/rhv-upload-plugin.py > @@ -165,63 +165,60 @@ def open(readonly): > context = context > ) > > + # The first request is to fetch the features of the server. > + needs_auth = not params['rhv_direct'] > + can_flush = False > + can_trim = False > + can_zero = False > + > + http.putrequest("OPTIONS", destination_url.path) > + http.putheader("Authorization", transfer.signed_ticket) + http.endheaders() > +...

v1 was here: https://www.redhat.com/archives/libguestfs/2018-June/msg00099.html v2: - Just fixes the two problems noted in the review of the previous version. Rich.

...9;] > + h['can_flush'] = "flush" in j['features'] > + > + # If can_zero is true then it means we're using the new imageio > + # which never needs the Authorization header. > + if h['can_zero']: > + h['needs_auth'] = False > If we got here, we are working with new daemon or proxy, and both of them do not need auth, so we can set 'needs_auth' to False if OPTIONS returned 200 OK. > + # Old imageio servers returned 405 Method Not Allowed. If > + # we see that we just say that no...

...can_flush'] = "flush" in j['features'] > > + > > + # If can_zero is true then it means we're using the new imageio > > + # which never needs the Authorization header. > > + if h['can_zero']: > > + h['needs_auth'] = False > > > > If we got here, we are working with new daemon or proxy, and both > of them do not need auth, so we can set 'needs_auth' to False > if OPTIONS returned 200 OK. Which is what this code does, unless I'm misunderstanding things. > > + # O...

...quot; in j['features'] > > > + > > > + # If can_zero is true then it means we're using the new > imageio > > > + # which never needs the Authorization header. > > > + if h['can_zero']: > > > + h['needs_auth'] = False > In older proxy, we do support OPTIONS, used for allowing access from enigne UI, but it does not return any content. Fortunately, we return httplib.NO_CONTENT so it is easy to detect. So we need to handle gracefully r.status = 204 > > > > > > > If we got h...

...'] >> > > + >> > > + # If can_zero is true then it means we're using the new >> imageio >> > > + # which never needs the Authorization header. >> > > + if h['can_zero']: >> > > + h['needs_auth'] = False >> > > In older proxy, we do support OPTIONS, used for allowing access > from enigne UI, but it does not return any content. Fortunately, we > return httplib.NO_CONTENT so it is easy to detect. > > So we need to handle gracefully r.status = 204 > > >&g...

These two patches add support for using a Unix domain socket to directly access imageio in the case where imageio is running on the conversion host (usually that means virt-v2v is running on the RHV node and something else -- eg. CFME scripts -- arranges that the RHV node is the same one running imageio). Conversions in the normal case are not affected - they happen over TCP as usual. This was

This series extract oVirt SDK and imageio code to make it eaiser to follow the code and improve error handing in open() and close(). Tested with virt-v2v master. Changes since v1: - Rebase on merged patches from v1 - Fix regression introduced by "rhv-upload: Fix cleanup after errors" - Remove "rhv-upload: Try to remove disk on timeout" since it cannot succeed - Add more

...> > > > + > > > > + # If can_zero is true then it means we're using the new > > imageio > > > > + # which never needs the Authorization header. > > > > + if h['can_zero']: > > > > + h['needs_auth'] = False > > > > In older proxy, we do support OPTIONS, used for allowing access > from enigne UI, but it does not return any content. Fortunately, we > return httplib.NO_CONTENT so it is easy to detect. > > So we need to handle gracefully r.status = 204 OK done. &g...

...)r" - % options) - # Save everything we need to make requests in the handle. return { - 'can_flush': options['can_flush'], - 'can_trim': options['can_trim'], - 'can_zero': options['can_zero'], - 'needs_auth': options['needs_auth'], + 'client': client, 'connection': connection, 'disk_id': disk.id, 'transfer': transfer, 'failed': False, - 'highestwrite': 0, - 'http': http, -...

This series extract oVirt SDK and imageio code to make it eaiser to follow the code and improve error handing in open() and close(). The first small patches can be consider as fixes for downstream. Tested based on libguestfs v1.41.5, since I had trouble building virt-v2v and libguestfs from master. Nir Soffer (18): rhv-upload: Remove unused exception class rhv-upload: Check status more

...ransfer = h['transfer'] transfer_service = h['transfer_service'] - http.putrequest("GET", h['path']) + headers = {"Range", "bytes=%d-%d" % (offset, offset+count-1)} # Authorization is only needed for old imageio. if h['needs_auth']: - http.putheader("Authorization", transfer.signed_ticket) - http.putheader("Range", "bytes=%d-%d" % (offset, offset+count-1)) - http.endheaders() + headers["Authorization"] = transfer.signed_ticket + + http.request("GET&quot...

...a new disk it's safe to ignore these # requests as long as they are smaller than the highest write seen. # After that we must emulate them with writes. if offset+count < h['highestwrite']: http.putrequest("PUT", h['path']) if h['needs_auth']: http.putheader("Authorization", transfer.signed_ticket) http.putheader("Content-Range", "bytes %d-%d/*" % (offset, offset+count-1)) http.putheader("Content-Length", str(count)) http.endhea...

...he handle. + return { + 'connection': connection, + 'disk': disk, + 'disk_service': disk_service, + 'failed': False, + 'got_options': False, + 'highestwrite': 0, + 'http': http, + 'needs_auth': not params['rhv_direct'], + 'path': destination_url.path, + 'transfer': transfer, + 'transfer_service': transfer_service, + } + +# Can we issue zero, trim or flush requests? +def get_options(h): + if h['got_options']: +...

..._test.py def pread(h, count, offset): http = h['http'] transfer = h['transfer'] - headers = {"Range", "bytes=%d-%d" % (offset, offset+count-1)} + headers = {"Range": "bytes=%d-%d" % (offset, offset+count-1)} if h['needs_auth']: headers["Authorization"] = transfer.signed_ticket http.request("GET", h['path'], headers=headers) r = http.getresponse() # 206 = HTTP Partial Content. if r.status != 206: request_failed(h, r, "...

...to ignore these > # requests as long as they are smaller than the highest write seen. > # After that we must emulate them with writes. > if offset+count < h['highestwrite']: > http.putrequest("PUT", h['path']) > if h['needs_auth']: > http.putheader("Authorization", transfer.signed_ticket) > http.putheader("Content-Range", > "bytes %d-%d/*" % (offset, offset+count-1)) > http.putheader("Content-Length", str(count))...