[JBoss JIRA] (JBIDE-15830) openshift-java-client: incompatibility with OpenShift Enterprise and Origin when using the remote-user authentication plugin

Thursday, 31 October 2013

    [
https://issues.jboss.org/browse/JBIDE-15830?page=com.atlassian.jira.plugi...
] 

Andre Dietisheim edited comment on JBIDE-15830 at 10/31/13 6:00 PM:
--------------------------------------------------------------------

[~bleanhar] the above tests are unit tests, they're not run against any env. They just
pass a client-id in and assert the useragent that the client's using. 
The code that's creating the useragent that's being used is the following:

{code:title=UrlConnectionHttpClient}
	...
	private static final String USERAGENT_FOR_KEYAUTH = "OpenShift";
	...
	private String setupUserAgent(String authKey, String authIV, String userAgent) {
		if (!StringUtils.isEmpty(authKey)) {
			if (userAgent == null) {
				userAgent = USERAGENT_FOR_KEYAUTH;
			} else if (!userAgent.startsWith(USERAGENT_FOR_KEYAUTH)) {
				userAgent = USERAGENT_FOR_KEYAUTH + '-' + userAgent;
			}
		}
		return userAgent;
	}
{code}

To my understanding this would always prepend "OpenShift" if it's not there
already, given that the client's using an authkey.
[~bleanhar] do you have any idea of what the jenkins-plugin's using as authkey? 

      was (Author: adietish):
    [~bleanhar] the above tests are unit tests, they're not run against any env. They
just pass a client-id in and assert the useragent that the client's using. 
The code that's creating the useragent that's being used is the following:

{code:title=UrlConnectionHttpClient}
	...
	private static final String USERAGENT_FOR_KEYAUTH = "OpenShift";
	...
	private String setupUserAgent(String authKey, String authIV, String userAgent) {
		if (!StringUtils.isEmpty(authKey)) {
			if (userAgent == null) {
				userAgent = USERAGENT_FOR_KEYAUTH;
			} else if (!userAgent.startsWith(USERAGENT_FOR_KEYAUTH)) {
				userAgent = USERAGENT_FOR_KEYAUTH + '-' + userAgent;
			}
		}
		return userAgent;
	}
{code}

To my understand this would always prepend "OpenShift" if it's not there
already. 

...
 openshift-java-client: incompatibility with OpenShift Enterprise and
Origin when using the remote-user authentication plugin

----------------------------------------------------------------------------------------------------------------------------

                 Key: JBIDE-15830
                 URL: https://issues.jboss.org/browse/JBIDE-15830
             Project: Tools (JBoss Tools)
          Issue Type: Bug
            Reporter: Brenton Leanhardt
            Assignee: Andre Dietisheim
              Labels: openshift-java-client
             Fix For: 4.1.1.Beta1, 4.2.0.Alpha1

 OpenShift Enterprise and Origin both ship an authentication plugin that allows parts of
authentication to be handled by Apache and other parts to be delegated to the
openshift-origin-controller codebase.  I've found that all versions of
openshift-java-client after 2.3.0.Final change a (poorly documented) requirement for the
OpenShift remote-user plugin.
 In order for a request to bypass the Apache authentication and passthrough to the
OpenShift Broker the user-agent header is inspected.  If the user-agent is
'OpenShift' then the Broker will require an encrypted authentication token.  Today
this is used by the jenkins cartridge but I believe it's also still used for scaling.
 You can see this for details:

https://github.com/openshift/origin-server/blob/master/documentation/arch...
 In 2.3.0.Final of the openshift-java-client the user-agent was 'OpenShift'
however all versions after this set the user-agent to the java version (eg, User-Agent:
Java/1.7.0_45). 
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006