Fixes #8016 - Session auth in hammer #269
Conversation
tstrachota
force-pushed
the
sessions_8016
branch
3 times, most recently
from
8e26feb to
10174ca
Compare
tstrachota
force-pushed
the
sessions_8016
branch
from
10174ca to
c414d08
Compare
- api connection moved to a separate object - credentials moved to InteractiveBasicAuth - new SessionAuthenticatorWrapper for handling api sessions
tstrachota
force-pushed
the
sessions_8016
branch
from
c414d08 to
eb3224c
Compare
|
First of all thanks for this cool feature, it was on many wish lists for a long time. I was testing it and it looks almost ready to go. I've found the following that needs some solution/discussion:
As per our discussion I know that some might be difficult to implement right now. Filed issue to track the change may be acceptable solution in some cases. What is really annoying is that session expires when using command that does not need auth (e.g. ping) and it makes the following command fail. Can that be fixed? |
|
Thanks for the review, answers below: 1. it would be great to know from hammer logs what auth was used - session, credentials 2. can we influence the expiration time from hammer side? 3. Can we turn the session auth feature off? 4. can we set the session expired from hammer side? 5. when session expires hammer fails with error. It should retry and obtain credentials from config or user as usually Expiring the session after unauthenticated call is definitely a bug. I'll fix that. Please feel free to open additional issues for the rest. |
|
@tstrachota, I did some more testing. The session expiration is set by default to 60 min. It is very annoying When after every hour of inactivity your hammer command fail. I also used hammer in a cron job and every second run failed when the interval was bigger then the expiration time. We either need to implement the retry or add possibility to disable sessions by configuration and CLI arg. What do you think? |
|
@mbacovsky updated and ready for another round of review
Sessions are now turned off by default and you have to enable it by setting |
| @@ -8,6 +8,7 @@ | |||
| # Credentials. You'll be asked for them interactively if you leave them blank here | |||
| :username: 'admin' | |||
| #:password: 'example' | |||
| :use_sessions: false | |||
There was a problem hiding this comment.
Are sessions specific to Basic Auth or can they be used with e.g. OAuth? Just to confirm this is the right place for the config.
There was a problem hiding this comment.
Some auth methods might require sessions but in general it's imho independent.
|
I've tested this and now it works well for me. Thanks for fixing the auth commands, I forgot to test them. |
|
@mbacovsky thanks. I'll bump dependency on the latest apipie-bindings prior to merge. |
|
[test] |
|
@tstrachota this looks good to merge. Please add deps on apipie-bindings >= 0.0.19 that was released today. Part in core was merged as it seems it can work with older bindings. |
|
@mbacovsky thanks for the apipie-bindings release! Dependency bumped. |
|
@tstrachota awesome! |
|
@tstrachota @mbacovsky - I need some help here. How do I replace this file with the new mechanics for auth? Here is the PR I am working on. I get RestClient::ServiceUnavailable (Invalid username or password): when using the @api variable |
Requires:
TODO:
hammer ping)