sts-sponsors team mailing list archive

Thread
Date
[Bug 1820083] Re: TLS params not set for session

To: sts-sponsors@xxxxxxxxxxxxxxxxxxx
From: Eric Desrochers <1820083@xxxxxxxxxxxxxxxxxx>
Date: Wed, 27 Oct 2021 18:59:49 -0000
Reply-to: Bug 1820083 <1820083@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
[sts-sponsors]

It is looking definitely better.

Here's some nitpicking:

# For both Focal and Bionic:

- From: =?UTF-8?q?Tade=C3=A1=C5=A1=20Urs=C3=ADny?= <thatisgeek@xxxxxxxxx>
+ from: Tadeas Ursíny <thatisgeek@xxxxxxxxx>

- Origin: upstream, https://github.com/dims/etcd3-gateway/commit/90b7a19cdc4daa1230d7f15c10b113abdefdc8c0
+ Origin: upstream, https://opendev.org/openstack/etcd3gw/commit/90b7a19

-Bug-Ubuntu: https://bugs.launchpad.net/+bug/1820083
+ Bug-Ubuntu: https://bugs.launchpad.net/bugs/1820083

In order to follow the patch convention name already in place in the src package:
# quilt rename -P lp1820083-Set-transport-options-on-requests-session.patch 0002-Set-transport-options-on-requests-session.patch

(Don't forget to adjust d/changelog accordingly)

# For Bionic is already used in Eoan:
0.2.1-1ubuntu1

Version
https://launchpad.net/ubuntu/+source/python-etcd3gw/0.2.1-1ubuntu1

Please modify the version for not conflicting with another release
having the same version already (even if EOL'd).

0.2.1-1ubuntu0.18.04.1 might be preferable here.

-- 
You received this bug notification because you are a member of STS
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1820083

Title:
  TLS params not set for session

Status in python-etcd3gw package in Ubuntu:
  Fix Released
Status in python-etcd3gw source package in Bionic:
  In Progress
Status in python-etcd3gw source package in Cosmic:
  Won't Fix
Status in python-etcd3gw source package in Disco:
  Won't Fix
Status in python-etcd3gw source package in Eoan:
  Won't Fix
Status in python-etcd3gw source package in Focal:
  In Progress
Status in python-etcd3gw source package in Groovy:
  Won't Fix
Status in python-etcd3gw source package in Hirsute:
  Fix Released

Bug description:
  [Impact]

  A connection session is opened, but the TLS parameters (timeout, ca,
  cert and key) are not actually set for the session.  This prevents use
  of TLS for the etcd3gw package.

  [Test Plan]

  # Create self signed certs, using the default for all prompts

  $ openssl req -addext "subjectAltName = DNS:localhost" -x509 -keyout
  localhost.key -newkey rsa:4096 -nodes -sha256 -out localhost.crt

  # install 'etcd' package, stop the default server, and spin up ectd
  server

  $ sudo apt install etcd
  $ sudo systemctl stop etcd

  $ etcd --name test --data-dir test --cert-file=localhost.crt --key-
  file=localhost.key --advertise-client-urls=https://localhost:2379
  --listen-client-urls=https://localhost:2379

  # run test script

  $ cat test.py
  #!/usr/bin/python3

  from etcd3gw import Etcd3Client

  c = Etcd3Client(host="localhost", protocol="https", cert_key="localhost.key", cert_cert="localhost.crt", ca_cert="localhost.crt", timeout=10)
  c.put('test', 'success!')
  resp = c.get('test')
  print(b''.join(resp).decode())

  $ ./test.py
  success!

  [Where Problems Could Occur]

  This adds TLS parameters (if provided) to the session, so regressions
  would involve failed connections, possibly those without TLS that had
  TLS params incorrectly provided before.

  [Other]

  the upstream bug is https://github.com/dims/etcd3-gateway/issues/20
  fixed upstream with pull request https://github.com/dims/etcd3-gateway/pull/21
  via commit 90b7a19cdc4daa1230d7f15c10b113abdefdc8c0

  that commit is contained in version 0.2.2 which is already in h, so
  this is needed in b/f/g.  This package was not included in Xenial.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-etcd3gw/+bug/1820083/+subscriptions