yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1771174] [NEW] cc_phone_home.py would benefit from allowing headers for the request to be specified by the user

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Mitch Kuppinger <1771174@xxxxxxxxxxxxxxxxxx>
Date: Mon, 14 May 2018 18:00:44 -0000
Reply-to: Bug 1771174 <1771174@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

I user phone_home to programmatically set allowed_hosts on my management
node when creating cloud based VMs. eg. on DigitalOcean. I use a Rails
based tool to manage the VM creation. Without some work arounds that
lower security I receive a "Can't verify CSRF token authenticity." error
from Rails when phone_home attempts to connect. The ability to set a
header would be very useful:

phone_home:
    url: http://example.com/$INSTANCE_ID/
    post:
        - pub_key_rsa
        - instance_id
        - fqdn
    tries: 10
    headers:                           #<<<<<<<
        - X-CSRF-Token: 1234567890     #<<<<<<<


Since util.read_file_or_url allows specifying headers
minor modifications to cc_phone_home.py would make this possible:

line 85:
    url = ph_cfg['url']
    post_list = ph_cfg.get('post', 'all')
    header_list = ph_cfg['headers']        #<<<<< Added
    tries = ph_cfg.get('tries')

line 138:
    try:
        util.read_file_or_url(url, data=real_submit_keys,
                              retries=tries, sec_between=3,
                              ssl_details=util.fetch_ssl_details(cloud.paths),
                              headers=header_list)        #<<<<< Added

** Affects: cloud-init
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1771174

Title:
  cc_phone_home.py would benefit from allowing headers for the request
  to be specified by the user

Status in cloud-init:
  New

Bug description:
  I user phone_home to programmatically set allowed_hosts on my
  management node when creating cloud based VMs. eg. on DigitalOcean. I
  use a Rails based tool to manage the VM creation. Without some work
  arounds that lower security I receive a "Can't verify CSRF token
  authenticity." error from Rails when phone_home attempts to connect.
  The ability to set a header would be very useful:

  phone_home:
      url: http://example.com/$INSTANCE_ID/
      post:
          - pub_key_rsa
          - instance_id
          - fqdn
      tries: 10
      headers:                           #<<<<<<<
          - X-CSRF-Token: 1234567890     #<<<<<<<

  
  Since util.read_file_or_url allows specifying headers
  minor modifications to cc_phone_home.py would make this possible:

  line 85:
      url = ph_cfg['url']
      post_list = ph_cfg.get('post', 'all')
      header_list = ph_cfg['headers']        #<<<<< Added
      tries = ph_cfg.get('tries')

  line 138:
      try:
          util.read_file_or_url(url, data=real_submit_keys,
                                retries=tries, sec_between=3,
                                ssl_details=util.fetch_ssl_details(cloud.paths),
                                headers=header_list)        #<<<<< Added

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1771174/+subscriptions

Follow ups

[Bug 1771174] Re: cc_phone_home.py would benefit from allowing headers for the request to be specified by the user
From: James Falcon, 2023-05-11