2225403: Parse URL properly #3302
Conversation
cnsnyder
requested review from
a team and
ptoscano
and removed request for
a team
|
I want to test it more. |
jirihnidek
force-pushed
the
jhnidek/2225403
branch
from
4eae7c8 to
dd9eff7
Compare
|
How to test this PR? First you will have to create some virtual network with IPv6 support. This example of configuration file can help: <network>
<name>network</name>
<uuid>94a19657-4fe9-4fec-8bf2-af6808800d66</uuid>
<bridge name='virbr1' stp='on' delay='0'/>
<mac address='52:54:00:e7:82:6d'/>
<domain name='network'/>
<ip address='192.168.100.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.100.128' end='192.168.100.254'/>
</dhcp>
</ip>
<ip family='ipv6' address='fd00:3210:4567::1' prefix='64'>
<dhcp>
<range start='fd00:3210:4567::100' end='fd00:3210:4567::1ff'/>
</dhcp>
</ip>
</network>Then configure some virtual machine to work as proxy server. You can use to file Then you can test subscription-manager like this: https://download.libvirt.org/virshcmdref/html/sect-net-create.html |
jirihnidek
force-pushed
the
jhnidek/2225403
branch
from
dd9eff7 to
b1d88f2
Compare
|
Note: when both |
|
It is true that when both hostname and proxy are defined as IPv6 addresses, nothing happens (in Wireshark I can see that the connection is not being established at all?). However, when the proxy is specified from the CLI as ip:port pair, it does work. I wonder if we are doing something strange and treating those two options slightly differently. |
There was a problem hiding this comment.
Thanks for the changes, it generally LGTM; I left a couple of notes.
Also, please squash the last/4th commit (Extend unit tests related to parse_url().) together with the 1st one (Parse URL properly): since the first one changes/fixes the behaviour of parse_url, then IMHO all the unit test changes for it should be part of the same commit (and the bits changed by the 4th commit are changed in the 1st already).
| self.proxy_user = proxy_user | ||
| self.proxy_password = proxy_pass |
There was a problem hiding this comment.
this enables username & password for a proxy server to be specified via --proxy, whereas they were ignored before this change; considering there are the --proxyuser & --proxypassword option, and those will still override those attributes; for example:
subscription-manager --proxy proxy-user:proxy-password@proxy-host:port --proxyuser new-user
this will actually try to use the proxy-host with username new-user and password proxy-password, and proxy-user is silently discarded, which I do not think it is good for the user (they specify an option, or part of it, which gets overridden by another option)
I'd remove this, and keep --proxy to a simple hostname+port definition.
There was a problem hiding this comment.
I think that current behavior is correct for two reasons.
- It does not break old behavior, when user and password were ignored in URL.
- When you use
--proxyuserthen you explicitly say that you want to use specified user. This desire is IMHO expressed more explicitly than using--proxy URL.
If your proposal was implemented, then somebody could argue that --proxyuser is overridden by --proxy and it is breaking old behavior.
There was a problem hiding this comment.
If your proposal was implemented
I guess I explained myself badly: my proposal here is to not pick username & password from --proxy, retaining the current behaviour.
There was a problem hiding this comment.
Why not to pick username & password from --proxy, when this CLI option is used and it contains username & password? I think that we should parse the URL properly according specification.
There was a problem hiding this comment.
I understand the reasons about proper parsing, and normally I'd agree with that. However, the challenge here is that, even if small, this is a behaviour change: suddenly parts of --proxy are used whereas they were not previously.
Since the rest of the changes are good, what do you think about keep the existing behaviour of the --proxy parsing in this PR, and discuss the usage of credentials from --proxy as a separate change? This way we can discuss that with QE to check for the impact.
There was a problem hiding this comment.
If this behavior change will cause any issue to anyone (e.g. when the --proxy is used in some script), then there would be simple workaround for it (use --proxy with the correct and desired URL).
This PR is already split into 3 logical commits. I don't see reason, why this should be split more. Of course, we can discuss this with QE team and provide them some scratch build.
There was a problem hiding this comment.
I'm asking to split the behaviour change for --proxy in its separate PR because, as we both clearly see, we do not agree on having this change in, while the actual fix (parsing IPv6 addresses correctly) is good and can be merge (and it would had been merged already long ago, if not for the behaviour change).
So I'll reiterate my request: can you please move the --proxy behaviour change away from this PR to a new one, so we can merge this? Thanks in advance!
There was a problem hiding this comment.
The change for --proxy just cannot be split away. If it was split away, then it would not fix the bug mentioned in the first comment. I believe that we want to fix bugs.
I will retrace what is content of this PR. There were two ways how to parse URLs. Both were wrong. First commit fixes parsing of URLs from rhsm.conf. Second commit just uses fixed parse_url() (fixed in first commit) for --proxy CLI option. Last commit fixes only minor things related to debug print of traffic.
I would like to clarify my previous comments. I want to have this change in. I do not see any reason, why this change should not be in. I still believe that we want to fix bugs.
There was a problem hiding this comment.
The change for
--proxyjust cannot be split away.
Sure it can: it's about removing these two added lines:
self.proxy_user = proxy_user
self.proxy_password = proxy_passThis is the behaviour change I'm pointing out, and I'd like to see discussed and handled separately.
Second commit just uses fixed
parse_url()(fixed in first commit) for--proxyCLI option.
Yes, exactly, and I don't see where it says "change the behaviour of --proxy" as part of that, since the parsing issue can be fixed without the behaviour change.
The bug fix was "parsing IPv6 addresses properly", and this is a behaviour change that was never discussed earlier and it is not even required to fix the parsing of IPv6 addresses.
I want the change of this bug fix in already as well. Without this behaviour change, I would have approved and merged this few weeks ago already.
There was a problem hiding this comment.
Let me clarify one thing. Is your concern following? Current version of subscription-manager ignores proxy_username and proxy_password in URL of following command line option --proxy="https://proxy_username:[email protected]:3128" and there is almost zero probability that somebody uses such URL, because username and password are ignored. If somebody needs to use proxy_username and proxy_password, then they use --proxyuser and --proxypassword command line options, right?
If this PR was merged, then proxy_username and proxy_password of --proxy="https://proxy_username:[email protected]:3128" would not be ignored, but the username & password would not be ignored only in the case, when --proxyuser and --proxypassword were not provided, because --proxyuser and --proxypassword still has higher priority over proxy_username and proxy_password of --proxy="https://proxy_username:[email protected]:3128".
jirihnidek
force-pushed
the
jhnidek/2225403
branch
from
b1d88f2 to
beefe6a
Compare
|
It looks like that rawhide is broken in very strange ways. |
* Allow parsing of URLs containing IPv6 address like http://user:pass@[2001:db8::dead:beef:1]:3128/prefix * Use properties of urllib.parse to get username, password, hostname, port and prefix * Fixed unit tests for the case "https://www.redhat.com:/en", because it is IMHO correct URL * Extended unit tests related to parse_url().
* When URL in --proxy=URL contains username and password (e.g. --proxy=https://user:[email protected]:3128), then user and pass are used as proxy_user and proxy_pass * The --proxyuser and --proxypassword have higher priority. Thus, it does not break backward compatibility.
* Print IPv6 addresses correctly * Improved printing of proxy URL in debug mode
jirihnidek
force-pushed
the
jhnidek/2225403
branch
from
beefe6a to
dfe8f57
Compare
|
FYI: This PR has 4 commits since Wednesday. |
--proxyCLI option to use parse_url() function