This is because of the raise at [1]. A proper REST implementation
should instead return a "401 Unauthorized" code to indicate the client
to retry with credentials. Although I do admire the technical prowess of
the hack, I would question the (ab)use of the basic authentication
mechanism for passing the ipmi username/password.
This can be worked around by passing "–auth-no-challenge" to wget to
force sending the credentials without being issued a 401.
···
On 02/11, David Schmitt wrote:
> [this message from earlier today, was eaten by google groups]
>
> Hi,
>
> The following request fails:
>
> [root@puppet ~]# wget --header "Accept: application/json"
> --ca-certificate=ca.pem --private-key=puppet.example.com.pem
> --certificate=puppet.example.com.pem
> https://puppet.example.com:8443/bmc/10.0.0.1/chassis/power/status
> --user=admin --password=s3cr3t
> HTTP/1.1 400 Bad Request
> Date: Wed, 11 Feb 2015 13:38:43 GMT
> Content-Length: 12
> Server: WEBrick/1.3.1 (Ruby/1.8.7/2011-06-30) OpenSSL/1.0.1e
> Content-Type: application/json
> Connection: Keep-Alive
> https://puppet.example.com:8443/bmc/10.0.0.1/chassis/power/status:
> 2015-02-11 14:38:43 ERROR 400: Bad Request.
>
> [root@puppet ~]#
>
> This is because of the `raise` at [1]. A proper REST implementation should
> instead return a "401 Unauthorized" code to indicate the client to retry
> with credentials. Although I do admire the technical prowess of the hack, I
> would question the (ab)use of the basic authentication mechanism for passing
> the ipmi username/password.
>
>
> This can be worked around by passing "--auth-no-challenge" to wget to force
> sending the credentials without being issued a 401.
>
>
>
> Regards, David
>
> [1] https://github.com/theforeman/smart-proxy/blob/develop/modules/bmc/bmc_api.rb#L231
>
> --
> You received this message because you are subscribed to the Google Groups "foreman-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
···
On Wednesday, February 11, 2015 at 1:13:40 PM UTC-8, David Schmitt wrote:
>
> [this message from earlier today, was eaten by google groups]
>
> Hi,
>
> The following request fails:
>
> [root@puppet ~]# wget --header "Accept: application/json"
> --ca-certificate=ca.pem --private-key=puppet.example.com.pem
> --certificate=puppet.example.com.pem
> https://puppet.example.com:8443/bmc/10.0.0.1/chassis/power/status
> --user=admin --password=s3cr3t
> HTTP/1.1 400 Bad Request
> Date: Wed, 11 Feb 2015 13:38:43 GMT
> Content-Length: 12
> Server: WEBrick/1.3.1 (Ruby/1.8.7/2011-06-30) OpenSSL/1.0.1e
> Content-Type: application/json
> Connection: Keep-Alive
> https://puppet.example.com:8443/bmc/10.0.0.1/chassis/power/status:
> 2015-02-11 14:38:43 ERROR 400: Bad Request.
>
> [root@puppet ~]#
>
> This is because of the `raise` at [1]. A proper REST implementation
> should instead return a "401 Unauthorized" code to indicate the client
> to retry with credentials. Although I do admire the technical prowess of
> the hack, I would question the (ab)use of the basic authentication
> mechanism for passing the ipmi username/password.
>
>
> This can be worked around by passing "--auth-no-challenge" to wget to
> force sending the credentials without being issued a 401.
>
>
>
> Regards, David
>
> [1]
>
> https://github.com/theforeman/smart-proxy/blob/develop/modules/bmc/bmc_api.rb#L231
>
>
