cloud-init

Https verification + usage + support

Bug #1067888 reported by Joshua Harlow
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
cloud-init
Fix Released
Medium
Unassigned
cloud-init (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Currently we have limited https verification and support.

The inbuilt urllib2 will try to use it, but no verification occurs (and there isn't an easy way to specify a incoming certfile to use).

The boto library we are calling for metadata also needs to have the same params/support to use it (this seems to be solved).

Some ideas:

- just the url_helper file + boto that this might affect
- https://github.com/boto/boto/commit/ad0f4aa82a8f30522b0ce3e40e40f145080bf955
- https://github.com/boto/boto/blob/develop/boto/https_connection.py might be something we can 'borrow'/use
- https://github.com/boto/boto/blob/develop/boto/connection.py might in general be useful to use directly as well

-Josh

Related branches

lp:~harlowja/cloud-init/url-ssl-fixings
Scott Moser: Needs Fixing
Diff: 890 lines (+316/-163)
15 files modified
Requires (+6/-5)
cloudinit/config/cc_phone_home.py (+3/-2)
cloudinit/config/cc_power_state_change.py (+1/-1)
cloudinit/distros/parsers/resolv_conf.py (+2/-2)
cloudinit/ec2_utils.py (+5/-0)
cloudinit/sources/DataSourceCloudStack.py (+6/-5)
cloudinit/sources/DataSourceEc2.py (+7/-6)
cloudinit/sources/DataSourceMAAS.py (+26/-19)
cloudinit/url_helper.py (+159/-98)
cloudinit/user_data.py (+3/-2)
cloudinit/util.py (+79/-10)
setup.py (+3/-2)
tests/unittests/test__init__.py (+5/-5)
tests/unittests/test_datasource/test_maas.py (+9/-6)
tests/unittests/test_util.py (+2/-0)
lp:ubuntu/saucy/cloud-init
Revision history for this message
Joshua Harlow (harlowja) wrote :

boto metadata fetch not so good either, darn.

https://github.com/boto/boto/blob/develop/boto/utils.py#L187

It doesn't seem to support https (via those methods). Sad.

Scott Moser (smoser)
Changed in cloud-init:
status: New → Triaged
importance: Undecided → Medium
Scott Moser (smoser)
Changed in cloud-init:
milestone: none → 0.7.2
Revision history for this message
Scott Moser (smoser) wrote :

fixed in revno 801.

Changed in cloud-init:
status: Triaged → Fix Committed
Revision history for this message
Scott Moser (smoser) wrote :

fixed in 0.7.2

Changed in cloud-init:
milestone: 0.7.2 → none
status: Fix Committed → Fix Released
Scott Moser (smoser)
affects: ubuntu (Ubuntu) → cloud-init (Ubuntu)
Changed in cloud-init (Ubuntu):
importance: Undecided → Medium
status: New → Fix Released
Revision history for this message
James Falcon (falcojr) wrote :

Tracked in Github Issues as https://github.com/canonical/cloud-init/issues/2309

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.