diff --git a/lib/OpenQA/CacheService/Model/Cache.pm b/lib/OpenQA/CacheService/Model/Cache.pm index 9395e9e88c7..4b2c8e31ecd 100644 --- a/lib/OpenQA/CacheService/Model/Cache.pm +++ b/lib/OpenQA/CacheService/Model/Cache.pm @@ -108,6 +108,7 @@ sub get_asset ($self, $host, $job, $type, $asset) { # Keep temporary files on the same partition as the cache my $log = $self->log; my $downloader = $self->downloader->log($log)->tmpdir($self->_realpath->child('tmp')->to_string); + $downloader->ua->configure_credentials($url->host); my $start; my $options = { diff --git a/lib/OpenQA/Downloader.pm b/lib/OpenQA/Downloader.pm index 09dcbeeda5a..2d12b6b4a33 100644 --- a/lib/OpenQA/Downloader.pm +++ b/lib/OpenQA/Downloader.pm @@ -5,9 +5,9 @@ package OpenQA::Downloader; use Mojo::Base -base, -signatures; use Mojo::Loader 'load_class'; -use Mojo::UserAgent; use Mojo::File 'path'; use Mojo::URL; +use OpenQA::UserAgent; use OpenQA::Utils 'human_readable_size'; use Try::Tiny; use Time::HiRes 'sleep'; @@ -15,7 +15,7 @@ use Time::HiRes 'sleep'; has attempts => 5; has [qw(log tmpdir)]; has sleep_time => 5; -has ua => sub { Mojo::UserAgent->new(max_redirects => 5, max_response_size => 0) }; +has ua => sub { OpenQA::UserAgent->new(max_redirects => 5, max_response_size => 0) }; has res => undef; sub download ($self, $url, $target, $options = {}) { diff --git a/lib/OpenQA/Shared/Controller/Auth.pm b/lib/OpenQA/Shared/Controller/Auth.pm index 9fe7205bdf6..3cb5b235be5 100644 --- a/lib/OpenQA/Shared/Controller/Auth.pm +++ b/lib/OpenQA/Shared/Controller/Auth.pm @@ -155,8 +155,9 @@ sub _key_auth ($self, $reason, $key) { if (my $api_key = $self->schema->resultset('ApiKeys')->find({key => $key})) { $log->trace(sprintf 'Key is for user "%s"', $api_key->user->username); - my $msg = $self->req->url->to_string; my $headers = $self->req->headers; + my $url = $self->req->url; + my $msg = $url->path eq '/api/v1/auth' ? ($headers->header('X-Original-URI') // $url) : $url; my $hash = $headers->header('X-API-Hash'); my $remote_timestamp = $headers->header('X-API-Microtime'); my $our_timestamp = time; diff --git a/lib/OpenQA/UserAgent.pm b/lib/OpenQA/UserAgent.pm index b0c59e7c941..283df361439 100644 --- a/lib/OpenQA/UserAgent.pm +++ b/lib/OpenQA/UserAgent.pm @@ -2,7 +2,7 @@ # SPDX-License-Identifier: GPL-2.0-or-later package OpenQA::UserAgent; -use Mojo::Base 'Mojo::UserAgent'; +use Mojo::Base 'Mojo::UserAgent', -signatures; use Mojo::Util 'hmac_sha1_sum'; use Config::IniFiles; @@ -14,31 +14,12 @@ has [qw(apikey apisecret base_url)]; sub new { my $self = shift->SUPER::new(@_); my %args = @_; - for my $i (qw(apikey apisecret)) { - next unless $args{$i}; - $self->$i($args{$i}); + $self->$i($args{$i}) if $args{$i}; } - if ($args{api}) { - my @cfgpaths = ($ENV{OPENQA_CONFIG} // glob('~/.config/openqa'), '/etc/openqa'); - for my $path (@cfgpaths) { - my $file = $path . '/client.conf'; - next unless $file && -r $file; - my $cfg = Config::IniFiles->new(-file => $file) || last; - last unless $cfg->SectionExists($args{api}); - for my $i (qw(key secret)) { - my $attr = "api$i"; - next if $self->$attr; - # Fetch all the values in the file and keep the last one - my @values = $cfg->val($args{api}, $i); - next unless my $val = $values[-1]; - $val =~ s/\s+$//; # remove trailing whitespace - $self->$attr($val); - } - last; - } - } + $self->configure_credentials($args{api}); + # Scheduling a couple of hundred jobs takes quite some time - so we better wait a couple of minutes # (default is 20 seconds) $self->inactivity_timeout(600); @@ -46,33 +27,43 @@ sub new { # Some urls might redirect to https and then there are internal redirects for assets $self->max_redirects(3); - $self->on( - start => sub { - $self->_add_auth_headers(@_); - }); + $self->on(start => sub ($ua, $tx) { $self->_add_auth_headers($ua, $tx) }); + #read proxy environment variables $self->proxy->detect; return $self; } -sub _add_auth_headers { - my ($self, $ua, $tx) = @_; +sub configure_credentials ($self, $host) { + return undef unless $host; + my @cfgpaths = ($ENV{OPENQA_CONFIG} // glob('~/.config/openqa'), '/etc/openqa'); + for my $path (@cfgpaths) { + my $file = $path . '/client.conf'; + next unless $file && -r $file; + my $cfg = Config::IniFiles->new(-file => $file) || last; + last unless $cfg->SectionExists($host); + for my $i (qw(key secret)) { + my $attr = "api$i"; + next if $self->$attr; + # Fetch all the values in the file and keep the last one + my @values = $cfg->val($host, $i); + next unless my $val = $values[-1]; + $val =~ s/\s+$//; # remove trailing whitespace + $self->$attr($val); + } + last; + } +} +sub _add_auth_headers ($self, $ua, $tx) { my $timestamp = time; - my %headers = ( - Accept => 'application/json', - 'X-API-Microtime' => $timestamp, - ); + my $headers = $tx->req->headers; + $headers->accept('application/json') unless defined $headers->accept; + $headers->header('X-API-Microtime', $timestamp); if ($self->apisecret && $self->apikey) { - $headers{'X-API-Key'} = $self->apikey; - $headers{'X-API-Hash'} = hmac_sha1_sum($self->_path_query($tx) . $timestamp, $self->apisecret); - } - - my $set_headers = $tx->req->headers; - foreach my $key (keys %headers) { - # don't overwrite headers that were set manually - $set_headers->header($key, $headers{$key}) unless defined $set_headers->header($key); + $headers->header('X-API-Key', $self->apikey); + $headers->header('X-API-Hash', hmac_sha1_sum($self->_path_query($tx) . $timestamp, $self->apisecret)); } }