In order to access a Reviewboard server I need to disable the SSL verification, however, I can't seem to do this from Reviewboard's Python API.
I've added a 'DISABLE_SSL_VERFICATION = True' line to ~/.reviewboardrc. The rbt commands themselves find this file ok, but scripts using the Python API don't seem to know it exists.
I'm seeing this behavior on both Ubuntu and a Cygwin install under Windows.
Is there something I'm missing with setting my Reviewboard configuration? Is there another way to disable SSL verification with the Python API?
I wasn't able to disable ssl verification globally, but there is a way to disable it when creating the RBClient that then carries through to any operations performed using that client.
Originally I was creating my client as below:
client = RBClient('server_url')
To disable ssl verification I added a verify_ssl argument and set it to false:
client = RBClient('server_url', verify_ssl=False)
Use the option —disable-ssl-verification for all rbt commands.
For example to post to Review board using retools use the command below.
rbt post —disable-ssl-verification
The exact reason why this is required is because of the Python Library. If you are using a Python Library version greater than 2.7.9 you will need this additional option.
Related
I'm calling speedtest.py from my python program in order to run a speed test.
After importing speedtest.py I create a speedtest object using
s = speedtest.Speedtest()
servers = s.get_best_server()
then run upload/download tests.
This has been working, but recently it has been failing.
I found if I just ran speedtest from the cli, I'd get a 403 forbidden error.
I then read than Speedtest now requires the use of secure servers.
SO, if from the cli I type
speedtest --secure
it runs perfectly.
My question is:
How can I tell speedtest to use secure servers from my python program?
I've tried variations of
s = speedtest.Speedtest("secure")
and
servers = s.get_best_server("secure")
I haven't used the Python API for speedtest-cli, but looking at the source, Speedtest() has a secure parameter which presumably makes it require secure servers. So you'd just need to specify it when instantiating the class:
s = speedtest.Speedtest(secure=True)
BTW, there is documentation for the Python API, but it's super barebones and doesn't mention this parameter at all.
I'm writing a server extension for jupyter lab and i can use ServerConnection.makeRequest() from #jupyterlab/services to send POST or GET to my custom URL in typescript.
Now i want to make some request from notebook to this URL by using library requests of python but i always get 403 error.
Is there any equivalent of ServerConnection.makeRequest() in jupyter lab python library to send request to server ?
Your request from within a notebook is most likely forbidden due to the xsrf check by the jupyter server. When you start jupyter server pass the parameter --NotebookApp.disable_check_xsrf=True in the command line to disable it. Or you need to handle passing the xsrf token. Note that disabling this check in an external-facing (production) system is not recommended.
You may also have to pass or suppress token. The token can be suppressed by passing --NotebookApp.token='' when you start the server.
I am trying to access a REST service that uses Kerberos authentication (company internal) from a Python app on Windows. However, it seems that the service is configured to expect a SPNEGO only as when I try to use requests-kerberos to connect as in:
requests.get('servicename', auth=HTTPKerberosAuth())
it produces a 500 Error from the server with:
javax.servlet.ServletException: GSSException: No credential found for: 1.2.840.113554.1.2.2
My guess is that server is configured to expect SPNEGO only and Python client supports only Kerberos.
I have tried installing PyKerberos but that fails as it expects krb5 on the system and I am doing this under Windows. Are there any libraries available that could help me do a SPNEGO call from Python in Windows?
In case anyone else would be having a similar problem - resolved by using pycurl with pycurl.HTTPAUTH_GSSNEGOTIATE attribute set.
Working on a python app on Mac (Yosemite OSX 10.10) I ran into this issue:
OperationalError: (2049, "Connection using old (pre-4.1.1) authentication protocol refused (client option 'secure_auth' enabled)")
With a bit of research it seemed that my client (that is mysql-python) is using secure auth and the user had a password encrypted in an old style, that is prior to pre-4.1.1.
As I do not have ways to handle things on the DB side I was wondering if there was a workaround or a way to deactivate secure_auth on mysql-python?
I am adapting the answer from here:
Eventually you have to tell the client who has an old-style password to change it to a new-style password. Old passwords are not secure.
Now, you are getting the error since the client has secure_auth set, but they have an old password. In order to login with the old password, the client must disable secure_auth on the client side. How exactly you do this varies by which client you're using.
Some other workarounds can be found in the MySQL documentation: Client does not support authentication protocol
I found a cure!
Or rather a workaround. From this post I decided to select slightly older version of MySQL and MySQLdb and this solved the issue.
Here is how I did it:
I had previously installed mysql_python for my python and had the brew version of mysql installed.
I deteleted all of that.
I look for a way to install MySQLdb by looking for it last stable version with the source.
I compiled them (followed the isntructions here), installed them and then I looked for a stable version of MySQL client (MySQL website is the best place for that) and install the 5.5 version which was perfectly fitting my requirements.
I made mysql to launch itself automatically and then restarted my computer (but you can just restart apache) and check that all path were correct and the right includes are in the right places (you can check that against the link above).
And now it all works fine!
Hope it helps.
I'm attempting to use fabric for the first time and I really like it so far, but at a certain point in my deployment script I want to clone a mercurial repository. When I get to that point I get an error:
err: abort: http authorization required
My repository requires http authorization and fabric doesn't prompt me for the user and password. I can get around this by changing my repository address from:
https://hostname/repository
to:
https://user:password#hostname/repository
But for various reasons I would prefer not to go this route.
Are there any other ways in which I could bypass this problem?
Here are four options with various security trade-offs and requiring various amounts of sys admin mojo:
With newer mercurial's you could put the password in the [auth] section of the local user's .hgrc file. The password will still be on disk in plaintext, but at least not in the URL
Or
You could locally set up a HTTP proxy that presents as no-auth locally and does the auth for you when communicating with remote.
Or
Of you're able to alter configuration on the hosting server you could set it (Apache?) to not require a user/pass when accessed from localhost, and then use a SSH tunnel to make the local machine look like it's coming from localhost when it access the server:
ssh -L 8080:localhost:80 user#hostname # run in background and leave running
and then have fabric connect to http://localhost:8080/repository
Or
Newer mercurial's support client side certificates for authentication, so you could configure your Apache to honor those as authorization/authentcation and then tweak your local hg to provide the certificate.
Depending on your fabfile, you might be able to reframe the problem. Instead of doing a hg clone on the remote system you could do your mercurial commands on your local system, and then ship the artifact you've constructed across with fabric.
Specifically, you could clone the mercurial repository by using fabric's local() commands, and run a 'hg archive' command to prepare a tarball. Then you can use fabrics put() to upload that tarball, and fabrics run() to unpack it in the correct location.
A code snippet for the clone, pack, put might look a bit like the following:
from fabric.api import local
def task():
local("hg clone ssh://hg#host/repo tmpdir")
with lcd("tmpdir"):
local("hg archive ../repo.tgz")
local("rm tmpdir")
put("repo.tgz")