remotes.http: Support dvc push for http remotes #3343
Conversation
|
I have been testing locally against a simple flask app with |
pmrowla
changed the title
pmrowla
changed the title
|
For the record: test failures are unrelated and will be fixed in #3368 |
- uploaded files are sent as chunked encoding POST data Fixes iterative#3247
- username, password, ask_password options work the same way as for ssh remotes - basic_auth (bool) and digest_auth (bool) options added for http(s) remotes - digest_auth takes precedence over basic_auth if both are enabled
- HTTP remotes now tested locally using a SimpleHTTPServer instance that allows reading/writing to a temp directory
Co-Authored-By: Saugat Pachhai <suagatchhetri@outlook.com> Co-Authored-By: Ruslan Kuprieiev <kupruser@gmail.com>
| self.http_server = http_server | ||
| self.method_name = request.function.__name__ | ||
|
|
||
| def get_url(self): |
There was a problem hiding this comment.
I think DS has a valid point here, the original method is static, shouldn't we make all of them non-static now, that it is required by this particular change?
There was a problem hiding this comment.
For what it's worth, I wrote it like this because it was done the same way in TestRemoteSSHMocked (which overrides static SSHMocked.get_url() from tests/remotes.py).
There was a problem hiding this comment.
Well, it was only a question, its not severe, because any potential problems should be detected on the build stage. For me, it can stay as is.
| @@ -100,7 +163,13 @@ def _request(self, method, url, **kwargs): | |||
| kwargs.setdefault("timeout", self.REQUEST_TIMEOUT) | |||
|
|
|||
| try: | |||
| res = self._session.request(method, url, **kwargs) | |||
| res = self._session.request( | |||
There was a problem hiding this comment.
@pmrowla, I'm unable to make it work with Digest auth (I'm using the script that you provided on the gist).
There was a problem hiding this comment.
But, when I change this to:
| res = self._session.request( | |
| res = requests.Session().request( |
it works. Something's wrong in our cached session perhaps?
There was a problem hiding this comment.
I think I figured it out. When I try to push, we send a HEAD request, after which the script sets a cookie. And, then all POST requests fails. So, I first tried clearing cookies with self._session.cookies.clear() and it worked.
There was a problem hiding this comment.
Probably, we need to set auth when on creating sessions?
There was a problem hiding this comment.
I'm wondering if this is a side effect of how my test app in the gist was configured?
By default, flask uses client-side cookies for session data, so flask-httpauth does as well. But for a web server running digest auth to be properly secured, it needs to be handled server-side: https://flask-httpauth.readthedocs.io/en/latest/#security-concerns-with-digest-authentication
If I modify the test app to actually use server-side sessions (https://gist.github.com/pmrowla/0615f162d1308cab4f429b6efafe276a) the existing remote code works without needing to clear any cached cookies
If I set session.auth in the http remote at the time we first create the session instead of setting it per request, I still see the same issue making requests against the original test app. So I'm not sure if it's just that requests.auth.HTTPDigestAuth won't work properly when talking to improperly configured flask apps?
There was a problem hiding this comment.
If I set session.auth in the http remote at the time we first create the session instead of setting it per request, I still see the same issue making requests against the original test app.
@pmrowla, I tried that too but, does not work. It's unclear what's the best thing to do here.
If it's probably only flask-httpauth, let's ignore for now then.
β Have you followed the guidelines in the Contributing to DVC list?
π Check this box if this PR does not require documentation updates, or if it does and you have created a separate PR in dvc.org with such updates (or at least opened an issue about it in that repo). Please link below to your PR (or issue) in the dvc.org repo.
remote: Document HTTP remote push changesΒ dvc.org#1006
β Have you checked DeepSource, CodeClimate, and other sanity checks below? We consider their findings recommendatory and don't expect everything to be addressed. Please review them carefully and fix those that actually improve code or fix bugs.
Thank you for the contribution - we'll try to review it as soon as possible. π
WIP PR for #3247
basic_authanddigest_authboolean options added to the http(s) remote configurations (digest takes precedence if both are set to true)ask_passwordconfig optionStill TODO: