DMTF/python-redfish-library

Can't use logout functionality, return 405 method not allowed but curl commands work fine.

MarkMcAleese opened this issue · 5 comments

MarkMcAleese commented

Connecting to the redfish client using the parameter max_retry=2 will cause the client to fail to logout. Tried across different version's and machines all seem to fail once max_retry is used, and once it's removed it will work again.

Example of error message.

 connection = connect(url=url, username=username, password=password, default_prefix=prefix, max_retry=10)
 connection.logout()
Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "/home/cfm/pyvenvs/cfm/lib/python2.7/site-packages/redfish/rest/v1.py", line 946, in logout
    "return code: %d" % (session_loc, resp.status))
BadRequestError: Invalid session resource: redfish/v1/SessionService/Sessions/<num>/, return code: 405

connect code:

def connect(url, username, password, default_prefix, max_retry=10):
    try:
        connection = redfish.redfish_client(base_url=url, username=username, password=password,
                                            default_prefix=default_prefix, max_retry=max_retry)
        connection.login(auth="session")
    except Exception as e:
        raise RedfishConnectException('nothing important'.format())

    return connection
MarkMcAleese commented

After further testing, it doesn't look like the max_retry is effecting the connection.logout(). It still seems to fail to log out after connecting.

Some more info is this seems to only happen after 2.0.1 and not before. (Will test more to confirm)

MarkMcAleese commented

Here is some extra debugging info:

connection.logout()
redfish/v1/SessionService/Sessions/userid5d52dd77f53f7ced/
None
None
M1 DELETE redfish/v1/SessionService/Sessions/userid5d52dd77f53f7ced/

None
('req ', 'redfish/v1/SessionService/Sessions/userid5d52dd77f53f7ced/')
('body ', None)
('headers ', {'OData-Version': '4.0', 'Connection': 'Keep-Alive', 'Accept': '*/*', 'X-Auth-Token': '8f22ca4610bcf6d8f45bd54e21240cc5'})
('Method', 'DELETE')
HTTP RESPONSE for redfish/v1/SessionService/Sessions/userid5d52dd77f53f7ced/:
Code: 405 Method Not Allowed
Headers:
	content-length: 0
	server: HP-iLO-Server/1.30
	connection: keep-alive
	allow: GET
	date: Tue, 13 Aug 2019 15:55:37 GMT
	x-frame-options: sameorigin
	content-type: text/plain

Body Response of redfish/v1/SessionService/Sessions/userid5d52dd77f53f7ced/:
MarkMcAleese commented

Along with this also tested using pythons request library and it works fine. (using no verify)

import requests

url = "https://myredfishbox/redfish/v1/SessionService/Sessions/{userid}/"

headers = {
    'X-Auth-Token':  '{token}',
    'Accept': "*/*",
    'Connection': "keep-alive",
    'cache-control': "no-cache"
    }

response = requests.request("DELETE", url, headers=headers, verify=False)

print(response.text)
print(response.status_code)
billdodd commented

Looks like the problem happens when the base_url is stripped off from the session URL:

python-redfish-library/src/redfish/rest/v1.py

Line 940 in 8a23cd1

session_loc = self.__session_location.replace(self.__base_url, '')

I'm guessing that the base_url you are passing to redfish.redfish_client() looks like this:

url = 'https://myredfishbox/'

A quick fix on your end would be to change it to:

url = 'https://myredfishbox' (no trailing slash)

But I think the python-redfish-library should be updated to strip the trailing slash itself if present.

MarkMcAleese commented

Yeah, that changed worked thanks a lot.

I agree having the trailing slash removed if present would be a good idea.