Steamroller Client-Side Cert Config Typing Issue

Question

Steamroller Client-Side Cert Config Typing Issue

Closed this issue 4 years ago · 0 comments

Issue:
x509_secured_requests plugin configuration is ignored due to a typing issue in the PanoptesSNMPSteamRollerAgentConnection::_make_connection function.

_make_connection will need to compare against int, and cast secure_connection to an int for additional safety

Traffic Server && Panotpes Conf
0 - no client certificate
1 - client certificates optional
2 - client certificates required

When obtaining the SNMP Connection the flow is as follows.

PanoptesSNMPConnectionFactory 
  -> get_snmp_connection
     x509_secure_connection verified against valid_positive_integer
     parse_x509_config, ordered by precedence
       1. Function Args
       2. Plugin Config
       3. Default Config 
     x509_secured_requests is cast to an int and assigned to x509_secure_connection
    cert & key files are also validated
    This info is passed to the next function
  -> _get_snmp_connection_raw
   if ‘snmp_proxy_hosts’ is attached to the resources metadata, obtain and return a steamroller connection (PanoptesSNMPSteamRollerAgentConnection)
   otherwise return a direct snmp connection (PanoptesSNMPV2Connection)
  -> PanoptesSNMPSteamRollerAgentConnection (init)
    _make_connection
      requests.session object is created and the cert is added to the object if x509_secured_requests | secure_connection is either 1 | 2.
      It’s expected to be passed in as an int, however is being compared against a string.