Re: URL-safe base64 encoding for keys
On 07/03/2012 05:35 PM, Tommi Virtanen wrote: On Tue, Jul 3, 2012 at 5:22 AM, Wido den Hollander wrote: CloudStack's API expects a URI to be passed when adding a storage pool, e.g.: addStoragePool?uri=rbd://user:cephx...@monitor.addr/poolname If 'cephxkey' contains a / the URI parser in Java fails (java.net.URI) and splits the URI in the wrong place. First, I actually agree with you -- urlsafe b64 just makes sense. We'd have to go through some sort of a transition period, accepting both, perhaps generating old-style, for some time. My thoughts exactly. Second, have you tried quoting the unsafe characters? / is %2f, + is %2b, % is %25. Yes, I have thought about that, but it would mean extra docs in the CloudStack API docs. Warning: Please URL-encode your cephx secret since it may contain invalid characters In the WebGUI (which talks to the API) I could do a URL-encode in JavaScript and do the decode again in the CloudStack management server, but it's not what you want. So yes, that has crossed my mind, but for now I took the easy way out and generated myself a new key which doesn't contain slashes. Wido -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: URL-safe base64 encoding for keys
On Tue, Jul 3, 2012 at 10:23 AM, Florian Haas wrote: > On Tue, Jul 3, 2012 at 5:04 PM, Yehuda Sadeh wrote: >>> FWIW (only semi-related), some S3 clients -- s3cmd from s3tools, for >>> example -- seem to choke on the forward slash in radosgw >>> auto-generated secret keys, as well. >>> >> >> With radosgw we actually switch a while back to use the alternative >> encoding. If you still have some old access keys, just replace them. > > Is "a while back" after 0.47.3? Because I was definitely keys with "/" > from that version. > There are the access keys and there are the secrets. The access keys are now url safe, the secrets are not. Yehuda -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: URL-safe base64 encoding for keys
On Tue, Jul 3, 2012 at 5:04 PM, Yehuda Sadeh wrote: >> FWIW (only semi-related), some S3 clients -- s3cmd from s3tools, for >> example -- seem to choke on the forward slash in radosgw >> auto-generated secret keys, as well. >> > > With radosgw we actually switch a while back to use the alternative > encoding. If you still have some old access keys, just replace them. Is "a while back" after 0.47.3? Because I was definitely keys with "/" from that version. Cheers, Florian -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: URL-safe base64 encoding for keys
On Tue, Jul 3, 2012 at 5:22 AM, Wido den Hollander wrote: > CloudStack's API expects a URI to be passed when adding a storage pool, > e.g.: > > addStoragePool?uri=rbd://user:cephx...@monitor.addr/poolname > > If 'cephxkey' contains a / the URI parser in Java fails (java.net.URI) and > splits the URI in the wrong place. First, I actually agree with you -- urlsafe b64 just makes sense. We'd have to go through some sort of a transition period, accepting both, perhaps generating old-style, for some time. Second, have you tried quoting the unsafe characters? / is %2f, + is %2b, % is %25. -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: URL-safe base64 encoding for keys
On Tue, Jul 3, 2012 at 8:00 AM, Florian Haas wrote: > On Tue, Jul 3, 2012 at 2:22 PM, Wido den Hollander wrote: >> Hi, >> >> With my CloudStack integration I'm running into a problem with the cephx >> keys due to '/' being possible in the cephx keys. >> >> CloudStack's API expects a URI to be passed when adding a storage pool, >> e.g.: >> >> addStoragePool?uri=rbd://user:cephx...@monitor.addr/poolname >> >> If 'cephxkey' contains a / the URI parser in Java fails (java.net.URI) and >> splits the URI in the wrong place. >> >> For base64 there is a specification [0] that describes the usage of - and _ >> instead of + and / >> >> Is there a way that we change the bits in src/common/armor.c and replace the >> + and / for - and _? > > FWIW (only semi-related), some S3 clients -- s3cmd from s3tools, for > example -- seem to choke on the forward slash in radosgw > auto-generated secret keys, as well. > With radosgw we actually switch a while back to use the alternative encoding. If you still have some old access keys, just replace them. Yehuda -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: URL-safe base64 encoding for keys
On Tue, Jul 3, 2012 at 2:22 PM, Wido den Hollander wrote: > Hi, > > With my CloudStack integration I'm running into a problem with the cephx > keys due to '/' being possible in the cephx keys. > > CloudStack's API expects a URI to be passed when adding a storage pool, > e.g.: > > addStoragePool?uri=rbd://user:cephx...@monitor.addr/poolname > > If 'cephxkey' contains a / the URI parser in Java fails (java.net.URI) and > splits the URI in the wrong place. > > For base64 there is a specification [0] that describes the usage of - and _ > instead of + and / > > Is there a way that we change the bits in src/common/armor.c and replace the > + and / for - and _? FWIW (only semi-related), some S3 clients -- s3cmd from s3tools, for example -- seem to choke on the forward slash in radosgw auto-generated secret keys, as well. Cheers, Florian -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
URL-safe base64 encoding for keys
Hi, With my CloudStack integration I'm running into a problem with the cephx keys due to '/' being possible in the cephx keys. CloudStack's API expects a URI to be passed when adding a storage pool, e.g.: addStoragePool?uri=rbd://user:cephx...@monitor.addr/poolname If 'cephxkey' contains a / the URI parser in Java fails (java.net.URI) and splits the URI in the wrong place. For base64 there is a specification [0] that describes the usage of - and _ instead of + and / Is there a way that we change the bits in src/common/armor.c and replace the + and / for - and _? Thanks, Wido [0]: http://en.wikipedia.org/wiki/Base64#URL_applications -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html