Can we get rid of the hash(password) dance?
Ian Booth
ian.booth at canonical.com
Fri Jul 18 06:17:45 UTC 2014
FYI, Tanzanite is working on removing a lot (all) of the old legacy mongo
connection stuff. We did a significant chunk at the induction sprint last week
and are continuing the work this week and next. So taken together with the work
described below (there may even be some overlap), our code base in this area
will soon be a lot leaner. We also plan to clean up the JujuConnsuite and
ConnSuite based tests as part of making the test suite more reliable but that's
a fair bit more work.
On 18/07/14 16:01, William Reade wrote:
> Just to add to what already seems to be consensus: yes, the mongodb
> password dance is redundant and should be dropped. The API password dance
> remains important, but is not implicated here.
>
> Cheers
> Willliam
>
>
> On Thu, Jul 17, 2014 at 11:01 AM, John Meinel <john at arbash-meinel.com>
> wrote:
>
>> ...
>>
>>
>>> From what I can tell poking around the code base, the only place that
>>>> still uses the hash(password) is actually in the Dummy provider.
>>>>
>>>>
>>> Right, and when I remove that code all the tests pass with some session
>>> copying in place!
>>>
>>> https://github.com/voidspace/juju/compare/master...copy-sessions
>>>
>>>
>>> I feel like we're at a point where we can safely remove that from the
>>>> Dummy provider, and also remove the fallback code in our 'connect to the
>>>> database' code. (If we leave it in, then I think after
>>>>
>>> Do you mean the "oldPassword" logic in cmd/jujud/agent.go (I had to add
>>> code there to re-open the state when we change the password.)
>>>
>>
>> What I mean is removing the "if IsUnauthorized(err) { altpassword =
>> hash(password); login(alt password); SetPassword(password) }"
>> Because *if* the current access is actually hash(password) we still (?)
>> need to set it to the real password. (and then reconnect).
>>
>> I'd be ok removing the fallback, as I don't think there will be any real
>> sites out there that need it in production. Those that might have would
>> have already run the fallback code.
>>
>> John
>> =:->
>>
>>
>>> All the best,
>>>
>>> Michael
>>>
>>>
>>> changing the password just reconnecting to the database is fine, because
>>>> it should happen infrequently.
>>>>
>>>> Thoughts?
>>>>
>>>> John
>>>> =:->
>>>>
>>>>
>>>
>>
>> --
>> Juju-dev mailing list
>> Juju-dev at lists.ubuntu.com
>> Modify settings or unsubscribe at:
>> https://lists.ubuntu.com/mailman/listinfo/juju-dev
>>
>>
>
>
>
More information about the Juju-dev
mailing list