cannot access attachments of private bugs any more

The problem is that HostedFile only redirects to the librarian, but this file is available through the restricted librarian so cannot be fetched direcly by the clients (for now, the fix for bug 395960 will likely change that).

HostedFile should stream the file directly when it is a restricted file.

We should expedite the fix as it is a regression and is causing a huge backlog of unprocessed apport bugs.

On Thu, 19 Aug 2010 14:11:28 -0000, Martin Pitt <email address hidden> wrote:
> Public bug reported:
>
> It seems that this regressed in
> Launchpad itself, but I'm also filing it against python-launchpadlib for
> a potential improvement of the error message, since it is very unclear.

That's a httplib2 bug.

  http://code.google.com/p/httplib2/issues/detail?id=62

Thanks,

James

Ah, thanks James. I close the upstream httplib2 task then since it's fixed upstream.

The easiest way to patch this is to override the behavior of the LibraryBackedByteStorage alias_url property for BugAttachment.

To do so, we should create a new AttachmentField extending Bytes which provide an IAttachementField interface and register a subclass of LibraryBackedByteStorage as its IByteStorage implementation.

(See lib/canonical/launchpad/zcml/webservice.zcml for the existing registration)

The alias_url property should return a URL to the attachment on the web service host for private attachment.
 (We cannot point at the normal web site, since the launchpadlib client won't know how to authenticate their.) Public attachment should use the normal librarian URL.

We should declare that StreamOrRedirectFileAliasView provides IHTTPResource so that the view can work on the web service host.

is there any chance that can be workarounded in some way or will be worked this week?
without the retracers the crash bugs on ubuntu don't reach the bug triagers

I hope that I can fix the bug this week.

Just to be clear for seb and others, this is the next thing in Abel's queue. He will be taking up the work this afternoon, and will work on this until the bug is fixed.

Cheers,
deryck

Thanks Abel and Deryck for your work on the issue!

lifeless cautioned on IRC that serving the files via StreamOrRedirectLibraryFileAliasView may easily lead to timeouts. He suggested to give the retracer machines direct access to the restricted librarian; that should fix the narrow" issue. I've asked our admins in RT 41109 to do this.

Once lifeless's branch to allow direct access to restricted Librarian files via a query parameter has landed, we can also fix the issue for "ordinary" webservice clients, without risking timeouts or hammering the app servers.

Fixed in stable r11491 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/11491>.

I can confirm it's fixed:

In [7]: from launchpadlib.uris import LPNET_SERVICE_ROOT
In [8]: from launchpadlib.launchpad import Launchpad
In [9]: lp = Launchpad.login_with("testing", LPNET_SERVICE_ROOT, "/tmp/lp", version="devel")
[...]
In [10]: b = lp.bugs[622597]
In [11]: b.attachments[0].data
Out[11]: <lazr.restfulclient.resource.HostedFile object at 0x2928a90>
In [12]: f = b.attachments[0].data.open()
In [13]: f
Out[13]: <lazr.restfulclient.resource.HostedFileBuffer instance at 0x2921a28>

On Sun, Sep 5, 2010 at 9:27 PM, Markus Korn <email address hidden> wrote:
> I can confirm it's fixed:
>
> In [7]: from launchpadlib.uris import LPNET_SERVICE_ROOT
> In [8]: from launchpadlib.launchpad import Launchpad
> In [9]: lp = Launchpad.login_with("testing", LPNET_SERVICE_ROOT, "/tmp/lp", version="devel")
> [...]
> In [10]: b = lp.bugs[622597]
> In [11]: b.attachments[0].data
> Out[11]: <lazr.restfulclient.resource.HostedFile object at 0x2928a90>
> In [12]: f = b.attachments[0].data.open()
> In [13]: f
> Out[13]: <lazr.restfulclient.resource.HostedFileBuffer instance at 0x2921a28>

Where are you running that? this isn't meant to be fixed except on a
very specific machine in the canonical datacentre.

Fixed in stable r11506 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/11506>.

We have confirmed the permissions issues are fixed, so I'll mark this qa-ok. There are remaining issues like timeouts with uploads that abel and seb128 are actively working on.

This is still happening in the Apport test suite, for a bug filed on staging. Test case:

$ lp-shell staging
Connected to LP service "https://api.staging.launchpad.net/" with API version "1.0":
Note: LP can be accessed through the "lp" object.
>>> b=lp.bugs[634699]
>>> f = b.attachments[0].data.open()
Traceback (most recent call last):
[...]
AttributeError: 'NoneType' object has no attribute 'makefile'

Bug 634699 is only accessible to me for now, but I don't think it's specific to me. Just try filing a private bug, and use that one.

Reopening, since this is still happening.

Martin is right. This isn't fixed yet. We only allowed access for the retracers until we can get a permanent fix in place. Abel will be working with Robert to finish off the new private librarian work, which should fix this for everyone.

Fixed in stable r12041 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/12041>.

r12041 unfortunately does _not_ fix this bug: Webservice clients simply "see" the public URL for attachments of private bugs, but they should see a URL containing the access token

Marking qa-ok since r12041 has been reverted. Abel forgot to use the --rollback flag. Also, I'm sorry to say I'm still dumb about what to do to patch up the tagging when this happens. If we need a bad commit tag manually, or not?

Set to qa-bad again to block deployment until we sort out the confusion done by the revert. Due to the missing --rollback option the https://devpad.canonical.com/~lpqateam/qa_reports/deployment-stable.html is reporting the wrong revision to be deployed.

Marked as qa-ok to unblock the qa-tagger report, but 12041 shouldn't be rolled out without 12080.

Fixed in stable r12165 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/12165>.

Removing from oem-priority, this isn't an appropriate oem-priority escalation. The bug in LP appears to be fixed, anyway.