Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redfish API Logout rises exception on Dell PowerVault ME5024 due to missing session_location #172

Open
mateusrissi opened this issue Feb 28, 2025 · 4 comments · May be fixed by #177
Open

Redfish API Logout rises exception on Dell PowerVault ME5024 due to missing session_location #172

mateusrissi opened this issue Feb 28, 2025 · 4 comments · May be fixed by #177
Assignees
@mraineri

Comments

@mateusrissi
Copy link

Hi there!

I'm collecting information from a Dell PowerVault ME5024 storage device using its Redfish API. Everything works fine —I can authenticate and gather the required data— but I'm having trouble with session cleanup. The logout function doesn't work, causing sessions to accumulate over time.

Environment

  • Python: 3.11.5
  • Redfish Library: 3.2.8

Issue
It seems that the session location is not returned in the Location header of the auth request, but rather within the response body. This prevents the standard Redfish logout function from working as expected.

Follows one example session log:

>>> import redfish
>>> import logging
>>> logging.basicConfig(level=logging.DEBUG)
>>> LOGGER = logging.getLogger(__name__)
>>> REDFISH_OBJ = redfish.redfish_client(base_url="https://10.10.10.149", username="user01", password="password01")
DEBUG:redfish.rest.v1:HTTP REQUEST (GET) for /redfish/v1/:
Headers:
        Accept: */*
        OData-Version: 4.0

Body: No request body

INFO:redfish.rest.v1:Attempt 1 of /redfish/v1/
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): 10.10.10.149:443
DEBUG:urllib3.connectionpool:https://10.10.10.149:443 "GET /redfish/v1/ HTTP/1.1" 200 1243
INFO:redfish.rest.v1:Response Time for GET to /redfish/v1/: 0.6020471677184105 seconds.
DEBUG:redfish.rest.v1:HTTP RESPONSE for /redfish/v1/:
Code: 200 OK

Headers:
        Connection: keep-alive
        Content-Type: application/json; charset="utf-8"
        Content-Length: 1243
        X-Frame-Options: SAMEORIGIN
        Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * 'self' data:; base-uri 'self'; object-src 'self'
        X-Content-Type-Options: nosniff
        X-XSS-Protection: 1
        Strict-Transport-Security: max-age=31536000;
        Cache-Control: no-cache, no-store, must-revalidate

Body Response of /redfish/v1/:
{
    "@odata.context": "/redfish/v1/$metadata#ServiceRoot.ServiceRoot",
    "@odata.id": "/redfish/v1/",
    "@odata.type": "#ServiceRoot.v1_9_0.ServiceRoot",
    "Chassis": {
        "@odata.id": "/redfish/v1/Chassis"
    },
    "CompositionService": {
        "@odata.id": "/redfish/v1/CompositionService"
    },
    "EventService": {
        "@odata.id": "/redfish/v1/EventService"
    },
    "Fabrics": {
        "@odata.id": "/redfish/v1/Fabrics"
    },
    "Id": "RootService",
    "Links": {
        "Sessions": {
            "@odata.id": "/redfish/v1/SessionService/Sessions"
        }
    },
    "Managers": {
        "@odata.id": "/redfish/v1/Managers"
    },
    "Name": "Root Service",
    "Oem": {
        "Seagate": {
            "RedfishServiceVersion": "2.4.19"
        }
    },
    "RedfishVersion": "1.12.0",
    "SessionService": {
        "@odata.id": "/redfish/v1/SessionService"
    },
    "Storage": {
        "@odata.id": "/redfish/v1/Storage"
    },
    "Systems": {
        "@odata.id": "/redfish/v1/Systems"
    },
    "Tasks": {
        "@odata.id": "/redfish/v1/TaskService"
    },
    "UUID": "32333614-2278-2942-8820-489096705433",
    "UpdateService": {
        "@odata.id": "/redfish/v1/UpdateService"
    }
}
>>> REDFISH_OBJ.login(auth="session")
DEBUG:redfish.rest.v1:HTTP REQUEST (POST) for /redfish/v1/SessionService/Sessions:
Headers:
        Accept: */*
        OData-Version: 4.0
        Content-Type: application/json

Body: {"UserName": "user01", "Password": "<REDACTED>"}

INFO:redfish.rest.v1:Attempt 1 of /redfish/v1/SessionService/Sessions
DEBUG:urllib3.connectionpool:https://10.10.10.149:443 "POST /redfish/v1/SessionService/Sessions HTTP/1.1" 201 278
INFO:redfish.rest.v1:Response Time for POST to /redfish/v1/SessionService/Sessions: 0.04334944486618042 seconds.
DEBUG:redfish.rest.v1:HTTP RESPONSE for /redfish/v1/SessionService/Sessions:
Code: 201 Created

Headers:
        Connection: keep-alive
        Content-Type: application/json; charset="utf-8"
        Content-Length: 278
        X-Frame-Options: SAMEORIGIN
        Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * 'self' data:; base-uri 'self'; object-src 'self'
        X-Content-Type-Options: nosniff
        X-XSS-Protection: 1
        Strict-Transport-Security: max-age=31536000;
        Cache-Control: no-cache, no-store, must-revalidate
        X-Auth-Token: ea4ceb756bc29c0040d625d432d1cdf1

Body Response of /redfish/v1/SessionService/Sessions:
{
    "@odata.context": "/redfish/v1/$metadata#Session.Session",
    "@odata.id": "/redfish/v1/SessionService/Sessions/166",
    "@odata.type": "#Session.v1_3_0.Session",
    "Description": "User Session",
    "Id": "166",
    "Name": "User Session",
    "UserName": "user01"
}

INFO:redfish.rest.v1:Login returned code 201: {
    "@odata.context": "/redfish/v1/$metadata#Session.Session",
    "@odata.id": "/redfish/v1/SessionService/Sessions/166",
    "@odata.type": "#Session.v1_3_0.Session",
    "Description": "User Session",
    "Id": "166",
    "Name": "User Session",
    "UserName": "user01"
}
>>> REDFISH_OBJ.logout()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/data_disk/redfish/lib64/python3.11/site-packages/redfish/rest/v1.py", line 1053, in logout
    resp = self.delete(session_loc)
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/data_disk/redfish/lib64/python3.11/site-packages/redfish/rest/v1.py", line 753, in delete
    return self._rest_request(path, method='DELETE', args=args,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/data_disk/redfish/lib64/python3.11/site-packages/redfish/rest/v1.py", line 1137, in _rest_request
    return super(HttpClient, self)._rest_request(path=path, method=method,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/data_disk/redfish/lib64/python3.11/site-packages/redfish/rest/v1.py", line 807, in _rest_request
    reqpath = path.replace('//', '/')
              ^^^^^^^^^^^^^^^^^^^^^^^
TypeError: a bytes-like object is required, not 'str'
>>>

What I've Tried
I attempted to manually call the delete() function, but I wasn't able to correctly extract and use the Id field from the authentication response body.

Help
Is there a workaround for it? Thanks in advance!
@mraineri
Copy link
Contributor

I see there is no Location header in the response for the POST request to make the session; that's a spec violation and is causing the exception.

When you say you tried to manually delete the session, was this by using the value of the @odata.id from the initial login response?

@mateusrissi
Copy link
Author

Yes, that is right.

>>> REDFISH_OBJ.login(auth="session")
DEBUG:redfish.rest.v1:HTTP REQUEST (POST) for /redfish/v1/SessionService/Sessions:
Headers:
        Accept: */*
        OData-Version: 4.0
        Content-Type: application/json

Body: {"UserName": "user01", "Password": "<REDACTED>"}

INFO:redfish.rest.v1:Attempt 1 of /redfish/v1/SessionService/Sessions
DEBUG:urllib3.connectionpool:https://10.10.10.149:443 "POST /redfish/v1/SessionService/Sessions HTTP/1.1" 201 278
INFO:redfish.rest.v1:Response Time for POST to /redfish/v1/SessionService/Sessions: 0.08051324635744095 seconds.
DEBUG:redfish.rest.v1:HTTP RESPONSE for /redfish/v1/SessionService/Sessions:
Code: 201 Created

Headers:
        Connection: keep-alive
        Content-Type: application/json; charset="utf-8"
        Content-Length: 278
        X-Frame-Options: SAMEORIGIN
        Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * 'self' data:; base-uri 'self'; object-src 'self'
        X-Content-Type-Options: nosniff
        X-XSS-Protection: 1
        Strict-Transport-Security: max-age=31536000;
        Cache-Control: no-cache, no-store, must-revalidate
        X-Auth-Token: 2b8229fb3f8668d03b76fd8b1c106ed2

Body Response of /redfish/v1/SessionService/Sessions:
{
    "@odata.context": "/redfish/v1/$metadata#Session.Session",
    "@odata.id": "/redfish/v1/SessionService/Sessions/167",
    "@odata.type": "#Session.v1_3_0.Session",
    "Description": "User Session",
    "Id": "167",
    "Name": "User Session",
    "UserName": "user01"
}

INFO:redfish.rest.v1:Login returned code 201: {
    "@odata.context": "/redfish/v1/$metadata#Session.Session",
    "@odata.id": "/redfish/v1/SessionService/Sessions/167",
    "@odata.type": "#Session.v1_3_0.Session",
    "Description": "User Session",
    "Id": "167",
    "Name": "User Session",
    "UserName": "user01"
}
>>> print(REDFISH_OBJ.get('/redfish/v1/SessionService/Sessions'))
DEBUG:redfish.rest.v1:HTTP REQUEST (GET) for /redfish/v1/SessionService/Sessions:
Headers:
        X-Auth-Token: 2b8229fb3f8668d03b76fd8b1c106ed2
        Accept: */*
        OData-Version: 4.0

Body: No request body

INFO:redfish.rest.v1:Attempt 1 of /redfish/v1/SessionService/Sessions
DEBUG:urllib3.connectionpool:https://10.10.10.149:443 "GET /redfish/v1/SessionService/Sessions HTTP/1.1" 200 375
INFO:redfish.rest.v1:Response Time for GET to /redfish/v1/SessionService/Sessions: 0.03025517240166664 seconds.
DEBUG:redfish.rest.v1:HTTP RESPONSE for /redfish/v1/SessionService/Sessions:
Code: 200 OK

Headers:
        Connection: keep-alive
        Content-Type: application/json; charset="utf-8"
        Content-Length: 375
        X-Frame-Options: SAMEORIGIN
        Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * 'self' data:; base-uri 'self'; object-src 'self'
        X-Content-Type-Options: nosniff
        X-XSS-Protection: 1
        Strict-Transport-Security: max-age=31536000;
        Cache-Control: no-cache, no-store, must-revalidate

Body Response of /redfish/v1/SessionService/Sessions:
{
    "@odata.context": "/redfish/v1/$metadata#SessionCollection.SessionCollection",
    "@odata.id": "/redfish/v1/SessionService/Sessions",
    "@odata.type": "#SessionCollection.SessionCollection",
    "Members": [
        {
            "@odata.id": "/redfish/v1/SessionService/Sessions/167"
        }
    ],
    "[email protected]": 1,
    "Name": "Session Collection"
}

200
Connection keep-alive
Content-Type application/json; charset="utf-8"
Content-Length 375
X-Frame-Options SAMEORIGIN
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * 'self' data:; base-uri 'self'; object-src 'self'
X-Content-Type-Options nosniff
X-XSS-Protection 1
Strict-Transport-Security max-age=31536000;
Cache-Control no-cache, no-store, must-revalidate


{
    "@odata.context": "/redfish/v1/$metadata#SessionCollection.SessionCollection",
    "@odata.id": "/redfish/v1/SessionService/Sessions",
    "@odata.type": "#SessionCollection.SessionCollection",
    "Members": [
        {
            "@odata.id": "/redfish/v1/SessionService/Sessions/167"
        }
    ],
    "[email protected]": 1,
    "Name": "Session Collection"
}

>>> REDFISH_OBJ.delete("/redfish/v1/SessionService/Sessions/167")
DEBUG:redfish.rest.v1:HTTP REQUEST (DELETE) for /redfish/v1/SessionService/Sessions/167:
Headers:
        X-Auth-Token: 2b8229fb3f8668d03b76fd8b1c106ed2
        Accept: */*
        OData-Version: 4.0

Body: No request body

INFO:redfish.rest.v1:Attempt 1 of /redfish/v1/SessionService/Sessions/167
DEBUG:urllib3.connectionpool:https://10.10.10.149:443 "DELETE /redfish/v1/SessionService/Sessions/167 HTTP/1.1" 200 None
INFO:redfish.rest.v1:Response Time for DELETE to /redfish/v1/SessionService/Sessions/167: 2.0162317641079426 seconds.
DEBUG:redfish.rest.v1:HTTP RESPONSE for /redfish/v1/SessionService/Sessions/167:
Code: 200 OK

Headers:
        Connection: keep-alive
        Content-Type: application/json; charset="utf-8"
        X-Frame-Options: SAMEORIGIN
        Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * 'self' data:; base-uri 'self'; object-src 'self'
        X-Content-Type-Options: nosniff
        X-XSS-Protection: 1
        Strict-Transport-Security: max-age=31536000;
        Cache-Control: no-cache, no-store, must-revalidate

Body Response of /redfish/v1/SessionService/Sessions/167:
b''

<redfish.rest.v1.RestResponse object at 0x7fc7a7092e10>

Is there a way to save the "Body Response of /redfish/v1/SessionService/Sessions"?

@mraineri
Copy link
Contributor

mraineri commented Feb 28, 2025
edited
Loading

As an experiment, would you be willing to try changing this line here: https://github.com/DMTF/python-redfish-library/blob/main/src/redfish/rest/v1.py#L292

to the following:

self._session_location = self.dict["@odata.id"]

@mateusrissi
Copy link
Author

mateusrissi commented Feb 28, 2025
edited
Loading

Yes, this fix worked!

>>> REDFISH_OBJ.logout()
DEBUG:redfish.rest.v1:HTTP REQUEST (DELETE) for /redfish/v1/SessionService/Sessions/188:
Headers:
        X-Auth-Token: 613dd320b175dfd4e535bd8ad06f1c07
        Accept: */*
        OData-Version: 4.0

Body: No request body

INFO:redfish.rest.v1:Attempt 1 of /redfish/v1/SessionService/Sessions/188
DEBUG:urllib3.connectionpool:https://10.10.10.149:443 "DELETE /redfish/v1/SessionService/Sessions/188 HTTP/1.1" 200 None
INFO:redfish.rest.v1:Response Time for DELETE to /redfish/v1/SessionService/Sessions/188: 2.016038376837969 seconds.
DEBUG:redfish.rest.v1:HTTP RESPONSE for /redfish/v1/SessionService/Sessions/188:
Code: 200 OK

Headers:
        Connection: keep-alive
        Content-Type: application/json; charset="utf-8"
        X-Frame-Options: SAMEORIGIN
        Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * 'self' data:; base-uri 'self'; object-src 'self'
        X-Content-Type-Options: nosniff
        X-XSS-Protection: 1
        Strict-Transport-Security: max-age=31536000;
        Cache-Control: no-cache, no-store, must-revalidate

Body Response of /redfish/v1/SessionService/Sessions/188:
b''

INFO:redfish.rest.v1:User logged out:

@mraineri mraineri self-assigned this Mar 18, 2025
@mraineri mraineri linked a pull request Mar 18, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mraineri mraineri

Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@mraineri @mateusrissi