Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent default credentials #77

Open
sgherdao opened this issue Feb 21, 2025 · 1 comment
Open

Prevent default credentials #77

sgherdao opened this issue Feb 21, 2025 · 1 comment
Assignees
@alex-muench
Milestone
v2.0.16

Comments

@sgherdao
Copy link
Collaborator

Description

When deploying and using default credentials the deployment fails

Expected Behavior

deployment successful

Actual Behavior

Got a traceback, it would appear vManage doesn't like re-using default credentials

❯ csdwan deploy 20.15.1
SD-WAN Manager IP address: ...
SD-WAN Manager user: admin
SD-WAN Manager password: admin  (hidden)
SD-WAN Manager subnet mask (e.g. /24): /27
SD-WAN Manager gateway IP: ...
Waiting for SD-WAN Manager API (attempt 30)...WARNING - Cannot determine session type for tenancy-mode: None, user-mode: None, view-mode: None
Configuring basic settings...Traceback (most recent call last):
  File "~/catalyst-sdwan-lab--iY71hTS-py3.12/bin/csdwan", line 6, in <module>
    sys.exit(cli())
             ^^^^^
  File "~/catalyst-sdwan-lab--iY71hTS-py3.12/lib/python3.12/site-packages/rich_click/rich_command.py", line 367, in __call__
    return super().__call__(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "~/catalyst-sdwan-lab--iY71hTS-py3.12/lib/python3.12/site-packages/click/core.py", line 1158, in __call__
    return self.main(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "~/catalyst-sdwan-lab--iY71hTS-py3.12/lib/python3.12/site-packages/rich_click/rich_command.py", line 152, in main
    rv = self.invoke(ctx)
         ^^^^^^^^^^^^^^^^
  File "~/catalyst-sdwan-lab--iY71hTS-py3.12/lib/python3.12/site-packages/click/core.py", line 1694, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "~/catalyst-sdwan-lab--iY71hTS-py3.12/lib/python3.12/site-packages/click/core.py", line 1440, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "~/catalyst-sdwan-lab--iY71hTS-py3.12/lib/python3.12/site-packages/click/core.py", line 785, in invoke
    return __callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "~/sdwan-lab-deployment-tool/catalyst_sdwan_lab/cli.py", line 169, in wrapper_common_options
    return f(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^
  File "~/sdwan-lab-deployment-tool/catalyst_sdwan_lab/cli.py", line 191, in wrapper_common_options
    return f(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^
  File "~/catalyst-sdwan-lab--iY71hTS-py3.12/lib/python3.12/site-packages/click/decorators.py", line 33, in new_func
    return f(get_current_context(), *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "~/sdwan-lab-deployment-tool/catalyst_sdwan_lab/cli.py", line 263, in cli_deploy
    deploy.main(
  File "~/sdwan-lab-deployment-tool/catalyst_sdwan_lab/tasks/deploy.py", line 173, in main
    configure_manager_basic_settings(manager_session, ca_chain, log)
  File "~/sdwan-lab-deployment-tool/catalyst_sdwan_lab/tasks/utils.py", line 145, in configure_manager_basic_settings
    if manager_config_settings.get_organizations().first().org is None:
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "~/catalyst-sdwan-lab--iY71hTS-py3.12/lib/python3.12/site-packages/catalystwan/endpoints/__init__.py", line 547, in wrapper
    response = _self._request(
               ^^^^^^^^^^^^^^^
  File "~/catalyst-sdwan-lab--iY71hTS-py3.12/lib/python3.12/site-packages/catalystwan/endpoints/__init__.py", line 222, in _request
    return self._client.request(method, self._basepath + url, **_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "~/catalyst-sdwan-lab--iY71hTS-py3.12/lib/python3.12/site-packages/catalystwan/session.py", line 356, in request
    raise DefaultPasswordError("Password must be changed to use this session.")
catalystwan.exceptions.DefaultPasswordError: Password must be changed to use this session.


## Affected Version

2.0.14

## Steps to Reproduce

run csdwan deploy and use admin/admin as credentails

## Checklist

<!-- TODO: Update the link below to point to your project's contributing guidelines -->
- [x] I have read the [contributing guidelines](/CONTRIBUTING.md)
- [x] I have verified this does not duplicate an existing issue
@tzarski0 tzarski0 added this to the v2.0.16 milestone Feb 22, 2025
@tzarski0 tzarski0 removed their assignment Feb 25, 2025
@tzarski0
Copy link
Contributor

We should make sure we do not allow users to run the script with admin/admin credentials. When that happens we should exit and let user know they should not use default credentials.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alex-muench alex-muench

Labels
None yet
Projects
None yet
Milestone
v2.0.16
Development

No branches or pull requests
3 participants
@tzarski0 @sgherdao @alex-muench