Yes, I know, I should have been using an API key. I’m using one now.
Back when I was an idiot (questionable if that has changed) when I was was first starting out with SCALE, I wrote a script to pull my wildcard cert from TrueNAS and distribute it to my VMs. Now, I didn’t know API keys existed at this point, and figured it out purely by inspecting the requests made via the WebUI when downloading the certs.
For a long time, this has worked. However as of the most recent expiry (this morning at 10:00), I ran into an issue that confused me to the point of a total rebuild.
I did not see the cert had expired, what I did see was middlewared pinning my CPU at 100c, completely soaking my heatsink, and my CPU trying its absolute best not to go into nuclear meltdown. The only indication I had of any issue was the audit log showing a login, service Middleware, every half a second.
This is because the API had started returning “401 unauthorized”. I checked the basic auth, it was correct. This is weird, it’s been working for a long time, and if it wasn’t broken I didn’t want to fix it. Now it was broken though, so I had to fix it.
Switched it out for an API key (after looking up the documentation and figuring out how this should actually be set up) and now it’s working nicely.
My questions are as follows:
- Has basic auth been removed from API endpoints, and if so, when? I haven’t seen any notice for this and I’d consider it a ‘breaking’ change.
- Why does the API response hang on a 401 unauthorized message instead of exiting immediately? This is what led to a major amplification of requests over time.
- Why are API requests not logged as such in the audit log?
Of course I’m not remotely upset about this (if anything, at myself for using basic auth) but really am confused if maybe I missed this mentioned somewhere in the changelogs for Dragonfish. At the very least I’m certain it was working on Cobia.