From 793c8d95afe9bdcbeead591154dca29dbe394d38 Mon Sep 17 00:00:00 2001 From: Stefaan Lippens Date: Thu, 8 Feb 2024 15:54:39 +0100 Subject: [PATCH] Issue #112 move auth_entitlement_check config to AggregatorBackendConfig auth_entitlement_check is currently unused, so no migration path necessary --- CHANGELOG.md | 4 ++++ src/openeo_aggregator/about.py | 2 +- src/openeo_aggregator/backend.py | 2 +- src/openeo_aggregator/config.py | 3 +-- tests/conftest.py | 14 +++++++++----- tests/test_views.py | 28 +++++++--------------------- 6 files changed, 23 insertions(+), 30 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 506dcb3..38efe27 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file. The format is roughly based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## [0.18.3] + +- Move `auth_entitlement_check` config to `AggregatorBackendConfig` ([#112](https://github.com/Open-EO/openeo-aggregator/issues/112)) + ## [0.18.2] - Add support for standard `OpenEoBackendConfig.oidc_providers` and deprecate `AggregatorConfig.configured_oidc_providers` ([#112](https://github.com/Open-EO/openeo-aggregator/issues/112)) diff --git a/src/openeo_aggregator/about.py b/src/openeo_aggregator/about.py index 8de78ba..42f4253 100644 --- a/src/openeo_aggregator/about.py +++ b/src/openeo_aggregator/about.py @@ -2,7 +2,7 @@ import sys from typing import Optional -__version__ = "0.18.2a1" +__version__ = "0.18.3a1" def log_version_info(logger: Optional[logging.Logger] = None): diff --git a/src/openeo_aggregator/backend.py b/src/openeo_aggregator/backend.py index 589759a..2b9f32d 100644 --- a/src/openeo_aggregator/backend.py +++ b/src/openeo_aggregator/backend.py @@ -1319,7 +1319,7 @@ def __init__(self, backends: MultiBackendConnection, config: AggregatorConfig): self._configured_oidc_providers: List[OidcProvider] = ( get_backend_config().oidc_providers or config.configured_oidc_providers ) - self._auth_entitlement_check: Union[bool, dict] = config.auth_entitlement_check + self._auth_entitlement_check: Union[bool, dict] = get_backend_config().auth_entitlement_check self._memoizer: Memoizer = memoizer_from_config(config=config, namespace="general") self._backends.on_connections_change.add(self._memoizer.invalidate) diff --git a/src/openeo_aggregator/config.py b/src/openeo_aggregator/config.py index 8141343..5ceb490 100644 --- a/src/openeo_aggregator/config.py +++ b/src/openeo_aggregator/config.py @@ -47,8 +47,6 @@ class AggregatorConfig(dict): # TODO #112 `configured_oidc_providers` is deprecated, use `OpenEoBackendConfig.oidc_providers` instead configured_oidc_providers: List[OidcProvider] = dict_item(default=[]) - auth_entitlement_check: Union[bool, dict] = dict_item(default=False) - partitioned_job_tracking = dict_item(default=None) zookeeper_prefix = dict_item(default="/openeo-aggregator/") kazoo_client_factory = dict_item(default=None) @@ -138,6 +136,7 @@ class AggregatorBackendConfig(OpenEoBackendConfig): streaming_chunk_size: int = STREAM_CHUNK_SIZE_DEFAULT + auth_entitlement_check: Union[bool, dict] = False # Internal singleton _config_getter = ConfigGetter(expected_class=AggregatorBackendConfig) diff --git a/tests/conftest.py b/tests/conftest.py index 079d07d..f74ca61 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -14,7 +14,11 @@ MultiBackendConnection, ) from openeo_aggregator.config import AggregatorConfig -from openeo_aggregator.testing import DummyKazooClient, MetadataBuilder +from openeo_aggregator.testing import ( + DummyKazooClient, + MetadataBuilder, + config_overrides, +) pytest_plugins = "pytester" @@ -121,8 +125,6 @@ def base_config( # conf.flask_error_handling = False # Temporary disable flask error handlers to simplify debugging (better stack traces). conf.configured_oidc_providers = configured_oidc_providers - # Disable OIDC/EGI entitlement check by default. - conf.auth_entitlement_check = False conf.memoizer = memoizer_config conf.connections_cache_ttl = connections_cache_ttl @@ -202,8 +204,10 @@ def api100(flask_app: flask.Flask) -> ApiTester: @pytest.fixture def api100_with_entitlement_check(config: AggregatorConfig) -> ApiTester: - config.auth_entitlement_check = {"oidc_issuer_whitelist": {"https://egi.test", "https://egi.test/oidc"}} - return get_api100(get_flask_app(config)) + with config_overrides( + auth_entitlement_check={"oidc_issuer_whitelist": {"https://egi.test", "https://egi.test/oidc"}} + ): + yield get_api100(get_flask_app(config)) def assert_dict_subset(d1: dict, d2: dict): diff --git a/tests/test_views.py b/tests/test_views.py index 627c7b9..3846e3b 100644 --- a/tests/test_views.py +++ b/tests/test_views.py @@ -490,15 +490,6 @@ def test_oidc_enrolled(self, api100_with_entitlement_check, requests_mock, edupe assert data["roles"] == expected_roles assert "default_plan" not in data - @pytest.fixture - def override_oidc_providers(self, oidc_issuer: str): - with config_overrides( - oidc_providers=[ - OidcProvider(id="egi", issuer=oidc_issuer, title="EGI"), - ] - ): - yield - @pytest.mark.parametrize( ["whitelist", "oidc_issuer", "success"], [ @@ -512,18 +503,8 @@ def override_oidc_providers(self, oidc_issuer: str): ], ) def test_issuer_url_normalization( - self, - config, - requests_mock, - backend1, - backend2, - whitelist, - override_oidc_providers, - oidc_issuer, - success, - caplog, + self, config, requests_mock, backend1, backend2, whitelist, oidc_issuer, success, caplog ): - config.auth_entitlement_check = {"oidc_issuer_whitelist": whitelist} requests_mock.get( backend1 + "/credentials/oidc", json={"providers": [{"id": "egi", "issuer": oidc_issuer, "title": "EGI"}]} @@ -540,7 +521,12 @@ def test_issuer_url_normalization( "urn:mace:egi.eu:group:vo.openeo.cloud:role=early_adopter#aai.egi.eu", ]) ) - api100 = get_api100(get_flask_app(config)) + with config_overrides( + oidc_providers=[OidcProvider(id="egi", issuer=oidc_issuer, title="EGI")], + auth_entitlement_check={"oidc_issuer_whitelist": whitelist}, + ): + api100 = get_api100(get_flask_app(config)) + api100.set_auth_bearer_token(token="oidc/egi/funiculifunicula") if success: