-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fusillade Authz helper function #57
Conversation
- This simplifies the process of adding fusillade authz to flask applications endpoints.
Codecov Report
@@ Coverage Diff @@
## master #57 +/- ##
==========================================
- Coverage 70.63% 70.38% -0.26%
==========================================
Files 29 30 +1
Lines 1083 1192 +109
==========================================
+ Hits 765 839 +74
- Misses 318 353 +35
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tests are not passing locally, I'm seeing lots of auth-related errors when I run make test
:
test_expired (tests.security.test_dcp_service_account.TestAuthn) ... ERROR
test_positive (tests.security.test_dcp_service_account.TestAuthn) ... ERROR
test_delete_of_existing_secret_deletes_secret (tests.test_aws_secret.TestAwsSecret) ... ERROR
test_delete_of_unknown_secret_raises_exception (tests.test_aws_secret.TestAwsSecret) ... ERROR
test_init_of_existing_secret_retrieves_secret_metadata (tests.test_aws_secret.TestAwsSecret) ... ERROR
test_init_of_unknown_secret_does_not_set_secret_metadata (tests.test_aws_secret.TestAwsSecret) ... ERROR
test_update_of_existing_secret_updates_secret (tests.test_aws_secret.TestAwsSecret) ... ERROR
test_value_of_existing_deleted_secret_raises_exception (tests.test_aws_secret.TestAwsSecret) ... ERROR
test_value_of_existing_secret_returns_value (tests.test_aws_secret.TestAwsSecret) ... ERROR
test_value_of_unknown_secret_raises_exception (tests.test_aws_secret.TestAwsSecret) ... ERROR
test_aws_utils (tests.test_aws_utils.TestAWSUtils) ... ERROR
test_custom_secret_name (tests.test_config.TestConfig) ... ERROR
test_from_aws (tests.test_config.TestConfig) ... ERROR
test_from_file (tests.test_config.TestConfig) ... ERROR
test_singletonness (tests.test_config.TestConfig) ... ERROR
test_when_item_is_in_config_and_is_in_env_and_use_env_is_set_we_use_env (tests.test_config.TestConfig) ... ERROR
test_when_item_is_in_config_but_not_in_env_and_use_env_is_not_set_we_use_config (tests.test_config.TestConfig) ... ERROR
test_when_item_is_in_config_but_not_in_env_and_use_env_is_set_we_use_config (tests.test_config.TestConfig) ... ERROR
test_when_item_is_not_in_config_but_is_in_env_and_use_env_is_not_set_we_raise (tests.test_config.TestConfig) ... ERROR
test_when_item_is_not_in_config_but_is_in_env_and_use_env_is_set_we_use_env (tests.test_config.TestConfig) ... ERROR
test_when_item_is_not_in_config_not_in_env_we_raise (tests.test_config.TestConfig) ... ERROR
and several tracebacks that all look like this:
======================================================================
ERROR: setUpClass (tests.security.test_authn.TestAuthn)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/Users/charles/codes/dcplib/tests/security/test_authn.py", line 24, in setUpClass
audience=["https://data.humancellatlas.org/"])
File "/Users/charles/codes/dcplib/dcplib/security/dcp_service_account.py", line 40, in from_secrets_manager
credentials = json.loads(AwsSecret(secret_id).value)
File "/Users/charles/codes/dcplib/dcplib/aws_secret.py", line 27, in __init__
self._load()
File "/Users/charles/codes/dcplib/dcplib/aws_secret.py", line 80, in _load
raise e
File "/Users/charles/codes/dcplib/dcplib/aws_secret.py", line 71, in _load
response = self.secrets_mgr.describe_secret(SecretId=self.name)
File "/Users/charles/.pyenv/versions/miniconda3-4.3.30/lib/python3.6/site-packages/botocore/client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/Users/charles/.pyenv/versions/miniconda3-4.3.30/lib/python3.6/site-packages/botocore/client.py", line 661, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (UnrecognizedClientException) when calling the DescribeSecret operation: The security token included in the request is invalid.
======================================================================
ERROR: setUpClass (tests.security.test_authz.TestAuthn)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/Users/charles/codes/dcplib/tests/security/test_authz.py", line 26, in setUpClass
audience=["https://data.humancellatlas.org/"])
File "/Users/charles/codes/dcplib/dcplib/security/dcp_service_account.py", line 40, in from_secrets_manager
credentials = json.loads(AwsSecret(secret_id).value)
File "/Users/charles/codes/dcplib/dcplib/aws_secret.py", line 27, in __init__
self._load()
File "/Users/charles/codes/dcplib/dcplib/aws_secret.py", line 80, in _load
raise e
File "/Users/charles/codes/dcplib/dcplib/aws_secret.py", line 71, in _load
response = self.secrets_mgr.describe_secret(SecretId=self.name)
File "/Users/charles/.pyenv/versions/miniconda3-4.3.30/lib/python3.6/site-packages/botocore/client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/Users/charles/.pyenv/versions/miniconda3-4.3.30/lib/python3.6/site-packages/botocore/client.py", line 661, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (UnrecognizedClientException) when calling the DescribeSecret operation: The security token included in the request is invalid.
This may be an operator-specific problem, due to me not having sufficient permissions to access secrets - if so I'll approve to unblock the PR
Co-Authored-By: Charles Reid <53452777+chmreid@users.noreply.github.com>
@chmreid did you have aws_profile set? |
No, I didn't have that environment variable set. I gave it a try again and it worked! I have a setup like the one described in the aws console page in the dcp ops wiki, to use |
This simplifies the process of adding fusillade authz to connexion applications endpoints.