Fusillade Authz helper function #57
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- This simplifies the process of adding fusillade authz to flask applications endpoints.
Codecov Report
@@ Coverage Diff @@
## master #57 +/- ##
==========================================
- Coverage 70.63% 70.38% -0.26%
==========================================
Files 29 30 +1
Lines 1083 1192 +109
==========================================
+ Hits 765 839 +74
- Misses 318 353 +35
Continue to review full report at Codecov.
|
chmreid
requested changes
Sep 30, 2019
There was a problem hiding this comment.
Tests are not passing locally, I'm seeing lots of auth-related errors when I run make test:
test_expired (tests.security.test_dcp_service_account.TestAuthn) ... ERROR
test_positive (tests.security.test_dcp_service_account.TestAuthn) ... ERROR
test_delete_of_existing_secret_deletes_secret (tests.test_aws_secret.TestAwsSecret) ... ERROR
test_delete_of_unknown_secret_raises_exception (tests.test_aws_secret.TestAwsSecret) ... ERROR
test_init_of_existing_secret_retrieves_secret_metadata (tests.test_aws_secret.TestAwsSecret) ... ERROR
test_init_of_unknown_secret_does_not_set_secret_metadata (tests.test_aws_secret.TestAwsSecret) ... ERROR
test_update_of_existing_secret_updates_secret (tests.test_aws_secret.TestAwsSecret) ... ERROR
test_value_of_existing_deleted_secret_raises_exception (tests.test_aws_secret.TestAwsSecret) ... ERROR
test_value_of_existing_secret_returns_value (tests.test_aws_secret.TestAwsSecret) ... ERROR
test_value_of_unknown_secret_raises_exception (tests.test_aws_secret.TestAwsSecret) ... ERROR
test_aws_utils (tests.test_aws_utils.TestAWSUtils) ... ERROR
test_custom_secret_name (tests.test_config.TestConfig) ... ERROR
test_from_aws (tests.test_config.TestConfig) ... ERROR
test_from_file (tests.test_config.TestConfig) ... ERROR
test_singletonness (tests.test_config.TestConfig) ... ERROR
test_when_item_is_in_config_and_is_in_env_and_use_env_is_set_we_use_env (tests.test_config.TestConfig) ... ERROR
test_when_item_is_in_config_but_not_in_env_and_use_env_is_not_set_we_use_config (tests.test_config.TestConfig) ... ERROR
test_when_item_is_in_config_but_not_in_env_and_use_env_is_set_we_use_config (tests.test_config.TestConfig) ... ERROR
test_when_item_is_not_in_config_but_is_in_env_and_use_env_is_not_set_we_raise (tests.test_config.TestConfig) ... ERROR
test_when_item_is_not_in_config_but_is_in_env_and_use_env_is_set_we_use_env (tests.test_config.TestConfig) ... ERROR
test_when_item_is_not_in_config_not_in_env_we_raise (tests.test_config.TestConfig) ... ERROR
and several tracebacks that all look like this:
======================================================================
ERROR: setUpClass (tests.security.test_authn.TestAuthn)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/Users/charles/codes/dcplib/tests/security/test_authn.py", line 24, in setUpClass
audience=["https://data.humancellatlas.org/"])
File "/Users/charles/codes/dcplib/dcplib/security/dcp_service_account.py", line 40, in from_secrets_manager
credentials = json.loads(AwsSecret(secret_id).value)
File "/Users/charles/codes/dcplib/dcplib/aws_secret.py", line 27, in __init__
self._load()
File "/Users/charles/codes/dcplib/dcplib/aws_secret.py", line 80, in _load
raise e
File "/Users/charles/codes/dcplib/dcplib/aws_secret.py", line 71, in _load
response = self.secrets_mgr.describe_secret(SecretId=self.name)
File "/Users/charles/.pyenv/versions/miniconda3-4.3.30/lib/python3.6/site-packages/botocore/client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/Users/charles/.pyenv/versions/miniconda3-4.3.30/lib/python3.6/site-packages/botocore/client.py", line 661, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (UnrecognizedClientException) when calling the DescribeSecret operation: The security token included in the request is invalid.
======================================================================
ERROR: setUpClass (tests.security.test_authz.TestAuthn)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/Users/charles/codes/dcplib/tests/security/test_authz.py", line 26, in setUpClass
audience=["https://data.humancellatlas.org/"])
File "/Users/charles/codes/dcplib/dcplib/security/dcp_service_account.py", line 40, in from_secrets_manager
credentials = json.loads(AwsSecret(secret_id).value)
File "/Users/charles/codes/dcplib/dcplib/aws_secret.py", line 27, in __init__
self._load()
File "/Users/charles/codes/dcplib/dcplib/aws_secret.py", line 80, in _load
raise e
File "/Users/charles/codes/dcplib/dcplib/aws_secret.py", line 71, in _load
response = self.secrets_mgr.describe_secret(SecretId=self.name)
File "/Users/charles/.pyenv/versions/miniconda3-4.3.30/lib/python3.6/site-packages/botocore/client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/Users/charles/.pyenv/versions/miniconda3-4.3.30/lib/python3.6/site-packages/botocore/client.py", line 661, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (UnrecognizedClientException) when calling the DescribeSecret operation: The security token included in the request is invalid.
This may be an operator-specific problem, due to me not having sufficient permissions to access secrets - if so I'll approve to unblock the PR
Co-Authored-By: Charles Reid <53452777+chmreid@users.noreply.github.com>
|
@chmreid did you have aws_profile set? |
chmreid
approved these changes
Oct 9, 2019
|
No, I didn't have that environment variable set. I gave it a try again and it worked! I have a setup like the one described in the aws console page in the dcp ops wiki, to use |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This simplifies the process of adding fusillade authz to connexion applications endpoints.