Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

core: add missing prefix property to auth backend #165

Merged
merged 3 commits into from
Oct 19, 2024

Conversation

tarilabs
Copy link
Contributor

ref oras-project#164 (comment)

Signed-off-by: tarilabs <matteo.mortari@gmail.com>
@@ -14,10 +14,11 @@ class AuthenticationException(Exception):
pass


def get_auth_backend(name="token", session=None, **kwargs):
def get_auth_backend(name="token", session=None, prefix="https", **kwargs):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tarilabs this won't always be https - specifically in testing. I think we'd want to inherit this from the parent that created it, and use the same convention there with insecure as a boolean to determine the prefix (and not hard code http or https). Let me know your thoughts.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this line is specifically about the default isn't it,
and is mainly never used because here:

https://github.com/oras-project/oras-py/pull/165/files#diff-ccb407ceff93417721d33c41bf1975c04c98454fd2a36518a7b8572808db03a4R81

is set explicitly.

am I missing something? 🤔

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes I think you want to set it based on the insecure parameter:

 self.prefix: str = "http" if insecure else "https"

Which is in the init of the provider.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mmm, I've actually mimic-ed on existing code and did that in line 23 of this file.

making the line you quote:

https://github.com/oras-project/oras-py/pull/165/files#diff-fcbd6629a667f0deb29e01bccd3fa21f8790961f48092d8cee24ad00986706a9R22

another (unused) default.

I'm happy to refactor this code differently if that helps, I was just trying to go with the existing "code convention"? :)

Copy link
Contributor Author

@tarilabs tarilabs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hope the comment in https://github.com/oras-project/oras-py/pull/165/files#r1805164912 answer the last question, but if that helps, here is the run-down of how keeping the same existing code-style as present today on main, the prefix is set for the auth backed--see below steps with my reasoning out loud, and happy to be corrected!

If you want me to refactor differently, kindly let me know in which way differing from current style; thanks!

oras/provider.py Outdated
@@ -78,7 +78,7 @@ def __init__(
self.session.cookies.set_policy(DefaultCookiePolicy(allowed_domains=[]))

# Get custom backend, pass on session to share
self.auth = oras.auth.get_auth_backend(auth_backend, self.session)
self.auth = oras.auth.get_auth_backend(auth_backend, self.session, self.prefix)
Copy link
Contributor Author

@tarilabs tarilabs Oct 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

step 1.

the prefix of provider is set a few lines above:

self.prefix: str = "http" if insecure else "https"

and is "pass forward" as suggested to the call of oras.auth.get_auth_backend()

@@ -14,10 +14,11 @@ class AuthenticationException(Exception):
pass


def get_auth_backend(name="token", session=None, **kwargs):
def get_auth_backend(name="token", session=None, prefix="https", **kwargs):
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

step 2.

unless otherwise specified, this function get_auth_backend() parameter prefix defaults to https; but for all usages in oras code, is set from provider's prefix, as we seen in step1.

backend = auth_backends.get(name)
if not backend:
raise ValueError(f"Authentication backend {backend} is not known.")
backend = backend(**kwargs)
backend.session = session or requests.Session()
backend.prefix = prefix
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

step 3.
the determined backend (either token or basic) get .prefix property set to the value received in step 2

this maintains code-style for .session another property set on determined backend.

@@ -19,6 +19,7 @@ class AuthBackend:

def __init__(self, *args, **kwargs):
self._auths: dict = {}
self.prefix: str = "https"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

step 4.

the base AuthBackend by default would have a property prefix valorized to https, but as we just seen in step 3, this is set to the actual prefix value.

@vsoch
Copy link
Contributor

vsoch commented Oct 19, 2024

@tarilabs I understand your logic - the question is if a user is ever going to call get_auth_backend outside of the provider. In that case, they could do something like:

get_auth_backend(name="token", session=None, prefix="bananas")

In which case my preference is to better control that, and (although there is redundancy in setting the prefix) you can better control that with:

get_auth_backend(name="token", session=None, insecure=False):
    ...
    self.prefix = "http" if insecure else "https"

My preference is to generally not have open string arguments like that, but instead booleans that control them.

@tarilabs
Copy link
Contributor Author

thank you for taking the time to explain to me this "gap" @vsoch ; I believe I got it now; let me refactor it 👍

Signed-off-by: tarilabs <matteo.mortari@gmail.com>
Signed-off-by: tarilabs <matteo.mortari@gmail.com>
@tarilabs
Copy link
Contributor Author

Refactored and maintained version update and changelog, so to make a release to support conversations in #164

@tarilabs tarilabs requested a review from vsoch October 19, 2024 14:35
Copy link
Contributor

@vsoch vsoch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good! Thanks @tarilabs!

@vsoch vsoch merged commit 6df6127 into oras-project:main Oct 19, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants