Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat/arborist2 #298

Merged
merged 16 commits into from
Sep 11, 2019
Merged

Feat/arborist2 #298

merged 16 commits into from
Sep 11, 2019

Conversation

paulineribeyre
Copy link
Contributor

@paulineribeyre paulineribeyre commented Sep 3, 2019
edited
Loading

  • Use Arborist + gen3authz for auth requests
  • Deprecate sheepdog's "admin" role which was used on the delete endoint: having the "delete" permission in arborist is enough
  • Make all "file_operations" endpoints require admin access
  • Unit tests:
    • Mock calls to gen3authz in unit tests
    • Remove project_access from the test user tokens
    • Remove the member fixture (only keep submitter and admin) since authorization doesn't depend on project access in the token anymore

TODO:

  • use gen3authz package when it's on pypi
  • automatically create program/project resources in arborist

TODO later:

  • Deprecate the "admin" field of the token and replace it by arborist logic (PXP-4102)
  • If/when gen3authz supports the authz provider parameter, use it in sheepdog so that resources persist

Closes #297

New Features

  • Program and project creation automatically creates resources in arborist

Breaking Changes

  • Use Arborist + gen3authz for auth requests

Dependency updates

  • Add gen3authz dependency for auth requests

Deployment changes

  • Optional configuration variable ARBORIST (arborist base URL)
  • Requires Arborist to be deployed

@PlanXCyborg

This comment has been minimized.

Sign in to view
@PlanXCyborg

This comment has been minimized.

Sign in to view
@PlanXCyborg

This comment has been minimized.

Sign in to view
@PlanXCyborg

This comment has been minimized.

Sign in to view
@PlanXCyborg

This comment has been minimized.

Sign in to view
@PlanXCyborg

This comment has been minimized.

Sign in to view
@PlanXCyborg

This comment has been minimized.

Sign in to view
@paulineribeyre
Copy link
Contributor Author

Note: sheepdog used to check if the user had either "admin" or "delete" to allow deletion. With this update, users who have "admin" but not "delete" can't delete

vpsx
vpsx reviewed Sep 6, 2019
View reviewed changes
requirements.txt Outdated Show resolved Hide resolved
vpsx
vpsx reviewed Sep 6, 2019
View reviewed changes
tests/conftest.py Outdated
return response

mocked_get = MagicMock(side_effect=make_mock_response())
patch_get = patch("gen3authz.client.arborist.client.ArboristClient.auth_request", mocked_get)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code is not actually mocking GET in general, but rather the auth_request method in specific, so the names mocked_get and patch_get seem a little misleading. Since this fixture is explicitly intended for mocking auth_request only (per the docstring), and since the HTTP method being used doesn't actually affect the mocked response coming out of make_mock_response, these could be renamed to be auth_request specific?

tests/conftest.py Outdated
raise AuthZError('Mocked Arborist says no')
mocked_response = MagicMock(requests.Response)
mocked_response.status_code = 200
return mocked_response
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this can be unrolled? (response and make_mock_response)
Can just use response instead of make_mock_response() below since the mock only depends on authorized

vpsx
vpsx approved these changes Sep 10, 2019
View reviewed changes
Copy link
Contributor

@vpsx vpsx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

tests/utils.py
@@ -119,6 +118,6 @@ def generate_signed_access_token(

# Browser may clip cookies larger than 4096 bytes
if len(token) > 4096:
raise JWTSizeError("JWT exceeded 4096 bytes")
raise Exception("JWT exceeded 4096 bytes")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curious but why? 😅

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"JWTSizeError" is only defined in fence, i think that's a leftover from when you removed the fence dependency from the tests

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oooo, derp thanks!

sheepdog/auth/__init__.py Outdated Show resolved Hide resolved
tests/integration/datadict/submission/test_admin_endpoints.py
@@ -62,7 +62,7 @@ def test_to_delete(
submitter,
require_index_exists_off,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wait, how come this doesn't need to mock_arborist_requests()?

Also: I think, if you want, you can avoid this code duplication by keeping the parametrization but adding another parametrized argument, bool mock_arborist or something, and then mocking arborist in the test based on that value. But probably I'm just missing something here...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the arborist_authorized fixture is in autouse so by default, mocked arborist requests return True

tests/conftest.py
to False, it raises a 401 error.
"""

def do_patch(authorized=True):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yay thanks!! 😍

@PlanXCyborg

This comment has been minimized.

Sign in to view
@paulineribeyre paulineribeyre merged commit 3b0346f into master Sep 11, 2019
@paulineribeyre paulineribeyre deleted the feat/arborist2 branch September 11, 2019 20:04
@paulineribeyre paulineribeyre mentioned this pull request Oct 10, 2019
Merged
This was referenced Jan 27, 2020
Merged
Merged
This was referenced Feb 10, 2020
Merged
Merged
Merged
Closed
Merged
Closed
This was referenced Feb 17, 2020
Closed
Closed
This was referenced Mar 17, 2020
Merged
Merged
Merged
Merged
Closed
Closed
This was referenced Mar 31, 2020
Merged
Closed
Merged
@PlanXCyborg PlanXCyborg mentioned this pull request Apr 16, 2020
Closed
This was referenced May 11, 2020
Closed
Merged
@PlanXCyborg PlanXCyborg mentioned this pull request Oct 21, 2022
Closed
This was referenced Dec 18, 2023
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vpsx vpsx vpsx approved these changes

@Avantol13 Avantol13 Avantol13 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@paulineribeyre @PlanXCyborg @Avantol13 @vpsx