Add: authentication URL to controller /version

13 files changed, 50 insertions, 5 deletions

diff --git a/ick2/controllerapi.py b/ick2/controllerapi.py
index f7c71f6..9785384 100644
--- a/ick2/controllerapi.py
+++ b/ick2/controllerapi.py
@@ -23,14 +23,24 @@ class ControllerAPI:
         self._apis = {}
 
     def set_artifact_store_url(self, url):  # pragma: no cover
-        self.find_missing_route('/version')
-        api = self._apis.get('/version')
+        self._set_url('set_artifact_store_url', url)
+
+    def set_auth_url(self, url):  # pragma: no cover
+        self._set_url('set_auth_url', url)
+
+    def _set_url(self, what, url):  # pragma: no cover
+        api = self._get_version_api()
         if api:
-            api.set_artifact_store_url(url)
+            method = getattr(api, what)
+            method(url)
             ick2.log.log(
-                'info', msg_text='Set artifact store url', url=url,
+                'info', msg_text='Set url', what=what, url=url,
                 version=api.get_version())
 
+    def _get_version_api(self):  # pragma: no cover
+        self.find_missing_route('/version')
+        return self._apis.get('/version')
+
     def find_missing_route(self, missing_path):  # pragma: no cover
         apis = {
             '/version': ick2.VersionAPI,
diff --git a/ick2/versionapi.py b/ick2/versionapi.py
index cc7e169..c688c1b 100644
--- a/ick2/versionapi.py
+++ b/ick2/versionapi.py
@@ -21,16 +21,21 @@ class VersionAPI(ick2.APIbase):
     def __init__(self, state):
         super().__init__(state)
         self._artifact_store_url = None
+        self._auth_url = None
 
     def set_artifact_store_url(self, url):
         self._artifact_store_url = url
 
+    def set_auth_url(self, url):
+        self._auth_url = url
+
     def get_routes(self, path):  # pragma: no cover
         return [
             {
                 'method': 'GET',
                 'path': path,
                 'callback': self.GET(self.get_version),
+                'needs-authorization': False,
             }
         ]
 
@@ -38,6 +43,7 @@ class VersionAPI(ick2.APIbase):
         return {
             'version': ick2.__version__,
             'artifact_store': self._artifact_store_url,
+            'auth_url': self._auth_url,
         }
 
     def create(self, body, **kwargs):  # pragma: no cover
diff --git a/ick2/versionapi_tests.py b/ick2/versionapi_tests.py
index b8d59d5..32f9808 100644
--- a/ick2/versionapi_tests.py
+++ b/ick2/versionapi_tests.py
@@ -23,13 +23,16 @@ class VersionAPITests(unittest.TestCase):
 
     def test_returns_version_correcly(self):
         bloburl = 'https://blobs.example.com'
+        idpurl = 'https://idp.example.com'
         api = ick2.VersionAPI(None)
         api.set_artifact_store_url(bloburl)
+        api.set_auth_url(idpurl)
         response = api.get_version()
         self.assertEqual(
             response,
             {
                 'version': ick2.__version__,
                 'artifact_store': bloburl,
+                'auth_url': idpurl,
             }
         )
diff --git a/ick_controller.py b/ick_controller.py
index edfebb4..66f3de1 100644
--- a/ick_controller.py
+++ b/ick_controller.py
@@ -47,6 +47,7 @@ default_config = {
     'log': [],
     'statedir': None,
     'artifact-store': None,
+    'auth-url': None,
 }
 
 
@@ -95,6 +96,7 @@ def main():
 
         api = ick2.ControllerAPI(state)
         api.set_artifact_store_url(config['artifact-store'])
+        api.set_auth_url(config['auth-url'])
         ick2.log.log(
             'info', msg_text='created ControllerAPI',
             artifact_store=config['artifact-store'])
diff --git a/run-debug b/run-debug
index 8af8844..3a4ae68 100755
--- a/run-debug
+++ b/run-debug
@@ -21,7 +21,7 @@ uapi_projects_get
 "
 
 ./generate-rsa-key t.key
-./create-token t.key issuer audience "$scopes" > t.token
+./create-token < t.key issuer audience "$scopes" > t.token
 cat <<EOF > t.yaml
 log:
 - filename: t.log
@@ -29,6 +29,8 @@ token-issuer: issuer
 token-audience: audience
 token-public-key: $(cat t.key.pub)
 statedir: t.state
+auth-url: http://auth.example.com
+artifact-store: http://blobs.example.com
 EOF
 
 ICK_CONTROLLER_CONFIG=t.yaml python3 ick_controller.py
diff --git a/yarns/100-projects.yarn b/yarns/100-projects.yarn
index b5a7f78..c5052f9 100644
--- a/yarns/100-projects.yarn
+++ b/yarns/100-projects.yarn
@@ -56,6 +56,7 @@ building them. We start by starting an instance of the controller.
     ... uapi_projects_id_delete
     AND controller config uses statedir at the state directory
     AND controller config uses https://blobs.example.com as artifact store
+    AND controller config uses https://auth.example.com as authentication
     AND a running ick controller
 
     WHEN user makes request GET /projects
diff --git a/yarns/150-pipelines.yarn b/yarns/150-pipelines.yarn
index 15c4b05..dd5cde2 100644
--- a/yarns/150-pipelines.yarn
+++ b/yarns/150-pipelines.yarn
@@ -64,6 +64,7 @@ running them. We start by starting an instance of the controller.
     ... uapi_pipelines_id_delete
     AND controller config uses statedir at the state directory
     AND controller config uses https://blobs.example.com as artifact store
+    AND controller config uses https://auth.example.com as authentication
     AND a running ick controller
 
     WHEN user makes request GET /pipelines
diff --git a/yarns/200-version.yarn b/yarns/200-version.yarn
index d281a19..8d8078d 100644
--- a/yarns/200-version.yarn
+++ b/yarns/200-version.yarn
@@ -27,12 +27,14 @@ The Ick controller reports is version upon request.
     ... uapi_version_get
     AND controller config uses statedir at the state directory
     AND controller config uses https://blobs.example.com as artifact store
+    AND controller config uses https://auth.example.com as authentication
     AND a running ick controller
 
     WHEN user makes request GET /version
     THEN result has status code 200
     AND version in body matches version from setup.py
     AND artifact store URL is https://blobs.example.com
+    AND authentication URL is https://auth.example.com
 
     FINALLY stop ick controller
 
diff --git a/yarns/300-workers.yarn b/yarns/300-workers.yarn
index 8b12f6f..4e975ea 100644
--- a/yarns/300-workers.yarn
+++ b/yarns/300-workers.yarn
@@ -61,6 +61,7 @@ controller API. It doesn't actually talk to the worker itself.
     ... uapi_workers_id_delete
     AND controller config uses statedir at the state directory
     AND controller config uses https://blobs.example.com as artifact store
+    AND controller config uses https://auth.example.com as authentication
     AND a running ick controller
 
     WHEN user makes request GET /workers
diff --git a/yarns/400-build.yarn b/yarns/400-build.yarn
index e2ba579..bd44122 100644
--- a/yarns/400-build.yarn
+++ b/yarns/400-build.yarn
@@ -28,6 +28,7 @@ Set up the controller.
     GIVEN an RSA key pair for token signing
     AND controller config uses statedir at the state directory
     AND controller config uses https://blobs.example.com as artifact store
+    AND controller config uses https://auth.example.com as authentication
     AND an access token for user with scopes
     ... uapi_pipelines_post
     ... uapi_projects_post
@@ -641,6 +642,7 @@ Set up the controller.
     GIVEN an RSA key pair for token signing
     AND controller config uses statedir at the state directory
     AND controller config uses https://blobs.example.com as artifact store
+    AND controller config uses https://auth.example.com as authentication
     AND an access token for user with scopes
     ... uapi_pipelines_post
     ... uapi_projects_post
@@ -798,6 +800,7 @@ Set up the controller.
     GIVEN an RSA key pair for token signing
     AND controller config uses statedir at the state directory
     AND controller config uses https://blobs.example.com as artifact store
+    AND controller config uses https://auth.example.com as authentication
     AND an access token for user with scopes
     ... uapi_pipelines_post
     ... uapi_projects_post
diff --git a/yarns/500-build-fail.yarn b/yarns/500-build-fail.yarn
index 84ec66d..dbe4e2c 100644
--- a/yarns/500-build-fail.yarn
+++ b/yarns/500-build-fail.yarn
@@ -29,6 +29,7 @@ Set up the controller.
     GIVEN an RSA key pair for token signing
     AND controller config uses statedir at the state directory
     AND controller config uses https://blobs.example.com as artifact store
+    AND controller config uses https://auth.example.com as authentication
     AND an access token for user with scopes
     ... uapi_pipelines_post
     ... uapi_projects_post
diff --git a/yarns/600-unauthz.yarn b/yarns/600-unauthz.yarn
index c57f815..14e0015 100644
--- a/yarns/600-unauthz.yarn
+++ b/yarns/600-unauthz.yarn
@@ -29,6 +29,7 @@ Set up the controller.
     GIVEN an RSA key pair for token signing
     AND controller config uses statedir at the state directory
     AND controller config uses https://blobs.example.com as artifact store
+    AND controller config uses https://auth.example.com as authentication
     AND an access token for user with scopes
     ... uapi_projects_post
     ... uapi_projects_id_pipelines_id_put
diff --git a/yarns/900-local.yarn b/yarns/900-local.yarn
index 4e9dbe1..9ec0dcb 100644
--- a/yarns/900-local.yarn
+++ b/yarns/900-local.yarn
@@ -49,6 +49,9 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     IMPLEMENTS GIVEN controller config uses (\S+) as artifact store
     vars['artifact_store'] = get_next_match()
 
+    IMPLEMENTS GIVEN controller config uses (\S+) as authentication
+    vars['auth_url'] = get_next_match()
+
 ## Start and stop the controller
 
     IMPLEMENTS GIVEN a running ick controller
@@ -57,6 +60,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     vars['gunicorn3.log'] = 'gunicorn3.log'
     vars['port'] = random_free_port()
     vars['url'] = 'http://127.0.0.1:{}'.format(vars['port'])
+    assert vars['auth_url'] is not None
     config = {
         'token-issuer': vars['issuer'],
         'token-audience': vars['audience'],
@@ -68,6 +72,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
         ],
         'statedir': vars['statedir'],
         'artifact-store': vars['artifact_store'],
+        'auth-url': vars['auth_url'],
     }
     env = dict(os.environ)
     env['ICK_CONTROLLER_CONFIG'] = 'ick_controller.yaml'
@@ -116,6 +121,13 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
     actual = obj['artifact_store']
     assertEqual(actual, expected)
 
+    IMPLEMENTS THEN authentication URL is (\S+)
+    expected = get_next_match()
+    body = vars['body']
+    obj = json.loads(body)
+    actual = obj['auth_url']
+    assertEqual(actual, expected)
+
 ## Start and stop artifact store
 
     IMPLEMENTS GIVEN artifact store config uses (\S+) at the blob directory