From 5aeef33219103eb5f39bfc0a79ed462f46a12420 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Fri, 6 Apr 2018 21:38:43 +0300 Subject: Add: authentication URL to controller /version --- ick2/controllerapi.py | 18 ++++++++++++++---- ick2/versionapi.py | 6 ++++++ ick2/versionapi_tests.py | 3 +++ ick_controller.py | 2 ++ run-debug | 4 +++- yarns/100-projects.yarn | 1 + yarns/150-pipelines.yarn | 1 + yarns/200-version.yarn | 2 ++ yarns/300-workers.yarn | 1 + yarns/400-build.yarn | 3 +++ yarns/500-build-fail.yarn | 1 + yarns/600-unauthz.yarn | 1 + yarns/900-local.yarn | 12 ++++++++++++ 13 files changed, 50 insertions(+), 5 deletions(-) diff --git a/ick2/controllerapi.py b/ick2/controllerapi.py index f7c71f6..9785384 100644 --- a/ick2/controllerapi.py +++ b/ick2/controllerapi.py @@ -23,14 +23,24 @@ class ControllerAPI: self._apis = {} def set_artifact_store_url(self, url): # pragma: no cover - self.find_missing_route('/version') - api = self._apis.get('/version') + self._set_url('set_artifact_store_url', url) + + def set_auth_url(self, url): # pragma: no cover + self._set_url('set_auth_url', url) + + def _set_url(self, what, url): # pragma: no cover + api = self._get_version_api() if api: - api.set_artifact_store_url(url) + method = getattr(api, what) + method(url) ick2.log.log( - 'info', msg_text='Set artifact store url', url=url, + 'info', msg_text='Set url', what=what, url=url, version=api.get_version()) + def _get_version_api(self): # pragma: no cover + self.find_missing_route('/version') + return self._apis.get('/version') + def find_missing_route(self, missing_path): # pragma: no cover apis = { '/version': ick2.VersionAPI, diff --git a/ick2/versionapi.py b/ick2/versionapi.py index cc7e169..c688c1b 100644 --- a/ick2/versionapi.py +++ b/ick2/versionapi.py @@ -21,16 +21,21 @@ class VersionAPI(ick2.APIbase): def __init__(self, state): super().__init__(state) self._artifact_store_url = None + self._auth_url = None def set_artifact_store_url(self, url): self._artifact_store_url = url + def set_auth_url(self, url): + self._auth_url = url + def get_routes(self, path): # pragma: no cover return [ { 'method': 'GET', 'path': path, 'callback': self.GET(self.get_version), + 'needs-authorization': False, } ] @@ -38,6 +43,7 @@ class VersionAPI(ick2.APIbase): return { 'version': ick2.__version__, 'artifact_store': self._artifact_store_url, + 'auth_url': self._auth_url, } def create(self, body, **kwargs): # pragma: no cover diff --git a/ick2/versionapi_tests.py b/ick2/versionapi_tests.py index b8d59d5..32f9808 100644 --- a/ick2/versionapi_tests.py +++ b/ick2/versionapi_tests.py @@ -23,13 +23,16 @@ class VersionAPITests(unittest.TestCase): def test_returns_version_correcly(self): bloburl = 'https://blobs.example.com' + idpurl = 'https://idp.example.com' api = ick2.VersionAPI(None) api.set_artifact_store_url(bloburl) + api.set_auth_url(idpurl) response = api.get_version() self.assertEqual( response, { 'version': ick2.__version__, 'artifact_store': bloburl, + 'auth_url': idpurl, } ) diff --git a/ick_controller.py b/ick_controller.py index edfebb4..66f3de1 100644 --- a/ick_controller.py +++ b/ick_controller.py @@ -47,6 +47,7 @@ default_config = { 'log': [], 'statedir': None, 'artifact-store': None, + 'auth-url': None, } @@ -95,6 +96,7 @@ def main(): api = ick2.ControllerAPI(state) api.set_artifact_store_url(config['artifact-store']) + api.set_auth_url(config['auth-url']) ick2.log.log( 'info', msg_text='created ControllerAPI', artifact_store=config['artifact-store']) diff --git a/run-debug b/run-debug index 8af8844..3a4ae68 100755 --- a/run-debug +++ b/run-debug @@ -21,7 +21,7 @@ uapi_projects_get " ./generate-rsa-key t.key -./create-token t.key issuer audience "$scopes" > t.token +./create-token < t.key issuer audience "$scopes" > t.token cat < t.yaml log: - filename: t.log @@ -29,6 +29,8 @@ token-issuer: issuer token-audience: audience token-public-key: $(cat t.key.pub) statedir: t.state +auth-url: http://auth.example.com +artifact-store: http://blobs.example.com EOF ICK_CONTROLLER_CONFIG=t.yaml python3 ick_controller.py diff --git a/yarns/100-projects.yarn b/yarns/100-projects.yarn index b5a7f78..c5052f9 100644 --- a/yarns/100-projects.yarn +++ b/yarns/100-projects.yarn @@ -56,6 +56,7 @@ building them. We start by starting an instance of the controller. ... uapi_projects_id_delete AND controller config uses statedir at the state directory AND controller config uses https://blobs.example.com as artifact store + AND controller config uses https://auth.example.com as authentication AND a running ick controller WHEN user makes request GET /projects diff --git a/yarns/150-pipelines.yarn b/yarns/150-pipelines.yarn index 15c4b05..dd5cde2 100644 --- a/yarns/150-pipelines.yarn +++ b/yarns/150-pipelines.yarn @@ -64,6 +64,7 @@ running them. We start by starting an instance of the controller. ... uapi_pipelines_id_delete AND controller config uses statedir at the state directory AND controller config uses https://blobs.example.com as artifact store + AND controller config uses https://auth.example.com as authentication AND a running ick controller WHEN user makes request GET /pipelines diff --git a/yarns/200-version.yarn b/yarns/200-version.yarn index d281a19..8d8078d 100644 --- a/yarns/200-version.yarn +++ b/yarns/200-version.yarn @@ -27,12 +27,14 @@ The Ick controller reports is version upon request. ... uapi_version_get AND controller config uses statedir at the state directory AND controller config uses https://blobs.example.com as artifact store + AND controller config uses https://auth.example.com as authentication AND a running ick controller WHEN user makes request GET /version THEN result has status code 200 AND version in body matches version from setup.py AND artifact store URL is https://blobs.example.com + AND authentication URL is https://auth.example.com FINALLY stop ick controller diff --git a/yarns/300-workers.yarn b/yarns/300-workers.yarn index 8b12f6f..4e975ea 100644 --- a/yarns/300-workers.yarn +++ b/yarns/300-workers.yarn @@ -61,6 +61,7 @@ controller API. It doesn't actually talk to the worker itself. ... uapi_workers_id_delete AND controller config uses statedir at the state directory AND controller config uses https://blobs.example.com as artifact store + AND controller config uses https://auth.example.com as authentication AND a running ick controller WHEN user makes request GET /workers diff --git a/yarns/400-build.yarn b/yarns/400-build.yarn index e2ba579..bd44122 100644 --- a/yarns/400-build.yarn +++ b/yarns/400-build.yarn @@ -28,6 +28,7 @@ Set up the controller. GIVEN an RSA key pair for token signing AND controller config uses statedir at the state directory AND controller config uses https://blobs.example.com as artifact store + AND controller config uses https://auth.example.com as authentication AND an access token for user with scopes ... uapi_pipelines_post ... uapi_projects_post @@ -641,6 +642,7 @@ Set up the controller. GIVEN an RSA key pair for token signing AND controller config uses statedir at the state directory AND controller config uses https://blobs.example.com as artifact store + AND controller config uses https://auth.example.com as authentication AND an access token for user with scopes ... uapi_pipelines_post ... uapi_projects_post @@ -798,6 +800,7 @@ Set up the controller. GIVEN an RSA key pair for token signing AND controller config uses statedir at the state directory AND controller config uses https://blobs.example.com as artifact store + AND controller config uses https://auth.example.com as authentication AND an access token for user with scopes ... uapi_pipelines_post ... uapi_projects_post diff --git a/yarns/500-build-fail.yarn b/yarns/500-build-fail.yarn index 84ec66d..dbe4e2c 100644 --- a/yarns/500-build-fail.yarn +++ b/yarns/500-build-fail.yarn @@ -29,6 +29,7 @@ Set up the controller. GIVEN an RSA key pair for token signing AND controller config uses statedir at the state directory AND controller config uses https://blobs.example.com as artifact store + AND controller config uses https://auth.example.com as authentication AND an access token for user with scopes ... uapi_pipelines_post ... uapi_projects_post diff --git a/yarns/600-unauthz.yarn b/yarns/600-unauthz.yarn index c57f815..14e0015 100644 --- a/yarns/600-unauthz.yarn +++ b/yarns/600-unauthz.yarn @@ -29,6 +29,7 @@ Set up the controller. GIVEN an RSA key pair for token signing AND controller config uses statedir at the state directory AND controller config uses https://blobs.example.com as artifact store + AND controller config uses https://auth.example.com as authentication AND an access token for user with scopes ... uapi_projects_post ... uapi_projects_id_pipelines_id_put diff --git a/yarns/900-local.yarn b/yarns/900-local.yarn index 4e9dbe1..9ec0dcb 100644 --- a/yarns/900-local.yarn +++ b/yarns/900-local.yarn @@ -49,6 +49,9 @@ along with this program. If not, see . IMPLEMENTS GIVEN controller config uses (\S+) as artifact store vars['artifact_store'] = get_next_match() + IMPLEMENTS GIVEN controller config uses (\S+) as authentication + vars['auth_url'] = get_next_match() + ## Start and stop the controller IMPLEMENTS GIVEN a running ick controller @@ -57,6 +60,7 @@ along with this program. If not, see . vars['gunicorn3.log'] = 'gunicorn3.log' vars['port'] = random_free_port() vars['url'] = 'http://127.0.0.1:{}'.format(vars['port']) + assert vars['auth_url'] is not None config = { 'token-issuer': vars['issuer'], 'token-audience': vars['audience'], @@ -68,6 +72,7 @@ along with this program. If not, see . ], 'statedir': vars['statedir'], 'artifact-store': vars['artifact_store'], + 'auth-url': vars['auth_url'], } env = dict(os.environ) env['ICK_CONTROLLER_CONFIG'] = 'ick_controller.yaml' @@ -116,6 +121,13 @@ along with this program. If not, see . actual = obj['artifact_store'] assertEqual(actual, expected) + IMPLEMENTS THEN authentication URL is (\S+) + expected = get_next_match() + body = vars['body'] + obj = json.loads(body) + actual = obj['auth_url'] + assertEqual(actual, expected) + ## Start and stop artifact store IMPLEMENTS GIVEN artifact store config uses (\S+) at the blob directory -- cgit v1.2.1