def get_openidc_auth():
"""
use ODCS for creating composes as URL parameter
It enables this feature in case MTF_ODCS envvar is set
MTF_ODCS=yes -- use openidc and token for your user
MTF_ODCS=OIDC_token_string -- use this token for authentication
:envvar MTF_ODCS: yes or token
:return:
"""
odcstoken = get_odcs_envvar()
# in case you dont have token enabled, try to ask for openidc via web browser
if is_true(odcstoken):
if conf.get("openidc").get("token"):
# use value defined in config file if defined
return conf["openidc"]["token"]
# to not have hard dependency on openidc (use just when using ODCS without defined token)
import openidc_client
# Get the auth token using the OpenID client.
oidc = openidc_client.OpenIDCClient(*conf["openidc"]["auth"])
scopes = conf["openidc"]["scopes"]
try:
odcstoken = oidc.get_token(scopes, new_token=True)
except requests.exceptions.HTTPError as e:
core.print_info(e.response.text)
raise mtfexceptions.ModuleFrameworkException(
"Unable to get token via OpenIDC for your user")
if odcstoken and len(odcstoken) < 10:
raise mtfexceptions.ModuleFrameworkException(
"Unable to parse token for ODCS, token is too short: %s" %
odcstoken)
return odcstoken
def setUp(self):
self.cachedir = tempfile.mkdtemp('oidcclient')
openidcclient.webbrowser = MagicMock()
self.client = openidcclient.OpenIDCClient(
'myapp',
id_provider=IDP_URL,
id_provider_mapping={'Token': 'Token',
'Authorization': 'Authorization'},
client_id='testclient',
client_secret='notsecret',
cachedir=self.cachedir)
def get_odcs_auth():
"""
use ODCS for creating composes as URL parameter
It enables this feature in case MTF_ODCS envvar is set
MTF_ODCS=yes -- use openidc and token for your user
MTF_ODCS=OIDC_token_string -- use this token for authentication
:envvar MTF_ODCS: yes or token
:return:
"""
odcstoken = os.environ.get('MTF_ODCS')
# in case you dont have token enabled, try to ask for openidc via web browser
if odcstoken in TRUE_VALUES_DICT:
# to not have hard dependency on openidc (use just when using ODCS without defined token)
import openidc_client
id_provider = 'https://id.fedoraproject.org/openidc/'
# Get the auth token using the OpenID client.
oidc = openidc_client.OpenIDCClient(
'odcs',
id_provider,
{
'Token': 'Token',
'Authorization': 'Authorization'
},
'odcs-authorizer',
'notsecret',
)
scopes = [
'openid',
'https://id.fedoraproject.org/scope/groups',
'https://pagure.io/odcs/new-compose',
'https://pagure.io/odcs/renew-compose',
'https://pagure.io/odcs/delete-compose',
]
try:
odcstoken = oidc.get_token(scopes, new_token=True)
except requests.exceptions.HTTPError as e:
print_info(e.response.text)
raise ModuleFrameworkException(
"Unable to get token via OpenIDC for your user")
if odcstoken and len(odcstoken) < 10:
raise ModuleFrameworkException(
"Unable to parse token for ODCS, token is too short: %s" %
odcstoken)
return odcstoken
def cli(comment, waived, product_version, testcase, subject, result_id,
config_file):
"""
Creates new waiver against test results.
Examples:
waiverdb-cli -r 123 -r 456 -p "fedora-26" -c "It's dead!"
or
waiverdb-cli -t dist.rpmlint -s '{"item": "python-requests-1.2.3-1.fc26",
"type": "koji_build"}'
-p "fedora-26" -c "It's dead!"
"""
config = configparser.SafeConfigParser()
config.read(config_file)
validate_config(config)
result_ids = result_id
if not product_version:
raise click.ClickException('Please specify product version')
if result_ids and (subject or testcase):
raise click.ClickException(
'Please specify result_id or subject/testcase. Not both')
if not result_ids and not subject:
raise click.ClickException('Please specify one subject')
if not result_ids and not testcase:
raise click.ClickException('Please specify testcase')
auth_method = config.get('waiverdb', 'auth_method')
data_list = []
if not result_ids:
data_list.append({
'subject': json.loads(subject),
'testcase': testcase,
'waived': waived,
'product_version': product_version,
'comment': comment
})
# XXX - TODO - remove this in a future release. (for backwards compat)
for result_id in result_ids:
data_list.append({
'result_id': result_id,
'waived': waived,
'product_version': product_version,
'comment': comment
})
api_url = config.get('waiverdb', 'api_url')
if auth_method == 'OIDC':
# Try to import this now so the user gets immediate feedback if
# it isn't installed
try:
import openidc_client # noqa: F401
except ImportError:
raise click.ClickException(
'python-openidc-client needs to be installed')
# Get the auth token using the OpenID client.
oidc_client_secret = None
if config.has_option('waiverdb', 'oidc_client_secret'):
oidc_client_secret = config.get('waiverdb', 'oidc_client_secret')
oidc = openidc_client.OpenIDCClient(
'waiverdb', config.get('waiverdb', 'oidc_id_provider'), {
'Token': 'Token',
'Authorization': 'Authorization'
}, config.get('waiverdb', 'oidc_client_id'), oidc_client_secret)
scopes = config.get('waiverdb', 'oidc_scopes').strip().splitlines()
for data in data_list:
resp = oidc.send_request(
scopes=scopes,
url='{0}/waivers/'.format(api_url.rstrip('/')),
data=json.dumps(data),
headers={'Content-Type': 'application/json'},
timeout=60)
check_response(resp, data, data.get('result_id', None))
elif auth_method == 'Kerberos':
# Try to import this now so the user gets immediate feedback if
# it isn't installed
try:
import requests_gssapi # noqa: F401
except ImportError:
raise click.ClickException(
'python-requests-gssapi needs to be installed')
auth = requests_gssapi.HTTPKerberosAuth(
mutual_authentication=requests_gssapi.OPTIONAL)
for data in data_list:
resp = requests.request(
'POST',
'{0}/waivers/'.format(api_url.rstrip('/')),
data=json.dumps(data),
auth=auth,
headers={'Content-Type': 'application/json'},
timeout=60)
if resp.status_code == 401:
raise click.ClickException(
'WaiverDB authentication using GSSAPI failed. '
'Make sure you have a valid Kerberos ticket.')
check_response(resp, data, data.get('result_id', None))
elif auth_method == 'dummy':
for data in data_list:
resp = requests.request(
'POST',
'{0}/waivers/'.format(api_url.rstrip('/')),
data=json.dumps(data),
auth=('user', 'pass'),
headers={'Content-Type': 'application/json'},
timeout=60)
check_response(resp, data, data.get('result_id', None))