def configure(self, config: Config):
if config.configured_section("google"):
self.client_id = config.google_client_id
self.client_secret = config.google_client_secret
self.is_enabled = True
if config.configured_section("users"):
self.collect_emails = config.users_collect_emails
else:
self.is_enabled = False
# call the configure of base class to set default_channel and default role
super().configure(config)
def get_tasks_worker(
background_tasks: BackgroundTasks,
dao: Dao = Depends(get_dao),
auth: authorization.Rules = Depends(get_rules),
session: requests.Session = Depends(get_remote_session),
config: Config = Depends(get_config),
) -> Task:
if config.configured_section("worker"):
worker = config.worker_type
else:
worker = "thread"
if worker == "thread":
worker = ThreadingWorker(background_tasks, dao, auth, session, config)
elif worker == "subprocess":
worker = SubprocessWorker(auth.API_key, auth.session, config)
elif worker == "redis":
if rq_available:
worker = RQManager(
config.worker_redis_ip,
config.worker_redis_port,
config.worker_redis_db,
auth.API_key,
auth.session,
config,
)
else:
raise ValueError("redis and rq not installed on machine")
else:
raise ValueError("wrong configuration in worker.type")
return Task(auth, worker)
def test_config_with_path(config_dir, config_base):
one_path = os.path.join(config_dir, "one_config.toml")
other_path = os.path.join(config_dir, "other_config.toml")
with open(one_path, 'w') as fid:
fid.write("\n".join([config_base, "[users]\nadmins=['one']"]))
with open(other_path, 'w') as fid:
fid.write("\n".join([config_base, "[users]\nadmins=['other']"]))
Config._instances = {}
c_one = Config(one_path)
assert c_one.configured_section("users")
assert c_one.users_admins == ["one"]
c_other = Config(other_path)
assert c_other.configured_section("users")
assert c_other.users_admins == ["other"]
c_new = Config(one_path)
assert c_new is c_one
def _init_db(db: Session, config: Config):
"""Initialize the database and add users from config."""
if config.configured_section("users"):
dao = Dao(db)
role_map = [
(config.users_admins, "owner"),
(config.users_maintainers, "maintainer"),
(config.users_members, "member"),
]
for users, role in role_map:
for username in users:
logger.info(f"create user {username} with role {role}")
dao.create_user_with_role(username, role)
def test_config_without_file_path_set(config_str):
# the env variable should not be defined for this test to work
assert not os.environ.get("QUETZ_CONFIG_FILE")
# we need to check whether Config was not initialised before
assert not Config._instances
with pytest.raises(ValueError, match="Environment"):
Config()
# check if it works with path even if QUETZ_CONFIG_FILE is
# not defined
with tempfile.NamedTemporaryFile("w", delete=False) as fid:
fid.write(config_str)
fid.flush()
config = Config(fid.name)
assert config.configured_section("users")
def configure(self, config: Config):
config_options = self._make_config()
config.register(config_options)
if config.configured_section("pamauthenticator"):
self.provider = config.pamauthenticator_provider
self.service = config.pamauthenticator_service
self.encoding = config.pamauthenticator_encoding
self.check_account = config.pamauthenticator_check_account
self.admin_groups = config.pamauthenticator_admin_groups
self.maintainer_groups = config.pamauthenticator_maintainer_groups
self.member_groups = config.pamauthenticator_member_groups
self.is_enabled = True
else:
self.is_enabled = False
super().configure(config)
def get_tasks_worker(
background_tasks: BackgroundTasks,
dao: Dao = Depends(get_dao),
auth: authorization.Rules = Depends(get_rules),
session: requests.Session = Depends(get_remote_session),
config: Config = Depends(get_config),
) -> Task:
if config.configured_section("worker"):
worker = config.worker_type
else:
worker = "thread"
if worker == "thread":
worker = ThreadingWorker(background_tasks, dao, auth, session, config)
else:
raise ValueError("wrong configuration in worker.type")
return Task(auth, worker)
def configure(self, config: Config):
config.register([
ConfigSection(
"dictauthenticator",
[
ConfigEntry("users", list, default=list),
],
)
])
if config.configured_section("dictauthenticator"):
self.passwords = dict(
user_pass.split(":")
for user_pass in config.dictauthenticator_users)
self.is_enabled = True
else:
self.passwords = {}
# call the config of base class to configure default roles and
# channels
super().configure(config)
def _set_user_roles(db: Session, config: Config):
"""Initialize the database and add users from config."""
if config.configured_section("users"):
role_map = [
(config.users_admins, "owner"),
(config.users_maintainers, "maintainer"),
(config.users_members, "member"),
]
default_role = config.users_default_role
for users, role in role_map:
for username in users:
try:
provider, username = username.split(":")
except ValueError:
# use github as default provider
raise ValueError(
"could not parse the users setting, please provide users in"
"the format 'PROVIDER:USERNAME' where PROVIDER is one of"
"'google', 'github', 'dummy', etc.")
logger.info(f"create user {username} with role {role}")
user = (db.query(User).join(Identity).filter(
Identity.provider == provider).filter(
User.username == username).one_or_none())
if not user:
logger.warning(f"could not find user '{username}' "
f"with identity from provider '{provider}'")
elif user.role is not None and user.role != default_role:
logger.warning(
f"user has already role {user.role} not assigning a new role"
)
else:
user.role = role
db.commit()
config = Config()
configure_logger(config)
logger = logging.getLogger("quetz")
app.add_middleware(
SessionMiddleware,
secret_key=config.session_secret,
https_only=config.session_https_only,
)
metrics.init(app)
if config.configured_section("cors"):
logger.info("Configuring CORS with ")
logger.info(f"allow_origins = {config.cors_allow_origins}")
logger.info(f"allow_credentials = {config.cors_allow_credentials}")
logger.info(f"allow_methods = {config.cors_allow_methods}")
logger.info(f"allow_headers = {config.cors_allow_headers}")
app.add_middleware(
CORSMiddleware,
allow_origins=config.cors_allow_origins,
allow_credentials=config.cors_allow_credentials,
allow_methods=config.cors_allow_methods,
allow_headers=config.cors_allow_headers,
)
# global variables for batching download counts
config = Config()
auth_github.register(config)
app.add_middleware(
SessionMiddleware,
secret_key=config.session_secret,
https_only=config.session_https_only,
)
api_router = APIRouter()
pkgstore = config.get_package_store()
app.include_router(auth_github.router)
if config.configured_section('google'):
auth_google.register(config)
app.include_router(auth_google.router)
# Dependency injection
def get_db():
db = get_db_session(config.sqlalchemy_database_url)
try:
yield db
finally:
db.close()
def get_dao(db: Session = Depends(get_db)):
def register(cls, config: Config):
cls.config = config
config_options = cls._make_config()
config.register(config_options)
return config.configured_section(cls.config_section)
pm = get_plugin_manager()
app.add_middleware(CondaTokenMiddleware)
api_router = APIRouter()
plugin_routers = pm.hook.register_router()
pkgstore = config.get_package_store()
app.include_router(auth_github.router)
for router in plugin_routers:
app.include_router(router)
if config.configured_section("google"):
auth_google.register(config)
app.include_router(auth_google.router)
class ChannelChecker:
def __init__(
self,
allow_proxy: bool = False,
allow_mirror: bool = False,
allow_local: bool = True,
):
self.allow_proxy = allow_proxy
self.allow_mirror = allow_mirror
self.allow_local = allow_local
from .condainfo import CondaInfo
app = FastAPI()
if "QUETZ_IS_TEST" in os.environ:
from quetz.tests import conftest
config = conftest.get_test_config()
app.add_middleware(
SessionMiddleware,
secret_key=config.session_secret,
https_only=config.session_https_only,
)
else:
config = Config()
if config.configured_section('github'):
auth_github.register(config)
app.add_middleware(
SessionMiddleware,
secret_key=config.session_secret,
https_only=config.session_https_only,
)
pkgstore = config.get_package_store()
app.include_router(auth_github.router)
if config.configured_section('google'):
auth_google.register(config)
app.include_router(auth_google.router)
