def get_openidc_auth(): """ use ODCS for creating composes as URL parameter It enables this feature in case MTF_ODCS envvar is set MTF_ODCS=yes -- use openidc and token for your user MTF_ODCS=OIDC_token_string -- use this token for authentication :envvar MTF_ODCS: yes or token :return: """ odcstoken = get_odcs_envvar() # in case you dont have token enabled, try to ask for openidc via web browser if is_true(odcstoken): if conf.get("openidc").get("token"): # use value defined in config file if defined return conf["openidc"]["token"] # to not have hard dependency on openidc (use just when using ODCS without defined token) import openidc_client # Get the auth token using the OpenID client. oidc = openidc_client.OpenIDCClient(*conf["openidc"]["auth"]) scopes = conf["openidc"]["scopes"] try: odcstoken = oidc.get_token(scopes, new_token=True) except requests.exceptions.HTTPError as e: core.print_info(e.response.text) raise mtfexceptions.ModuleFrameworkException( "Unable to get token via OpenIDC for your user") if odcstoken and len(odcstoken) < 10: raise mtfexceptions.ModuleFrameworkException( "Unable to parse token for ODCS, token is too short: %s" % odcstoken) return odcstoken
def setUp(self): self.cachedir = tempfile.mkdtemp('oidcclient') openidcclient.webbrowser = MagicMock() self.client = openidcclient.OpenIDCClient( 'myapp', id_provider=IDP_URL, id_provider_mapping={'Token': 'Token', 'Authorization': 'Authorization'}, client_id='testclient', client_secret='notsecret', cachedir=self.cachedir)
def get_odcs_auth(): """ use ODCS for creating composes as URL parameter It enables this feature in case MTF_ODCS envvar is set MTF_ODCS=yes -- use openidc and token for your user MTF_ODCS=OIDC_token_string -- use this token for authentication :envvar MTF_ODCS: yes or token :return: """ odcstoken = os.environ.get('MTF_ODCS') # in case you dont have token enabled, try to ask for openidc via web browser if odcstoken in TRUE_VALUES_DICT: # to not have hard dependency on openidc (use just when using ODCS without defined token) import openidc_client id_provider = 'https://id.fedoraproject.org/openidc/' # Get the auth token using the OpenID client. oidc = openidc_client.OpenIDCClient( 'odcs', id_provider, { 'Token': 'Token', 'Authorization': 'Authorization' }, 'odcs-authorizer', 'notsecret', ) scopes = [ 'openid', 'https://id.fedoraproject.org/scope/groups', 'https://pagure.io/odcs/new-compose', 'https://pagure.io/odcs/renew-compose', 'https://pagure.io/odcs/delete-compose', ] try: odcstoken = oidc.get_token(scopes, new_token=True) except requests.exceptions.HTTPError as e: print_info(e.response.text) raise ModuleFrameworkException( "Unable to get token via OpenIDC for your user") if odcstoken and len(odcstoken) < 10: raise ModuleFrameworkException( "Unable to parse token for ODCS, token is too short: %s" % odcstoken) return odcstoken
def cli(comment, waived, product_version, testcase, subject, result_id, config_file): """ Creates new waiver against test results. Examples: waiverdb-cli -r 123 -r 456 -p "fedora-26" -c "It's dead!" or waiverdb-cli -t dist.rpmlint -s '{"item": "python-requests-1.2.3-1.fc26", "type": "koji_build"}' -p "fedora-26" -c "It's dead!" """ config = configparser.SafeConfigParser() config.read(config_file) validate_config(config) result_ids = result_id if not product_version: raise click.ClickException('Please specify product version') if result_ids and (subject or testcase): raise click.ClickException( 'Please specify result_id or subject/testcase. Not both') if not result_ids and not subject: raise click.ClickException('Please specify one subject') if not result_ids and not testcase: raise click.ClickException('Please specify testcase') auth_method = config.get('waiverdb', 'auth_method') data_list = [] if not result_ids: data_list.append({ 'subject': json.loads(subject), 'testcase': testcase, 'waived': waived, 'product_version': product_version, 'comment': comment }) # XXX - TODO - remove this in a future release. (for backwards compat) for result_id in result_ids: data_list.append({ 'result_id': result_id, 'waived': waived, 'product_version': product_version, 'comment': comment }) api_url = config.get('waiverdb', 'api_url') if auth_method == 'OIDC': # Try to import this now so the user gets immediate feedback if # it isn't installed try: import openidc_client # noqa: F401 except ImportError: raise click.ClickException( 'python-openidc-client needs to be installed') # Get the auth token using the OpenID client. oidc_client_secret = None if config.has_option('waiverdb', 'oidc_client_secret'): oidc_client_secret = config.get('waiverdb', 'oidc_client_secret') oidc = openidc_client.OpenIDCClient( 'waiverdb', config.get('waiverdb', 'oidc_id_provider'), { 'Token': 'Token', 'Authorization': 'Authorization' }, config.get('waiverdb', 'oidc_client_id'), oidc_client_secret) scopes = config.get('waiverdb', 'oidc_scopes').strip().splitlines() for data in data_list: resp = oidc.send_request( scopes=scopes, url='{0}/waivers/'.format(api_url.rstrip('/')), data=json.dumps(data), headers={'Content-Type': 'application/json'}, timeout=60) check_response(resp, data, data.get('result_id', None)) elif auth_method == 'Kerberos': # Try to import this now so the user gets immediate feedback if # it isn't installed try: import requests_gssapi # noqa: F401 except ImportError: raise click.ClickException( 'python-requests-gssapi needs to be installed') auth = requests_gssapi.HTTPKerberosAuth( mutual_authentication=requests_gssapi.OPTIONAL) for data in data_list: resp = requests.request( 'POST', '{0}/waivers/'.format(api_url.rstrip('/')), data=json.dumps(data), auth=auth, headers={'Content-Type': 'application/json'}, timeout=60) if resp.status_code == 401: raise click.ClickException( 'WaiverDB authentication using GSSAPI failed. ' 'Make sure you have a valid Kerberos ticket.') check_response(resp, data, data.get('result_id', None)) elif auth_method == 'dummy': for data in data_list: resp = requests.request( 'POST', '{0}/waivers/'.format(api_url.rstrip('/')), data=json.dumps(data), auth=('user', 'pass'), headers={'Content-Type': 'application/json'}, timeout=60) check_response(resp, data, data.get('result_id', None))