Merge pull request #57 from chicagopcdc/pcdc_dev

Pcdc dev

Author: grugna

.github/workflows/ci.yaml

@@ -9,7 +9,6 @@ concurrency:
   group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
   cancel-in-progress: true
 
-
 jobs:
   Security:
     name: Security Pipeline
@@ -18,7 +17,15 @@ jobs:
        python-poetry: 'false'
     secrets: inherit
 
-  ci:
+  UnitTest:
+    name: Python Unit Test with Postgres
+    uses: uc-cdis/.github/.github/workflows/python_unit_test.yaml@master
+    with:
+       setup-script: 'tests/ci_setup.sh'
+       test-script: 'tests/ci_commands_script.sh'
+       python-version: '3.9'
+
+  ImageBuildAndPush:
     name: Build Image and Push
     uses: uc-cdis/.github/.github/workflows/image_build_push.yaml@master
     secrets:

.github/workflows/wool.yaml

@@ -0,0 +1,15 @@
+on:
+  pull_request
+
+name: Wool
+
+jobs:
+  runWool:
+    name: Run black
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@master
+
+    - uses: uc-cdis/wool@master
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.secrets.baseline

@@ -109,7 +109,7 @@
         "filename": "bin/settings.py",
         "hashed_secret": "347cd9c53ff77d41a7b22aa56c7b4efaf54658e3",
         "is_verified": false,
-        "line_number": 44
+        "line_number": 43
       }
     ],
     "docs/local_dev_environment.md": [
@@ -327,5 +327,5 @@
       }
     ]
   },
-  "generated_at": "2023-05-10T15:28:32Z"
+  "generated_at": "2023-10-06T21:59:13Z"
 }

.travis.yml

@@ -11,9 +11,7 @@
 #   "db_database": "",
 #   "gdcapi_secret_key": "",
 #   "indexd_password": "",
-#   "hostname": "",
-#   "oauth2_client_id": "",
-#   "oauth2_client_secret": ""
+#   "hostname": ""
 # }
 # - Build the image: `docker build . -t sheepdog -f Dockerfile`
 # - Run: `docker run -v /full/path/to/creds.json:/var/www/sheepdog/creds.json -p 81:80 sheepdog`

Dockerfile

@@ -56,3 +56,52 @@ see the README in that folder for more details.
 
 ## Submitter ID
 Sheepdog requires the `submitter_id` to be unique per node per project. It means that, the `submitter_id` of all `case` nodes must be unique per project. This constraint was technically enforced by the unique index of `(project_id, submitter_id)` in every node table.
+
+## Local Test Run Using CI Scripts
+
+If you want to locally replicate what GH Actions is doing more closely, follow
+these steps. 
+
+Ensure you've run `poetry install`. 
+
+Ensure you have Postgresql 13 set up and running.
+
+Ensure there is a postgres user `postgres` *and* `test` setup with password `test`:
+
+```
+CREATE USER postgres WITH PASSWORD 'test';
+```
+
+Then run:
+
+```bash
+bash tests/ci_setup.sh
+```
+
+If the above fails due to postgres errors, your postgresql setup may need some 
+fixing, it should finish with the following:
+
+```
+Setting up test database
+Dropping old test data
+WARNING:root:Unable to drop test data:(psycopg2.errors.InvalidCatalogName) database "sheepdog_automated_test" does not exist
+
+[SQL: DROP DATABASE "sheepdog_automated_test"]
+(Background on this error at: http://sqlalche.me/e/13/f405)
+Creating tables in test database
+Creating indexes
+writing RSA key
+```
+
+The WARNING will show up the first time you run this, it's safe to ignore.
+
+That sets up the database so if you run into postgres errors, you'll want to 
+double check your postgres setup.
+
+After that you can run unit tests with:
+
+```bash
+bash tests/ci_commands_script.sh
+```
+
+> You can see more detailed information on local dev setup in the docs/local_dev_environment.md

README.md

@@ -46,25 +46,8 @@ def load_json(file_name):
         for key in ["fence_username", "fence_password", "fence_host", "fence_database"]
     ]
 )
-config["OIDC_ISSUER"] = "https://%s/user" % conf_data["hostname"]
 
-config["OAUTH2"] = {
-    "client_id": conf_data.get("oauth2_client_id", "{{oauth2_client_id}}"),
-    "client_secret": conf_data.get("oauth2_client_secret", "{{oauth2_client_secret}}"),
-    "api_base_url": "https://%s/user/" % conf_data["hostname"],
-    "authorize_url": "https://%s/user/oauth2/authorize" % conf_data["hostname"],
-    "access_token_url": "https://%s/user/oauth2/token" % conf_data["hostname"],
-    "refresh_token_url": "https://%s/user/oauth2/token" % conf_data["hostname"],
-    "client_kwargs": {
-        "redirect_uri": "https://%s/api/v0/oauth2/authorize" % conf_data["hostname"],
-        "scope": "openid data user",
-    },
-    # deprecated key values, should be removed after all commons use new oidc
-    "internal_oauth_provider": "http://fence-service/oauth2/",
-    "oauth_provider": "https://%s/user/oauth2/" % conf_data["hostname"],
-    "redirect_uri": "https://%s/api/v0/oauth2/authorize" % conf_data["hostname"],
-}
-config["USER_API"] = config["OIDC_ISSUER"]  # for use by authutils
+config["USER_API"] = "https://%s/user" % conf_data["hostname"]  # for use by authutils
 # use the USER_API URL instead of the public issuer URL to accquire JWT keys
 config["FORCE_ISSUER"] = True
 config["DICTIONARY_URL"] = environ.get(

bin/settings.py

@@ -195,7 +195,6 @@ def create_indexes(host, port, user, password, database, use_ssl=False):
 
 
 if __name__ == "__main__":
-
     parser = argparse.ArgumentParser()
     parser.add_argument(
         "--host", type=str, action="store", default="localhost", help="psql-server host"

bin/setup_psqlgraph.py

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "sheepdog"
-version = "5.1.0"
+version = "5.1.1"
 description = "Gen3 Submission Service"
 authors = ["CTDS UChicago <cdis@uchicago.edu>"]
 license = "Apache-2.0"
@@ -50,7 +50,6 @@ pytest = ">=4.6.5"
 pytest-cov = ">=2.5.1"
 requests_mock = ">=1.4.0"
 coverage = ">=5.3.0"
-cdis_oauth2client = ">=1.1.0"
 mock = ">=1.0.1"
 pytest-flask = ">=1.2.0"
 moto = ">=0.4.5"

poetry.lock

@@ -7,8 +7,6 @@
 from flask import Flask, jsonify
 from psqlgraph import PsqlGraphDriver
 
-from authutils.oauth2 import client as oauth2_client
-from authutils.oauth2.client import blueprint as oauth2_blueprint
 from authutils import AuthError
 from cdispyutils.log import get_handler
 from cdispyutils.uwsgi import setup_user_harakiri
@@ -56,20 +54,13 @@ def app_register_blueprints(app):
     models.init(md)
     validators.init(vd)
 
-    # register each blueprint twice (at `/` and at `/v0/`). Flask requires the
-    # blueprint names to be unique, so rename them before registering the 2nd time
-    v0 = "/v0"
-
+    # register the blueprint twice (at `/` and at `/v0/`). Flask requires the
+    # blueprint names to be unique, so rename it before registering the 2nd time
     sheepdog_blueprint = sheepdog.create_blueprint("submission")
-    app.register_blueprint(sheepdog_blueprint, url_prefix=v0 + "/submission")
+    app.register_blueprint(sheepdog_blueprint, url_prefix="/v0/submission")
     sheepdog_blueprint.name += "_legacy"
     app.register_blueprint(sheepdog_blueprint, url_prefix="/submission")
 
-    # TODO we may be able to deprecate the oauth2 endpoints?
-    app.register_blueprint(oauth2_blueprint.blueprint, url_prefix=v0 + "/oauth2")
-    oauth2_blueprint.blueprint.name += "_legacy"
-    app.register_blueprint(oauth2_blueprint.blueprint, url_prefix="/oauth2")
-
 
 def db_init(app):
     app.logger.info("Initializing PsqlGraph driver")
@@ -90,8 +81,6 @@ def db_init(app):
     if app.config.get("AUTO_MIGRATE_DATABASE"):
         migrate_database(app)
 
-    app.oauth_client = oauth2_client.OAuthClient(**app.config["OAUTH2"])
-
     app.logger.info("Initializing index client")
     app.index_client = IndexClient(
         app.config["INDEX_CLIENT"]["host"],

pyproject.toml

@@ -74,21 +74,6 @@
 )
 
 USER_API = "http://localhost/user/"
-OIDC_ISSUER = "http://localhost"
-OAUTH2 = {
-    "client_id": os.environ.get("CDIS_GDCAPI_CLIENT_ID"),
-    "client_secret": os.environ.get("CDIS_GDCAPI_CLIENT_SECRET"),
-    "api_base_url": USER_API,
-    "authorize_url": "http://localhost/user/oauth2/authorize",
-    "access_token_url": "http://localhost/user/oauth2/token",
-    "refresh_token_url": "http://localhost/user/oauth2/token",
-    "client_kwargs": {
-        "redirect_uri": os.environ.get(
-            "CDIS_GDCAPI_OAUTH_REDIRECT", "http://localhost/api/v0/oauth2/authorize"
-        ),
-        "scope": "openid data user",
-    },
-}
 
 SESSION_COOKIE_NAME = "sheepdog_session"
 # verify project existence in dbgap or not

sheepdog/api.py

@@ -38,13 +38,6 @@
 
 FLASK_SECRET_KEY = "flask_test_key"  # nosec
 
-OAUTH2 = {
-    "client_id": "",
-    "client_secret": "",
-    "oauth_provider": "",
-    "redirect_uri": "",
-}
-
 USER_API = "localhost"
 BASE_URL = "localhost"
 

sheepdog/dev_settings.py

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+# since this whole thing is run as a bash {{this script}}, only the last pytest
+# command controls the exit code. We actually want to exit early if something fails
+set -e
+
+# datadict and datadictwithobjid tests must run separately to allow
+# loading different datamodels
+poetry run pytest -vv --cov=sheepdog --cov-report xml tests/integration/datadict
+poetry run pytest -vv --cov=sheepdog --cov-report xml --cov-append tests/integration/datadictwithobjid
+poetry run pytest -vv --cov=sheepdog --cov-report xml --cov-append tests/unit

sheepdog/test_settings.py

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+poetry run python bin/setup_test_database.py
+mkdir -p tests/integration/resources/keys
+cd tests/integration/resources/keys
+openssl genrsa -out test_private_key.pem 2048
+openssl rsa -in test_private_key.pem -pubout -out test_public_key.pem
+cd -

tests/ci_commands_script.sh

@@ -0,0 +1,10 @@
+TODO: Why are we integration testing alongside unit tests like this? We need to migrate
+      these tests elsewhere b/c it's not really integration testing if we're
+      configuring postgres exactly the way it expects in the CI running this. 
+      Since this CI setup is completely separate from how we run postgres in 
+      production, most of these tests are pointless.
+
+      As of 13 SEP 23 I'm ripping out some of this to enable the migration 
+      to Github Actions from Travis CI.
+
+      - Alex