feat(download-auth): use arborist for data download check #606
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This PR contains code that is not formatted correctly according to Expand the full diff to see formatting changes--- fence/__init__.py
+++ blackened
@@ -15,11 +15,11 @@
from fence.oidc.server import server
from fence.rbac.client import ArboristClient
from fence.resources.aws.boto_manager import BotoManager
from fence.resources.openid.google_oauth2 import GoogleOauth2Client as GoogleClient
from fence.resources.openid.microsoft_oauth2 import (
- MicrosoftOauth2Client as MicrosoftClient
+ MicrosoftOauth2Client as MicrosoftClient,
)
from fence.resources.openid.orcid_oauth2 import OrcidOauth2Client as ORCIDClient
from fence.resources.storage import StorageManager
from fence.resources.user.user_session import UserSessionInterface
from fence.error_handler import get_error_response
@@ -38,11 +38,11 @@
from cdislogging import get_logger
# Can't read config yet. Just set to debug for now, else no handlers.
# Later, in app_config(), will actually set level based on config
-logger = get_logger(__name__, log_level='debug')
+logger = get_logger(__name__, log_level="debug")
app = flask.Flask(__name__)
CORS(app=app, headers=["content-type", "accept"], expose_headers="*")
--- fence/jwt/token.py
+++ blackened
@@ -167,13 +167,11 @@
"iat": iat,
"exp": exp,
"jti": str(uuid.uuid4()),
"context": context,
}
- logger.debug(
- "issuing JWT session token\n" + json.dumps(claims, indent=4)
- )
+ logger.debug("issuing JWT session token\n" + json.dumps(claims, indent=4))
token = jwt.encode(claims, private_key, headers=headers, algorithm="RS256")
token = to_unicode(token, "UTF-8")
# Browser may clip cookies larger than 4096 bytes
if len(token) > 4096:
@@ -269,16 +267,12 @@
"jti": jti,
"azp": client_id or "",
}
if flask.current_app:
- logger.info(
- "issuing JWT refresh token with id [{}] to [{}]".format(jti, sub)
- )
- logger.debug(
- "issuing JWT refresh token\n" + json.dumps(claims, indent=4)
- )
+ logger.info("issuing JWT refresh token with id [{}] to [{}]".format(jti, sub))
+ logger.debug("issuing JWT refresh token\n" + json.dumps(claims, indent=4))
token = jwt.encode(claims, private_key, headers=headers, algorithm="RS256")
token = to_unicode(token, "UTF-8")
return JWTResult(token=token, kid=kid, claims=claims)
@@ -311,16 +305,12 @@
"iat": iat,
"exp": exp,
"jti": jti,
"azp": client_id or "",
}
- logger.info(
- "issuing JWT API key with id [{}] to [{}]".format(jti, sub)
- )
- logger.debug(
- "issuing JWT API key\n" + json.dumps(claims, indent=4)
- )
+ logger.info("issuing JWT API key with id [{}] to [{}]".format(jti, sub))
+ logger.debug("issuing JWT API key\n" + json.dumps(claims, indent=4))
token = jwt.encode(claims, private_key, headers=headers, algorithm="RS256")
logger.debug(str(token))
token = to_unicode(token, "UTF-8")
return JWTResult(token=token, kid=kid, claims=claims)
@@ -389,16 +379,12 @@
claims["context"]["user"]["google"][
"linked_google_account"
] = linked_google_email
if flask.current_app:
- logger.info(
- "issuing JWT access token with id [{}] to [{}]".format(jti, sub)
- )
- logger.debug(
- "issuing JWT access token\n" + json.dumps(claims, indent=4)
- )
+ logger.info("issuing JWT access token with id [{}] to [{}]".format(jti, sub))
+ logger.debug("issuing JWT access token\n" + json.dumps(claims, indent=4))
token = jwt.encode(claims, private_key, headers=headers, algorithm="RS256")
token = to_unicode(token, "UTF-8")
# Browser may clip cookies larger than 4096 bytes
@@ -492,13 +478,11 @@
# token. If present in Auth Request from client, should set same val
# in ID token
if nonce:
claims["nonce"] = nonce
- logger.info(
- "issuing JWT ID token\n" + json.dumps(claims, indent=4)
- )
+ logger.info("issuing JWT ID token\n" + json.dumps(claims, indent=4))
token_options = {
"iss": {"essential": True, "value": config.get("BASE_URL")},
"nonce": {"value": nonce},
}
--- fence/rbac/client.py
+++ blackened
@@ -248,13 +248,11 @@
msg = data["error"]
if isinstance(data["error"], dict):
msg = data["error"].get("message", msg)
resource = resource_json.get("path", "/" + resource_json.get("name"))
self.logger.error(
- "could not create resource `{}` in arborist: {}".format(
- resource, msg
- )
+ "could not create resource `{}` in arborist: {}".format(resource, msg)
)
raise ArboristError(data["error"])
self.logger.info("created resource {}".format(resource_json["name"]))
return data
@@ -434,15 +432,11 @@
@_arborist_retry()
def create_group(self, name, description="", users=None, policies=None):
users = users or []
policies = policies or []
- data = {
- "name": name,
- "users": users,
- "policies": policies,
- }
+ data = {"name": name, "users": users, "policies": policies}
if description:
data["description"] = description
response = requests.post(self._group_url, json=data)
data = _request_get_json(response)
if response.status_code != 201:
--- tests/data/test_data.py
+++ blackened
@@ -605,12 +605,13 @@
)
response = client.get(path, headers=headers, query_string=query_string)
assert response.status_code == 403
-def test_initialize_multipart_upload(app, client, auth_client, encoded_creds_jwt, user_client):
-
+def test_initialize_multipart_upload(
+ app, client, auth_client, encoded_creds_jwt, user_client
+):
class MockResponse(object):
def __init__(self, data, status_code=200):
self.data = data
self.status_code = status_code
@@ -634,11 +635,13 @@
}
)
data_requests.post.return_value.status_code = 200
arborist_requests.post.return_value = MockResponse({"auth": True})
arborist_requests.post.return_value.status_code = 200
- fence.blueprints.data.indexd.BlankIndex.init_multipart_upload.return_value = "test_uploadId"
+ fence.blueprints.data.indexd.BlankIndex.init_multipart_upload.return_value = (
+ "test_uploadId"
+ )
headers = {
"Authorization": "Bearer " + encoded_creds_jwt.jwt,
"Content-Type": "application/json",
}
file_name = "asdf"
@@ -655,11 +658,13 @@
assert response.status_code == 201, response
assert "guid" in response.json
assert "uploadId" in response.json
-def test_multipart_upload_presigned_url(app, client, auth_client, encoded_creds_jwt, user_client):
+def test_multipart_upload_presigned_url(
+ app, client, auth_client, encoded_creds_jwt, user_client
+):
class MockResponse(object):
def __init__(self, data, status_code=200):
self.data = data
self.status_code = status_code
@@ -671,11 +676,13 @@
)
arborist_requests_mocker = mock.patch(
"fence.rbac.client.requests", new_callable=mock.Mock
)
- fence.blueprints.data.indexd.BlankIndex.generate_aws_presigned_url_for_part = MagicMock()
+ fence.blueprints.data.indexd.BlankIndex.generate_aws_presigned_url_for_part = (
+ MagicMock()
+ )
with data_requests_mocker as data_requests, arborist_requests_mocker as arborist_requests:
data_requests.post.return_value = MockResponse(
{
"did": str(uuid.uuid4()),
"rev": str(uuid.uuid4())[:8],
@@ -683,11 +690,13 @@
}
)
data_requests.post.return_value.status_code = 200
arborist_requests.post.return_value = MockResponse({"auth": True})
arborist_requests.post.return_value.status_code = 200
- fence.blueprints.data.indexd.BlankIndex.generate_aws_presigned_url_for_part.return_value = "test_presigned"
+ fence.blueprints.data.indexd.BlankIndex.generate_aws_presigned_url_for_part.return_value = (
+ "test_presigned"
+ )
headers = {
"Authorization": "Bearer " + encoded_creds_jwt.jwt,
"Content-Type": "application/json",
}
key = "guid/asdf"This formatting comment was generated automatically by a script in uc-cdis/wool. |
rudyardrichter
commented
Apr 5, 2019
rudyardrichter
force-pushed
the
feat/download-auth
branch
from
4dac7c6 to
c064d9c
Compare
rudyardrichter
force-pushed
the
feat/download-auth
branch
from
c064d9c to
644910c
Compare
rudyardrichter
force-pushed
the
feat/download-auth
branch
from
9b7feff to
c96f8e3
Compare
added 5 commits
April 5, 2019 15:24
rudyardrichter
force-pushed
the
feat/download-auth
branch
from
ada3430 to
3c5158c
Compare
fantix
approved these changes
Apr 15, 2019
rudyardrichter
force-pushed
the
feat/download-auth
branch
from
a328ee8 to
5a0206f
Compare
rudyardrichter
force-pushed
the
feat/download-auth
branch
from
5a0206f to
129934b
Compare
rudyardrichter
force-pushed
the
feat/download-auth
branch
from
07cd529 to
6dc8851
Compare
rudyardrichter
force-pushed
the
feat/download-auth
branch
from
f5d710a to
539d0f3
Compare
rudyardrichter
force-pushed
the
feat/download-auth
branch
from
539d0f3 to
8223657
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New Features
"rbac"field from the indexd record to arborist)Breaking Changes
Questions:
"read-storage"/"write-storage"?