Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat/arborist-sync #613

Merged
merged 5 commits into from
May 10, 2019
Merged

feat/arborist-sync #613

merged 5 commits into from
May 10, 2019

Conversation

rudyardrichter
Copy link
Contributor

@rudyardrichter rudyardrichter commented Apr 9, 2019
edited
Loading

Improvements

  • Update user sync for compatibility with changes to arborist.
    • Policies now owned by arborist
    • Arborist needs (read-only) copy of users.

Breaking Changes

  • Intended to work only with arborist >= 2.0 (using new database). Won't work with older arborist API.

@rudyardrichter rudyardrichter marked this pull request as ready for review April 15, 2019 20:27
@PlanXCyborg
Copy link
Contributor

PlanXCyborg commented Apr 24, 2019
edited
Loading

This PR contains code that is not formatted correctly according to black. Run black on your code before merging.

Expand the full diff to see formatting changes 
--- fence/__init__.py
+++ blackened
@@ -15,11 +15,11 @@
 from fence.oidc.server import server
 from fence.rbac.client import ArboristClient
 from fence.resources.aws.boto_manager import BotoManager
 from fence.resources.openid.google_oauth2 import GoogleOauth2Client as GoogleClient
 from fence.resources.openid.microsoft_oauth2 import (
-    MicrosoftOauth2Client as MicrosoftClient
+    MicrosoftOauth2Client as MicrosoftClient,
 )
 from fence.resources.openid.orcid_oauth2 import OrcidOauth2Client as ORCIDClient
 from fence.resources.storage import StorageManager
 from fence.resources.user.user_session import UserSessionInterface
 from fence.error_handler import get_error_response

--- tests/data/test_data.py
+++ blackened
@@ -605,12 +605,13 @@
     )
     response = client.get(path, headers=headers, query_string=query_string)
     assert response.status_code == 403
 
 
-def test_initialize_multipart_upload(app, client, auth_client, encoded_creds_jwt, user_client):
-
+def test_initialize_multipart_upload(
+    app, client, auth_client, encoded_creds_jwt, user_client
+):
     class MockResponse(object):
         def __init__(self, data, status_code=200):
             self.data = data
             self.status_code = status_code

This formatting comment was generated automatically by a script in uc-cdis/wool.

Avantol13
Avantol13 requested changes Apr 24, 2019
View reviewed changes
Copy link
Contributor

@Avantol13 Avantol13 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should say this is a breaking change if you're using arborist <{{new version with db}}, there's a heading for that in the PR description template. it's not really a breaking change to fence, but we should make it obvious this will not work with old arborist somehow in the release notes. Also, do you know why jenkins didn't run integration tests?

P.S. will look through actual code code in a bit :P

Avantol13
Avantol13 previously requested changes Apr 25, 2019
View reviewed changes
fence/jwt/token.py Outdated
@@ -481,7 +479,6 @@ def generate_id_token(

# If not provided, assume auth time is time this ID token is issued
auth_time = auth_time or iat
policies = [policy.id for policy in user.policies]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we want to keep these in the id token, right? just remove from access token?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we want to remove all the policies from everything; they can be retrieved from the user info endpoint now

Avantol13
Avantol13 reviewed Apr 25, 2019
View reviewed changes
Avantol13
Avantol13 reviewed Apr 25, 2019
View reviewed changes
Avantol13
Avantol13 reviewed Apr 25, 2019
View reviewed changes
@Avantol13
Copy link
Contributor

was looking through code, seems like _parse_yaml from UserSyncer isn't called from anywhere, can we remove?

@rudyardrichter rudyardrichter merged commit ed45d84 into feat/arborist May 10, 2019
@m0nhawk m0nhawk deleted the feat/arborist-sync branch August 14, 2019 20:05
@PlanXCyborg PlanXCyborg mentioned this pull request Oct 21, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Avantol13 Avantol13 Avantol13 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rudyardrichter @PlanXCyborg @Avantol13