11 user authentication (#14)

* feat(client.py): adding fields Added auth_provider and auth_method to Client class. Added model validator. * feat(auth/providers.py): adding functions for handling authentication methods * build(docker-compose-dev.yml): adding services needed for testing * refactor(providers.py): refactoring github function with token method * fix(auth): simplified code * test(test_token.py): testing token --------- Co-authored-by: Shiny Brar (he/il) <[email protected]>
CHIMEFRB · Jan 28, 2024 · e5a2dd0 · e5a2dd0
1 parent bd67d17
commit e5a2dd0
Show file tree

Hide file tree

Showing 3 changed files with 146 additions and 6 deletions.
diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
@@ -0,0 +1,114 @@
+version: "3.9"
+
+services:
+  traefik:
+    image: traefik:v2.10
+    command:
+      - "--configFile=/etc/traefik/traefik.yaml"
+    ports:
+      - "80:80"
+      - "8080:8080"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+      - "./traefik.yaml:/etc/traefik/traefik.yaml"
+      - "./traefik_docker.yaml:/etc/traefik/traefik_docker.yaml"
+
+  authentication:
+    image: authentication:local
+    command: ["/bin/bash", "-c", "python -m authentication.server"]
+    expose:
+      - 4000
+    environment:
+      - DEBUG=1
+      - SANIC_HOSTNAME=0.0.0.0
+      - SANIC_PORT=4000
+      - SANIC_ACCESS_LOG=true
+      - SANIC_AUTO_RELOAD=true
+      - SANIC_DEBUG=true
+      - SANIC_CORS_ORIGINS=*
+      - SANIC_ACCESS_URL=https://github.com/login/oauth/access_token
+      - SANIC_ORGANIZATIONS_URL=https://api.github.com/user/orgs
+      - SANIC_TEAMS_URL=https://api.github.com/user/teams
+      - SANIC_GITHUB_ORGS_ALLOWED=CHIMEFRB,test-organization-36
+
+  buckets:
+    image: chimefrb/buckets:latest
+    command: ["/bin/bash", "-c", "python -m buckets.server"]
+    expose:
+      - 8004
+    environment:
+      - SANIC_HOSTNAME=0.0.0.0
+      - SANIC_PORT=8004
+      - SANIC_ACCESS_LOG=true
+      - SANIC_AUTO_RELOAD=true
+      - SANIC_DEBUG=true
+      - SANIC_MONGODB_HOSTNAME=mongo
+      - SANIC_MONGODB_PORT=27017
+      - SANIC_CORS_ORIGINS=*
+
+  results:
+    image: chimefrb/results:latest
+    command: ["/bin/bash", "-c", "python -m results.server"]
+    expose:
+      - 8005
+    environment:
+      - SANIC_HOSTNAME=0.0.0.0
+      - SANIC_PORT=8005
+      - SANIC_ACCESS_LOG=true
+      - SANIC_AUTO_RELOAD=true
+      - SANIC_DEBUG=true
+      - SANIC_MONGODB_HOSTNAME=mongo
+      - SANIC_MONGODB_PORT=27017
+      - SANIC_CORS_ORIGINS=*
+
+  pipelines:
+    image: chimefrb/pipelines:latest
+    command: ["/bin/bash", "-c", "python -m pipelines.server"]
+    expose:
+      - 8006
+    environment:
+      - SANIC_HOSTNAME=0.0.0.0
+      - SANIC_PORT=8006
+      - SANIC_ACCESS_LOG=true
+      - SANIC_AUTO_RELOAD=true
+      - SANIC_DEBUG=true
+      - SANIC_MONGODB_HOSTNAME=mongo
+      - SANIC_MONGODB_PORT=27017
+      - SANIC_CORS_ORIGINS=*
+      - SANIC_START_MANAGER_URL=http://managers:8007/v1/start
+      - SANIC_PAUSE_MANAGER_URL=http://managers:8007/v1/pause
+      - SANIC_STOP_MANAGER_URL=http://managers:8007/v1/stop
+      - SANIC_HEALTH_MANAGERS_URL=http://managers:8007/__health__
+      - SANIC_HEALTH_MANAGERS_CHECK_TIMES=10
+      - SANIC_HEALTH_MANAGERS_CHECK_INTERVAL_SECONDS=30
+      - SANIC_LISTENERS_THRESHOLD_SECONDS=120
+
+  managers:
+    image: chimefrb/pipelines:latest
+    command: ["/bin/bash", "-c", "python -m managers.server"]
+    expose:
+      - 8007
+    environment:
+      - SANIC_HOSTNAME=0.0.0.0
+      - SANIC_PORT=8007
+      - SANIC_ACCESS_LOG=true
+      - SANIC_AUTO_RELOAD=true
+      - SANIC_DEBUG=true
+      - SANIC_MONGODB_HOSTNAME=mongo
+      - SANIC_MONGODB_PORT=27017
+      - SANIC_CORS_ORIGINS=*
+      - SANIC_BUCKETS_URL=http://buckets:8004
+      - SANIC_RESULTS_URL=http://results:8005
+      - SANIC_UPDATE_INTERVAL_SECONDS=60
+      - SANIC_PURGE_TIME_SECONDS=3600
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8007/__health__"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+
+  mongo:
+    image: mongo
+    command: mongod --bind_ip_all
+    ports:
+      - "27017:27017"
diff --git a/tests/test_token.py b/tests/test_token.py
@@ -0,0 +1,19 @@
+"""Test the token passing."""
+from workflow.definitions.work import Work
+from workflow.http.context import HTTPContext
+
+
+def test_work_pass_token_to_client(monkeypatch):
+    """Test that the Client objects can obtain token from Work object."""
+    test_token = "ghp_1234567890abcdefg"
+    monkeypatch.setenv("WORKFLOW_HTTP_TOKEN", test_token)
+    http = HTTPContext(timeout=10)
+    work = Work(pipeline="test", site="local", user="test", http=http)
+
+    # ? Check HTTPContext have token
+    assert http.token.get_secret_value() == test_token  # type: ignore
+
+    # ? Check clients have token
+    assert work.http.buckets.token.get_secret_value() == test_token  # type: ignore
+    assert work.http.results.token.get_secret_value() == test_token  # type: ignore
+    assert work.http.pipelines.token.get_secret_value() == test_token  # type: ignore
diff --git a/workflow/http/client.py b/workflow/http/client.py
@@ -1,7 +1,7 @@
 """HTTP client for interacting with the Workflow Servers."""
 from platform import machine, platform, python_version, release, system
 from time import asctime, gmtime
-from typing import Optional
+from typing import Any, Dict, Optional
 from warnings import warn
 
 from pydantic import (
@@ -17,7 +17,8 @@
 from requests.exceptions import RequestException
 from requests.models import Response
 
-from workflow import __version__
+from workflow import DEFAULT_WORKSPACE_PATH, __version__
+from workflow.utils import read
 from workflow.utils.logger import get_logger
 
 logger = get_logger("workflow.http.client")
@@ -71,6 +72,15 @@ def configure_session(self) -> "Client":
             Client: The validated client instance.
 
         """
+        config: Dict[str, Any] = read.workspace(DEFAULT_WORKSPACE_PATH.as_posix())
+        if config.get("auth", {}).get("type", None) == "token":
+            if config.get("auth", {}).get("provider", None) == "github":
+                if self.token:
+                    self.session.headers.update(
+                        {"x-access-token": self.token.get_secret_value()}
+                    )
+                else:
+                    logger.warning("HTTP Token not found, workspace requires it.")
         self.session.headers.update({"Content-Type": "application/json; charset=utf-8"})
         self.session.headers.update({"Accept": "*/*"})
         self.session.headers.update({"User-Agent": "workflow-client"})
@@ -83,10 +93,6 @@ def configure_session(self) -> "Client":
         self.session.headers.update({"X-Workflow-Client-OS": system()})
         self.session.headers.update({"X-Workflow-Client-OS-Version": release()})
         self.session.headers.update({"X-Workflow-Client-Platform": platform()})
-        if self.token:
-            self.session.headers.update(
-                {"Authorization": f"Bearer {self.token.get_secret_value()}"}
-            )
         logger.debug(f"Configured Session: {self.session.headers}")
         return self
 
@@ -110,6 +116,7 @@ def validate_baseurl(cls, baseurl: str) -> str:
             response.raise_for_status()
         except RequestException as error:
             logger.warning(f"Unable to connect to the {baseurl}.")
+            logger.warning(error)
         except Exception as error:
             logger.warning("Unknown error.")
             raise error