Skip to content

Commit

Permalink
fix: minor fixes based on comments on pr canonical#278
Browse files Browse the repository at this point in the history
  • Loading branch information
bencekov committed Dec 8, 2023
1 parent b4be9f8 commit ad23096
Show file tree
Hide file tree
Showing 7 changed files with 24 additions and 39 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/pull-request.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,4 @@ jobs:
secrets: inherit
with:
ip-range-start: 10.64.140.43
ip-range-end: 10.64.140.49
ip-range-end: 10.64.140.46
2 changes: 1 addition & 1 deletion .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,4 @@ jobs:
secrets: inherit
with:
ip-range-start: 10.64.140.43
ip-range-end: 10.64.140.49
ip-range-end: 10.64.140.46
4 changes: 1 addition & 3 deletions src/charm.py
Original file line number Diff line number Diff line change
Expand Up @@ -304,8 +304,6 @@ def _on_config_changed(self, event: ConfigChangedEvent) -> None:
Args:
event: a :class:`ConfigChangedEvent` to signal that something happened
"""
self.oauth.update_client_config(client_config=self._oauth_client_config)

self._configure()
self._configure_replication()

Expand Down Expand Up @@ -740,7 +738,7 @@ def _generate_grafana_config(self) -> str:
if self.has_db:
configs.append(self._generate_database_config())

if self.model.relations[OAUTH]:
if self.oauth.is_client_created():
configs.append(self._generate_oauth_refresh_config())

return "\n".join(configs)
Expand Down
9 changes: 0 additions & 9 deletions tests/integration/oauth_tools/constants.py
Original file line number Diff line number Diff line change
Expand Up @@ -35,15 +35,6 @@
SELF_SIGNED_CERTIFICATES="self-signed-certificates",
)

OAUTH_RELATION = collections.namedtuple(
"OAUTH_RELATION", ["OAUTH_APPLICATION", "OAUTH_INTERFACE", "OAUTH_PROXY", "OAUTH_CERTIFICATES"]
)(
OAUTH_APPLICATION="hydra",
OAUTH_INTERFACE="oauth",
OAUTH_PROXY="traefik-public",
OAUTH_CERTIFICATES="self-signed-certificates",
)

IDENTITY_BUNDLE = collections.namedtuple("IDENTITY_BUNDLE", ["NAME", "CHANNEL"])(
NAME="identity-platform",
CHANNEL="0.1/edge",
Expand Down
3 changes: 1 addition & 2 deletions tests/integration/oauth_tools/oauth_test_helper.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@
from oauth_tools.dex import ExternalIdpManager
from oauth_tools.constants import (
APPS,
OAUTH_RELATION,
IDENTITY_BUNDLE,
EXTERNAL_USER_EMAIL,
EXTERNAL_USER_PASSWORD,
Expand Down Expand Up @@ -104,7 +103,7 @@ async def complete_external_idp_login(
"""Convenience function for navigating the external identity provider's user interface."""
expected_url = join(
await get_reverse_proxy_app_url(
ops_test, OAUTH_RELATION.OAUTH_PROXY, APPS.IDENTITY_PLATFORM_LOGIN_UI_OPERATOR
ops_test, APPS.TRAEFIK_PUBLIC, APPS.IDENTITY_PLATFORM_LOGIN_UI_OPERATOR
),
"ui/login",
)
Expand Down
24 changes: 8 additions & 16 deletions tests/integration/test_grafana_oauth.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
verify_page_loads,
get_cookie_from_browser_by_name,
)
from oauth_tools.constants import OAUTH_RELATION, EXTERNAL_USER_EMAIL
from oauth_tools.constants import EXTERNAL_USER_EMAIL, APPS

logger = logging.getLogger(__name__)

Expand Down Expand Up @@ -59,20 +59,16 @@ async def test_build_and_deploy(ops_test: OpsTest, grafana_charm):
)

# Integrate grafana with the identity bundle
await ops_test.model.integrate(
f"grafana:{OAUTH_RELATION.OAUTH_INTERFACE}", OAUTH_RELATION.OAUTH_APPLICATION
)
await ops_test.model.integrate("grafana:ingress", f"{OAUTH_RELATION.OAUTH_PROXY}")
await ops_test.model.integrate(
"grafana:receive-ca-cert", f"{OAUTH_RELATION.OAUTH_CERTIFICATES}"
)
await ops_test.model.integrate("grafana:oauth", APPS.HYDRA)
await ops_test.model.integrate("grafana:ingress", APPS.TRAEFIK_PUBLIC)
await ops_test.model.integrate("grafana:receive-ca-cert", APPS.SELF_SIGNED_CERTIFICATES)

await ops_test.model.wait_for_idle(
apps=[
OAUTH_RELATION.OAUTH_APPLICATION,
APPS.HYDRA,
APPS.TRAEFIK_PUBLIC,
APPS.SELF_SIGNED_CERTIFICATES,
"grafana",
OAUTH_RELATION.OAUTH_PROXY,
OAUTH_RELATION.OAUTH_CERTIFICATES,
],
status="active",
raise_on_blocked=False,
Expand All @@ -86,9 +82,7 @@ async def test_oauth_login_with_identity_bundle(
) -> None:
external_idp_manager = ExternalIdpManager(ops_test=ops_test)

grafana_proxy = await get_reverse_proxy_app_url(
ops_test, OAUTH_RELATION.OAUTH_PROXY, "grafana"
)
grafana_proxy = await get_reverse_proxy_app_url(ops_test, APPS.TRAEFIK_PUBLIC, "grafana")
redirect_login = os.path.join(grafana_proxy, "login")

await access_application_login_page(
Expand Down Expand Up @@ -117,8 +111,6 @@ async def test_oauth_login_with_identity_bundle(
verify=False,
)
assert request.status_code == 200
assert request.status_code == 200
request.raise_for_status()
assert request.json()["email"] == EXTERNAL_USER_EMAIL

external_idp_manager.remove_idp_service()
19 changes: 12 additions & 7 deletions tests/unit/test_charm.py
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,9 @@
OAUTH_CONFIG_INI = """[feature_toggles]
accessTokenExpirationCheck = true
"""
OAUTH_CLIENT_ID = "grafana_client_id"
OAUTH_CLIENT_SECRET = "s3cR#T"


AUTH_PROVIDER_APPLICATION = "auth_provider"

Expand Down Expand Up @@ -401,13 +404,13 @@ def test_config_is_updated_with_oauth_relation_data(self):
)

# update databag with client details - received once a grafana client is created in hydra
secret_id = self.harness.add_model_secret("hydra", {"secret": "s3cR#T"})
secret_id = self.harness.add_model_secret("hydra", {"secret": OAUTH_CLIENT_SECRET})
self.harness.grant_secret(secret_id, "grafana-k8s")
self.harness.update_relation_data(
rel_id,
"hydra",
{
"client_id": "grafana_client_id",
"client_id": OAUTH_CLIENT_ID,
"client_secret_id": secret_id,
},
)
Expand All @@ -422,23 +425,25 @@ def test_config_is_updated_with_oauth_relation_data(self):
services["environment"]["GF_AUTH_GENERIC_OAUTH_NAME"], "external identity provider"
)
self.assertEqual(
services["environment"]["GF_AUTH_GENERIC_OAUTH_CLIENT_ID"], "grafana_client_id"
services["environment"]["GF_AUTH_GENERIC_OAUTH_CLIENT_ID"], OAUTH_CLIENT_ID
)
self.assertEqual(
services["environment"]["GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET"], OAUTH_CLIENT_SECRET
)
self.assertEqual(services["environment"]["GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET"], "s3cR#T")
self.assertEqual(
services["environment"]["GF_AUTH_GENERIC_OAUTH_SCOPES"], "openid email offline_access"
)
self.assertEqual(
services["environment"]["GF_AUTH_GENERIC_OAUTH_AUTH_URL"],
"https://example.oidc.com/oauth2/auth",
oauth_provider_info["authorization_endpoint"],
)
self.assertEqual(
services["environment"]["GF_AUTH_GENERIC_OAUTH_TOKEN_URL"],
"https://example.oidc.com/oauth2/token",
oauth_provider_info["token_endpoint"],
)
self.assertEqual(
services["environment"]["GF_AUTH_GENERIC_OAUTH_API_URL"],
"https://example.oidc.com/userinfo",
oauth_provider_info["userinfo_endpoint"],
)
self.assertEqual(
services["environment"]["GF_AUTH_GENERIC_OAUTH_USE_REFRESH_TOKEN"],
Expand Down

0 comments on commit ad23096

Please sign in to comment.