Merge pull request #175 from lsst-sqre/tickets/DM-36642

DM-36624: Only pass groups with GIDs to moneypenny

src/nublado2/provisioner.py

@@ -34,11 +34,16 @@ async def provision_homedir(self, spawner: Spawner) -> None:
         base_url = self.nublado_config.base_url
         token = self.nublado_config.gafaelfawr_token
 
+        # Only include groups with GIDs.  Provisioning can't do anything with
+        # the ones that don't have GIDs, and currently the model doesn't allow
+        # them.
+        groups = [g for g in auth_state["groups"] if "id" in g]
+
         # Start the provisioning request.
         dossier = {
             "username": spawner.user.name,
             "uid": int(auth_state["uid"]),
-            "groups": auth_state["groups"],
+            "groups": groups,
         }
         provision_url = urljoin(base_url, "moneypenny/users")
         session = await get_session()

tests/provisioner_test.py

@@ -85,3 +85,26 @@ async def test_provision() -> None:
         m.get(status_url, callback=handler, repeat=True)
         m.get(wait_url, callback=handler)
         await resource_manager.provisioner.provision_homedir(spawner)
+
+
+@pytest.mark.asyncio
+async def test_no_gids() -> None:
+    resource_manager = ResourceManager()
+    spawner = Mock(spec=Spawner)
+    spawner.user = Mock(spec=User)
+    spawner.user.name = "someuser"
+    auth_state = {
+        "uid": 1234,
+        "groups": [{"name": "foo"}],
+    }
+    spawner.user.get_auth_state.return_value = auth_state
+
+    commission_url = "https://data.example.com/moneypenny/users"
+    status_url = "https://data.example.com/moneypenny/users/someuser"
+    wait_url = "https://data.example.com/moneypenny/users/someuser/wait"
+    with aioresponses() as m:
+        handler = build_handler("someuser", 1234, [])
+        m.post(commission_url, callback=handler)
+        m.get(status_url, callback=handler, repeat=True)
+        m.get(wait_url, callback=handler)
+        await resource_manager.provisioner.provision_homedir(spawner)