Automated copy feature/OIDC oauth groups #1199

Avantol13 · 2024-11-14T18:19:50Z

duplicated from here: #1188

Link to JIRA ticket if there is one:

New Features

Support for OIDC Group Claims
Implementation of token refresh

Breaking Changes

Bug Fixes

Improvements

Dependency updates

Deployment changes

remove trailing space Co-authored-by: Alexander VanTol <[email protected]>

...to make user creation more uniform, reflecting what is also done elsewhere in fence/sync/sync_users.py _upsert_userinfo() for example

* fix use real bucket name * fix * update comment * use regex * update version

Update documentation link in setup.md

coveralls · 2024-11-14T18:25:43Z

Pull Request Test Coverage Report for Build 12416371639

Details

0 of 0 changed or added relevant lines in 0 files are covered.
121 unchanged lines in 7 files lost coverage.
Overall coverage decreased (-0.1%) to 75.106%

Files with Coverage Reduction	New Missed Lines	%
resources/openid/microsoft_oauth2.py	1	95.0%
error_handler.py	1	97.92%
init.py	3	90.84%
config.py	4	72.58%
scripting/fence_create.py	5	60.35%
blueprints/login/base.py	29	78.72%
resources/openid/idp_oauth2.py	78	60.29%

Totals
Change from base Build 12356407492:	-0.1%
Covered Lines:	7965
Relevant Lines:	10605

💛 - Coveralls

github-actions · 2024-11-14T19:28:48Z

filepath	$$\textcolor{#23d18b}{\tt{passed}}$$	$$\textcolor{#f14c4c}{\tt{failed}}$$	$$\textcolor{#ffa500}{\tt{skipped}}$$	SUBTOTAL
$$\textcolor{#23d18b}{\tt{tests/test\_oauth2.py}}$$	$$\textcolor{#23d18b}{\tt{15}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{15}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_centralized\_auth.py}}$$	$$\textcolor{#23d18b}{\tt{16}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{16}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_data\_upload.py}}$$	$$\textcolor{#23d18b}{\tt{7}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$	$$\textcolor{#ffa500}{\tt{1}}$$	$$\textcolor{#f14c4c}{\tt{9}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_presigned\_url.py}}$$	$$\textcolor{#23d18b}{\tt{7}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{7}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_user\_token.py}}$$	$$\textcolor{#23d18b}{\tt{5}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{5}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_drs\_endpoint.py}}$$	$$\textcolor{#23d18b}{\tt{4}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{4}}$$
$$\textcolor{#f14c4c}{\tt{tests/test\_ras\_authn.py}}$$	$$\textcolor{#23d18b}{\tt{2}}$$	$$\textcolor{#f14c4c}{\tt{1}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#f14c4c}{\tt{3}}$$
$$\textcolor{#ffa500}{\tt{tests/test\_dbgap.py}}$$	$$\textcolor{#23d18b}{\tt{4}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#ffa500}{\tt{1}}$$	$$\textcolor{#ffa500}{\tt{5}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_oidc\_client.py}}$$	$$\textcolor{#23d18b}{\tt{2}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{2}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_client\_credentials.py}}$$	$$\textcolor{#23d18b}{\tt{1}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{1}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_google\_data\_access.py}}$$	$$\textcolor{#23d18b}{\tt{1}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{1}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_audit\_service.py}}$$	$$\textcolor{#23d18b}{\tt{1}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{1}}$$
$$\textcolor{#ffa500}{\tt{tests/test\_register\_user.py}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#ffa500}{\tt{2}}$$	$$\textcolor{#ffa500}{\tt{2}}$$
$$\textcolor{#f14c4c}{\tt{TOTAL}}$$	$$\textcolor{#23d18b}{\tt{65}}$$	$$\textcolor{#f14c4c}{\tt{2}}$$	$$\textcolor{#ffa500}{\tt{4}}$$	$$\textcolor{#f14c4c}{\tt{71}}$$

Please find the detailed integration test report here

Please find the ci env pod logs here

flashguerdon · 2024-11-24T22:49:17Z

@Avantol13 -- Will you be able to give me access to the detailed integration test report? I get 401 when I click on the link.

github-actions · 2024-12-19T17:22:46Z

filepath	$$\textcolor{#23d18b}{\tt{passed}}$$	$$\textcolor{#ffa500}{\tt{skipped}}$$	SUBTOTAL
$$\textcolor{#23d18b}{\tt{tests/test\_oauth2.py}}$$	$$\textcolor{#23d18b}{\tt{15}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{15}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_centralized\_auth.py}}$$	$$\textcolor{#23d18b}{\tt{16}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{16}}$$
$$\textcolor{#ffa500}{\tt{tests/test\_data\_upload.py}}$$	$$\textcolor{#23d18b}{\tt{8}}$$	$$\textcolor{#ffa500}{\tt{1}}$$	$$\textcolor{#ffa500}{\tt{9}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_user\_token.py}}$$	$$\textcolor{#23d18b}{\tt{5}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{5}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_presigned\_url.py}}$$	$$\textcolor{#23d18b}{\tt{7}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{7}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_drs\_endpoint.py}}$$	$$\textcolor{#23d18b}{\tt{4}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{4}}$$
$$\textcolor{#ffa500}{\tt{tests/test\_dbgap.py}}$$	$$\textcolor{#23d18b}{\tt{4}}$$	$$\textcolor{#ffa500}{\tt{1}}$$	$$\textcolor{#ffa500}{\tt{5}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_ras\_authn.py}}$$	$$\textcolor{#23d18b}{\tt{3}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{3}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_oidc\_client.py}}$$	$$\textcolor{#23d18b}{\tt{2}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{2}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_client\_credentials.py}}$$	$$\textcolor{#23d18b}{\tt{1}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{1}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_google\_data\_access.py}}$$	$$\textcolor{#23d18b}{\tt{1}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{1}}$$
$$\textcolor{#23d18b}{\tt{tests/test\_audit\_service.py}}$$	$$\textcolor{#23d18b}{\tt{1}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#23d18b}{\tt{1}}$$
$$\textcolor{#ffa500}{\tt{tests/test\_register\_user.py}}$$	$$\textcolor{#666666}{\tt{0}}$$	$$\textcolor{#ffa500}{\tt{2}}$$	$$\textcolor{#ffa500}{\tt{2}}$$
$$\textcolor{#ffa500}{\tt{TOTAL}}$$	$$\textcolor{#23d18b}{\tt{67}}$$	$$\textcolor{#ffa500}{\tt{4}}$$	$$\textcolor{#ffa500}{\tt{71}}$$

Please find the detailed integration test report here

Please find the ci env pod logs here

Avantol13 · 2024-12-19T18:07:49Z

fence/error_handler.py

@@ -27,6 +28,11 @@ def get_error_response(error):
        )
    )

+    # TODO: Issue: Error messages are obfuscated, the line below needs be


Can we get this fixed before we merge?

Avantol13 · 2024-12-19T18:08:00Z

fence/blueprints/login/base.py

        self.app = app

+        # This block of code probably need to be made more concise


Can we do this cleanup before we merge?

Avantol13 · 2024-12-19T18:08:52Z

fence/job/access_token_updater.py

@@ -68,7 +96,8 @@ async def update_tokens(self, db_session):

        """
        start_time = time.time()
-        self.logger.info("Initializing Visa Update Cronjob . . .")
+        # Change this line to reflect we are refreshing tokens, not just visas


can we make this change?

Avantol13 · 2024-12-19T18:10:15Z

fence/job/access_token_updater.py

        # Initialize visa clients:
        oidc = config.get("OPENID_CONNECT", {})
+
+        if not isinstance(oidc, dict):


we try not to do type-checking explicitly, the Pythonic way is to treat things as they are expected to be and then error when it behaves unexpectedly.

Do you need this here? Can we move this to be a post-configuration check rather than runtime?

Avantol13 · 2024-12-19T18:13:49Z