upgrade to orchestrato-core v2

edce322f · Mohammad Torkashvand · 3cd22c24 · edce322f · edce322f · edce322f
Commit edce322f authored 11 months ago by Mohammad Torkashvand
--- a/gso/auth/opa.py
+++ b/gso/auth/opa.py
+from http import HTTPStatus
+
+from fastapi.exceptions import HTTPException
+from fastapi.params import Depends
+from httpx import AsyncClient, NetworkError
+from oauth2_lib.fastapi import OIDCUserModel, OPAAuthorization, OPAResult
+from oauth2_lib.settings import oauth2lib_settings
+from starlette.requests import Request
+from structlog import get_logger
+
+from gso.auth.oidc import oidc_instance
+
+logger = get_logger(__name__)
+
+
+class OPAAuthorization(OPAAuthorization):
+    _instance = None
+
+    def __new__(cls, *args, **kwargs):
+        if cls._instance is None:
+            cls._instance = super(OPAAuthorization, cls).__new__(cls)
+        return cls._instance
+
+    async def authorize(
+        self, request: Request, user_info: OIDCUserModel = Depends(oidc_instance.authenticate)
+    ) -> bool | None:
+        return await super().authorize(request, user_info)
+
+    async def get_decision(self, async_request: AsyncClient, opa_input: dict) -> OPAResult:
+        logger.debug("Posting input json to Policy agent", opa_url=self.opa_url, input=opa_input)
+        try:
+            result = await async_request.post(self.opa_url, json=opa_input)
+        except (NetworkError, TypeError) as exc:
+            logger.debug("Could not get decision from policy agent", error=str(exc))
+            raise HTTPException(status_code=HTTPStatus.SERVICE_UNAVAILABLE, detail="Policy agent is unavailable")
+
+        json_result = result.json()
+        logger.debug("Received decision from policy agent", decision=json_result)
+        return OPAResult(decision_id=json_result["decision_id"], result=json_result["result"]["allow"])
+
+
+opa_instance = OPAAuthorization(
+    opa_url=oauth2lib_settings.OPA_URL,
+)
--- a/gso/migrations/versions/2024-04-02_1ec810b289c0_add_orchestrator_2_1_2_migrations.py
+++ b/gso/migrations/versions/2024-04-02_1ec810b289c0_add_orchestrator_2_1_2_migrations.py
+"""remove subscription cancellation workflow.
+
+Revision ID: 1ec810b289c0
+Revises:
+Create Date: 2024-04-02 10:21:08.539591
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '1ec810b289c0'
+down_revision = '4ec89ab289c0'
+branch_labels = None
+# TODO: check it carefuly
+depends_on = '048219045729'  # in this revision, SURF has added a new columns to the workflow table like delted_at, so we need to add a dependency on the revision that added the columns to the workflow table.
+
+
+def upgrade() -> None:
+    pass
+
+
+def downgrade() -> None:
+    pass
+
--- a/log.txt
+++ b/log.txt
--- a/requirements.txt
+++ b/requirements.txt
-orchestrator-core==2.2.1
+orchestrator-core==2.1.2
 requests==2.31.0
 infoblox-client~=0.6.0
 pycountry==23.12.11

--- a/test/auth/test_oidc_policy_helper.py
+++ b/test/auth/test_oidc_policy_helper.py
@@ -7,13 +7,7 @@ from httpx import AsyncClient, NetworkError, Response

 from gso.auth.oidc_policy_helper import (
    OIDCConfig,
-    OIDCUser,
-    OIDCUserModel,
-    OPAResult,
-    _evaluate_decision,
-    _get_decision,
-    _is_callback_step_endpoint,
-    opa_decision,
+    OIDCUser, OIDCUserModel, OPAResult, opa_decision, _get_decision, _evaluate_decision, _is_callback_step_endpoint,
 )
 from gso.auth.settings import oauth2lib_settings