From edce322f82317e870ac85c1a9a19841939bd8c20 Mon Sep 17 00:00:00 2001
From: Mohammad Torkashvand <mohammad.torkashvand@geant.org>
Date: Tue, 2 Apr 2024 17:30:36 +0200
Subject: [PATCH] upgrade to orchestrato-core v2

---
 gso/auth/opa.py                               | 44 +++++++++++++++++++
 ...289c0_add_orchestrator_2_1_2_migrations.py | 23 ++++++++++
 log.txt                                       |  0
 requirements.txt                              |  2 +-
 test/auth/test_oidc_policy_helper.py          |  8 +---
 5 files changed, 69 insertions(+), 8 deletions(-)
 create mode 100644 gso/auth/opa.py
 create mode 100644 gso/migrations/versions/2024-04-02_1ec810b289c0_add_orchestrator_2_1_2_migrations.py
 create mode 100644 log.txt

diff --git a/gso/auth/opa.py b/gso/auth/opa.py
new file mode 100644
index 00000000..28c0cad8
--- /dev/null
+++ b/gso/auth/opa.py
@@ -0,0 +1,44 @@
+from http import HTTPStatus
+
+from fastapi.exceptions import HTTPException
+from fastapi.params import Depends
+from httpx import AsyncClient, NetworkError
+from oauth2_lib.fastapi import OIDCUserModel, OPAAuthorization, OPAResult
+from oauth2_lib.settings import oauth2lib_settings
+from starlette.requests import Request
+from structlog import get_logger
+
+from gso.auth.oidc import oidc_instance
+
+logger = get_logger(__name__)
+
+
+class OPAAuthorization(OPAAuthorization):
+    _instance = None
+
+    def __new__(cls, *args, **kwargs):
+        if cls._instance is None:
+            cls._instance = super(OPAAuthorization, cls).__new__(cls)
+        return cls._instance
+
+    async def authorize(
+        self, request: Request, user_info: OIDCUserModel = Depends(oidc_instance.authenticate)
+    ) -> bool | None:
+        return await super().authorize(request, user_info)
+
+    async def get_decision(self, async_request: AsyncClient, opa_input: dict) -> OPAResult:
+        logger.debug("Posting input json to Policy agent", opa_url=self.opa_url, input=opa_input)
+        try:
+            result = await async_request.post(self.opa_url, json=opa_input)
+        except (NetworkError, TypeError) as exc:
+            logger.debug("Could not get decision from policy agent", error=str(exc))
+            raise HTTPException(status_code=HTTPStatus.SERVICE_UNAVAILABLE, detail="Policy agent is unavailable")
+
+        json_result = result.json()
+        logger.debug("Received decision from policy agent", decision=json_result)
+        return OPAResult(decision_id=json_result["decision_id"], result=json_result["result"]["allow"])
+
+
+opa_instance = OPAAuthorization(
+    opa_url=oauth2lib_settings.OPA_URL,
+)
diff --git a/gso/migrations/versions/2024-04-02_1ec810b289c0_add_orchestrator_2_1_2_migrations.py b/gso/migrations/versions/2024-04-02_1ec810b289c0_add_orchestrator_2_1_2_migrations.py
new file mode 100644
index 00000000..aa9593a8
--- /dev/null
+++ b/gso/migrations/versions/2024-04-02_1ec810b289c0_add_orchestrator_2_1_2_migrations.py
@@ -0,0 +1,23 @@
+"""remove subscription cancellation workflow.
+
+Revision ID: 1ec810b289c0
+Revises:
+Create Date: 2024-04-02 10:21:08.539591
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '1ec810b289c0'
+down_revision = '4ec89ab289c0'
+branch_labels = None
+# TODO: check it carefuly
+depends_on = '048219045729'  # in this revision, SURF has added a new columns to the workflow table like delted_at, so we need to add a dependency on the revision that added the columns to the workflow table.
+
+
+def upgrade() -> None:
+    pass
+
+
+def downgrade() -> None:
+    pass
+
diff --git a/log.txt b/log.txt
new file mode 100644
index 00000000..e69de29b
diff --git a/requirements.txt b/requirements.txt
index 3463f0c5..a430ae38 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,4 @@
-orchestrator-core==2.2.1
+orchestrator-core==2.1.2
 requests==2.31.0
 infoblox-client~=0.6.0
 pycountry==23.12.11
diff --git a/test/auth/test_oidc_policy_helper.py b/test/auth/test_oidc_policy_helper.py
index 17bed723..844c08ff 100644
--- a/test/auth/test_oidc_policy_helper.py
+++ b/test/auth/test_oidc_policy_helper.py
@@ -7,13 +7,7 @@ from httpx import AsyncClient, NetworkError, Response
 
 from gso.auth.oidc_policy_helper import (
     OIDCConfig,
-    OIDCUser,
-    OIDCUserModel,
-    OPAResult,
-    _evaluate_decision,
-    _get_decision,
-    _is_callback_step_endpoint,
-    opa_decision,
+    OIDCUser, OIDCUserModel, OPAResult, opa_decision, _get_decision, _evaluate_decision, _is_callback_step_endpoint,
 )
 from gso.auth.settings import oauth2lib_settings
 
-- 
GitLab