Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
GÉANT Service Orchestrator
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Jira
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
GÉANT Orchestration and Automation Team
GAP
GÉANT Service Orchestrator
Commits
f6dc5ba9
Commit
f6dc5ba9
authored
10 months ago
by
geant-release-service
Browse files
Options
Downloads
Plain Diff
Finished release 2.4.
parents
7cf14fc8
dd9c37a0
Branches
Branches containing commit
Tags
Tags containing commit
No related merge requests found
Pipeline
#87365
passed
10 months ago
Stage: tox
Stage: documentation
Stage: sonarqube
Changes
4
Pipelines
2
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
Changelog.md
+3
-0
3 additions, 0 deletions
Changelog.md
gso/auth/oidc_policy_helper.py
+6
-3
6 additions, 3 deletions
gso/auth/oidc_policy_helper.py
setup.py
+1
-1
1 addition, 1 deletion
setup.py
test/auth/test_oidc_policy_helper.py
+16
-3
16 additions, 3 deletions
test/auth/test_oidc_policy_helper.py
with
26 additions
and
7 deletions
Changelog.md
+
3
−
0
View file @
f6dc5ba9
...
...
@@ -2,6 +2,9 @@
All notable changes to this project will be documented in this file.
## [2.4] - 2024-06-25
-
Fixed the issue with client_credentials grant type token in Authentication part.
## [2.3] - 2024-06-19
-
Changed Modify IP trunk label to Modify ISIS
...
...
This diff is collapsed.
Click to expand it.
gso/auth/oidc_policy_helper.py
+
6
−
3
View file @
f6dc5ba9
...
...
@@ -239,11 +239,14 @@ class OIDCUser(HTTPBearer):
logger
.
info
(
"
User is not active
"
,
url
=
request
.
url
,
user_info
=
intercepted_token
)
raise
HTTPException
(
status_code
=
HTTPStatus
.
UNAUTHORIZED
,
detail
=
"
User is not active
"
)
user_info
=
await
self
.
userinfo
(
async_request
,
token
)
user_info
[
"
client_id
"
]
=
intercepted_token
.
get
(
"
client_id
"
)
client_id
=
intercepted_token
.
get
(
"
client_id
"
)
if
"
sub
"
not
in
intercepted_token
:
return
OIDCUserModel
(
client_id
=
client_id
)
user_info
=
await
self
.
userinfo
(
async_request
,
token
)
user_info
[
"
client_id
"
]
=
client_id
logger
.
debug
(
"
OIDCUserModel object.
"
,
intercepted_token
=
intercepted_token
)
return
user_info
async
def
check_openid_config
(
self
,
async_request
:
AsyncClient
)
->
None
:
...
...
This diff is collapsed.
Click to expand it.
setup.py
+
1
−
1
View file @
f6dc5ba9
...
...
@@ -4,7 +4,7 @@ from setuptools import find_packages, setup
setup
(
name
=
"
geant-service-orchestrator
"
,
version
=
"
2.
3
"
,
version
=
"
2.
4
"
,
author
=
"
GÉANT Orchestration and Automation Team
"
,
author_email
=
"
goat@geant.org
"
,
description
=
"
GÉANT Service Orchestrator
"
,
...
...
This diff is collapsed.
Click to expand it.
test/auth/test_oidc_policy_helper.py
+
16
−
3
View file @
f6dc5ba9
...
...
@@ -237,7 +237,7 @@ def test_evaluate_decision_deny_with_auto_error():
@pytest.mark.asyncio
()
async
def
test_oidc_user_call_with_token
(
oidc_user
,
mock_request
,
mock_async_client
):
oidc_user
.
introspect_token
=
AsyncMock
(
return_value
=
{
"
active
"
:
True
})
oidc_user
.
introspect_token
=
AsyncMock
(
return_value
=
{
"
active
"
:
True
,
"
sub
"
:
"
123
"
,
"
client_id
"
:
"
test_client
"
})
oidc_user
.
userinfo
=
AsyncMock
(
return_value
=
OIDCUserModel
({
"
sub
"
:
"
123
"
,
"
name
"
:
"
John Doe
"
}))
result
=
await
oidc_user
.
__call__
(
mock_request
,
token
=
"
test_token
"
)
# noqa: S106
...
...
@@ -245,11 +245,24 @@ async def test_oidc_user_call_with_token(oidc_user, mock_request, mock_async_cli
assert
isinstance
(
result
,
OIDCUserModel
)
assert
result
[
"
sub
"
]
==
"
123
"
assert
result
[
"
name
"
]
==
"
John Doe
"
assert
result
[
"
client_id
"
]
==
"
test_client
"
@pytest.mark.asyncio
()
async
def
test_oidc_user_call_with_client_credential_token
(
oidc_user
,
mock_request
,
mock_async_client
):
oidc_user
.
introspect_token
=
AsyncMock
(
return_value
=
{
"
active
"
:
True
})
oidc_user
.
userinfo
=
AsyncMock
(
return_value
=
OIDCUserModel
({
"
sub
"
:
"
123
"
,
"
name
"
:
"
John Doe
"
}))
result
=
await
oidc_user
.
__call__
(
mock_request
,
token
=
"
test_token
"
)
# noqa: S106
assert
isinstance
(
result
,
OIDCUserModel
)
assert
result
[
"
client_id
"
]
is
None
oidc_user
.
userinfo
.
assert_not_called
()
@pytest.mark.asyncio
()
async
def
test_oidc_user_call_inactive_token
(
oidc_user
,
mock_request
,
mock_async_client
):
oidc_user
.
introspect_token
=
AsyncMock
(
return_value
=
{
"
active
"
:
False
})
oidc_user
.
introspect_token
=
AsyncMock
(
return_value
=
{
"
active
"
:
False
,
"
sub
"
:
"
123
"
})
with
pytest
.
raises
(
HTTPException
)
as
exc_info
:
await
oidc_user
.
__call__
(
mock_request
,
token
=
"
test_token
"
)
# noqa: S106
...
...
@@ -278,7 +291,7 @@ async def test_oidc_user_call_token_from_request(oidc_user, mock_request, mock_a
mock_request
.
state
.
credentials
=
Mock
()
mock_request
.
state
.
credentials
.
credentials
=
"
request_token
"
oidc_user
.
introspect_token
=
AsyncMock
(
return_value
=
{
"
active
"
:
True
})
oidc_user
.
introspect_token
=
AsyncMock
(
return_value
=
{
"
active
"
:
True
,
"
sub
"
:
"
123
"
})
oidc_user
.
userinfo
=
AsyncMock
(
return_value
=
OIDCUserModel
({
"
sub
"
:
"
123
"
,
"
name
"
:
"
John Doe
"
}))
result
=
await
oidc_user
.
__call__
(
mock_request
)
# noqa: PLC2801
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment