Merge pull request #61 from dianagudu/prerel

v0.6.0
dianagudu · Jul 31, 2023 · 83103f7 · 83103f7 · github-actions · Aug 1, 2023
2 parents df121f7 + 89f8662
commit 83103f7
Show file tree

Hide file tree

Showing 13 changed files with 155 additions and 71 deletions.
diff --git a/.bumpversion.cfg b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.5.3
+current_version = 0.6.0
 commit = True
 tag = False
 

diff --git a/Makefile b/Makefile
@@ -102,7 +102,8 @@ dockerised_all_packages: dockerised_deb_debian_buster\
 	dockerised_rpm_centos_stream\
 	dockerised_rpm_rocky8.5\
 	dockerised_rpm_rocky8\
-	dockerised_rpm_opensuse15.3\
+	dockerised_rpm_opensuse15.4\
+	dockerised_rpm_opensuse15.5\
 	dockerised_rpm_opensuse_tumbleweed
 
 .PHONY: docker_images
@@ -116,7 +117,8 @@ docker_images: docker_rocky8.5\
 	docker_debian_bookworm\
 	docker_ubuntu_bionic\
 	docker_ubuntu_focal\
-	docker_opensuse15.3\
+	docker_opensuse15.4\
+	docker_opensuse15.5\
 	docker_opensuse_tumbleweed
 
 .PHONY: docker_debian_buster
@@ -212,13 +214,20 @@ docker_rocky8:
 	"RUN yum install -y make rpm-build\n" \
 	"RUN dnf -y group install \"Development Tools\"\n" | \
 	docker build --tag rocky8 -f -  .  >> docker.log
-.PHONY: docker_opensuse15.3
-docker_opensuse15.3:
-	@echo -e "\nopensuse-15.3"
-	@echo -e "FROM registry.opensuse.org/opensuse/leap:15.3\n"\
+.PHONY: docker_opensuse15.4
+docker_opensuse15.4:
+	@echo -e "\nopensuse-15.4"
+	@echo -e "FROM registry.opensuse.org/opensuse/leap:15.4\n"\
 	"RUN zypper -n install make rpm-build\n" \
 	"RUN zypper -n install -t pattern devel_C_C++" | \
-	docker build --tag opensuse15.3 -f -  .  >> docker.log
+	docker build --tag opensuse15.4 -f -  .  >> docker.log
+.PHONY: docker_opensuse15.5
+docker_opensuse15.5:
+	@echo -e "\nopensuse-15.5"
+	@echo -e "FROM registry.opensuse.org/opensuse/leap:15.5\n"\
+	"RUN zypper -n install make rpm-build\n" \
+	"RUN zypper -n install -t pattern devel_C_C++" | \
+	docker build --tag opensuse15.5 -f -  .  >> docker.log
 .PHONY: docker_opensuse_tumbleweed
 docker_opensuse_tumbleweed:
 	@echo -e "\nopensuse_tumbleweed"
@@ -238,7 +247,8 @@ docker_sle15:
 docker_clean:
 	docker image rm sle15 || true
 	docker image rm	opensuse_tumbleweed || true
-	docker image rm	opensuse15.3 || true
+	docker image rm	opensuse15.4 || true
+	docker image rm	opensuse15.5 || true
 	docker image rm rocky8.5 || true
 	docker image rm rocky8 || true
 	docker image rm	centos7 || true
@@ -310,11 +320,17 @@ dockerised_rpm_rocky8: docker_rocky8
 	@docker run --tty --rm -v ${DOCKER_BASE}:/home/build rocky8 \
 		/home/build/${PACKAGE}/build.sh ${PACKAGE} rocky8 ${PKG_NAME} > $@.log
 
-.PHONY: dockerised_rpm_opensuse15.3
-dockerised_rpm_opensuse15.3: docker_opensuse15.3
+.PHONY: dockerised_rpm_opensuse15.4
+dockerised_rpm_opensuse15.4: docker_opensuse15.4
+	@echo "Writing build log to $@.log"
+	@docker run --tty --rm -v ${DOCKER_BASE}:/home/build opensuse15.4 \
+		/home/build/${PACKAGE}/build.sh ${PACKAGE} opensuse15.4 ${PKG_NAME} > $@.log
+
+.PHONY: dockerised_rpm_opensuse15.5
+dockerised_rpm_opensuse15.5: docker_opensuse15.5
 	@echo "Writing build log to $@.log"
-	@docker run --tty --rm -v ${DOCKER_BASE}:/home/build opensuse15.3 \
-		/home/build/${PACKAGE}/build.sh ${PACKAGE} opensuse15.3 ${PKG_NAME} > $@.log
+	@docker run --tty --rm -v ${DOCKER_BASE}:/home/build opensuse15.5 \
+		/home/build/${PACKAGE}/build.sh ${PACKAGE} opensuse15.5 ${PKG_NAME} > $@.log
 
 .PHONY: dockerised_rpm_opensuse_tumbleweed
 dockerised_rpm_opensuse_tumbleweed: docker_opensuse_tumbleweed
@@ -341,7 +357,8 @@ publish-to-repo:
 	@scp ../results/debian_bookworm/* [email protected]:/var/www/debian/bookworm
 	@scp ../results/ubuntu_bionic/* [email protected]:/var/www/ubuntu/bionic 
 	@scp ../results/ubuntu_focal/* [email protected]:/var/www/ubuntu/focal
-	@scp ../results/opensuse15.3/* [email protected]:/var/www/suse/opensuse-leap-15.3
+	@scp ../results/opensuse15.4/* [email protected]:/var/www/suse/opensuse-leap-15.4
+	@scp ../results/opensuse15.5/* [email protected]:/var/www/suse/opensuse-leap-15.5
 	@scp ../results/opensuse_tumbleweed/* [email protected]:/var/www/suse/opensuse-tumbleweed
 	#@scp ../results/sle15/* [email protected]:/var/www/suse/sle15
 

diff --git a/build.sh b/build.sh
@@ -88,6 +88,17 @@ centos7_install_dependencies() {
     pip install virtualenv
 }
 opensuse15_install_dependencies() {
+    zypper -n install libcurl-devel pam-devel zypper audit-devel git \
+        python311 python311-devel python311-pip python311-setuptools
+    zypper -n install policycoreutils
+    zypper -n install python3-policycoreutils
+    pip3.11 install -U pip
+    pip3 install virtualenv || {
+        /usr/local/bin/pip3 install virtualenv
+    }
+    git config --global --add safe.directory /tmp/build/$PACKAGE
+}
+opensuse154_install_dependencies() {
     zypper -n install libcurl-devel pam-devel zypper audit-devel git \
         python39 python39-devel python39-pip python39-setuptools
     zypper -n install policycoreutils
@@ -146,11 +157,16 @@ case "$DIST" in
         rpm_build_package
         rpm_copy_output
     ;;
-    opensuse15*|opensuse_tumbleweed|sle*)
+    opensuse15.5|opensuse_tumbleweed|sle*)
         opensuse15_install_dependencies
         rpm_build_package
         rpm_copy_output
     ;;
+    opensuse15.4)
+        opensuse154_install_dependencies
+        rpm_build_package
+        rpm_copy_output
+    ;;
 esac
 
 common_fix_output_permissions
diff --git a/debian/changelog b/debian/changelog
@@ -1,4 +1,4 @@
-motley-cue (0.5.3-1) UNRELEASED; urgency=medium
+motley-cue (0.6.0-1) UNRELEASED; urgency=medium
 
   [ Marcus Hardt ]
   * Initial go for packageing

diff --git a/etc/feudal_adapter.conf b/etc/feudal_adapter.conf
@@ -276,6 +276,13 @@ deploy_user_ssh_keys = no
 # If set to yes, we will use the punch4nfdi-specific method to translate group names
 # punch4nfdi = no
 
+## post_create_script -- default: None
+## A script to be executed after a user has been created
+# this script can be a shell script or a python script
+# and will be run with root privileges
+# the script will be called with the username as the first and only argument
+# post_create_script = /path/to/script.sh
+
 [backend.bwidm]
 # Configuration for the bwidm backend
 
@@ -297,6 +304,13 @@ http_pass = bar
 # The name of the service the user should be added to on BWIDM:
 service_name = sshtest
 
+## post_create_script -- default: None
+## A script to be executed after a user has been created
+# this script can be a shell script or a python script
+# and will be run with root privileges
+# the script will be called with the username as the first and only argument
+# post_create_script = /path/to/script.sh
+
 [backend.ldap]
 # Configuration for the ldap backend
 
@@ -325,7 +339,8 @@ host = ldap_server
 # admin_password = adminpassword
 
 # set to true if tls is enabled; default: False
-# not supported yet
+# if set to true, the protocol will be ldaps://
+# if set to false, the protocol will be ldap://
 # tls = False
 
 # ldap base for user namespace; default: ou=users,dc=example
@@ -358,3 +373,10 @@ host = ldap_server
 ## GID range -- default 1000 -> 60000
 # gid_min = 1000
 # gid_max = 60000
+
+## post_create_script -- default: None
+## A script to be executed after a user has been created
+# this script can be a shell script or a python script
+# and will be run with root privileges
+# the script will be called with the username as the first and only argument
+# post_create_script = /path/to/script.sh
diff --git a/motley_cue/VERSION b/motley_cue/VERSION
@@ -1 +1 @@
-0.5.3
+0.6.0
diff --git a/motley_cue/api.py b/motley_cue/api.py
@@ -2,7 +2,7 @@
 This module contains the definition of motley_cue's REST API.
 """
 from fastapi import FastAPI, Depends, Request, Query, Header
-from fastapi.exceptions import RequestValidationError
+from fastapi.exceptions import RequestValidationError, ResponseValidationError
 from fastapi.responses import HTMLResponse
 from pydantic import ValidationError
 
@@ -28,6 +28,7 @@
 api.include_router(admin.api, tags=["admin"])
 api.add_exception_handler(RequestValidationError, request_validation_exception_handler)
 api.add_exception_handler(ValidationError, validation_exception_handler)
+api.add_exception_handler(ResponseValidationError, validation_exception_handler)
 
 
 @api.get("/")

diff --git a/motley_cue/dependencies.py b/motley_cue/dependencies.py
@@ -1,10 +1,11 @@
 """Module containing global mapper object created from default configuration files.
 """
 from typing import Optional
-from pydantic import BaseSettings, validator
+from pydantic import field_validator
 
 from ._version import __version__
 from .mapper import Mapper, Config
+from pydantic_settings import BaseSettings
 
 
 class Settings(BaseSettings):
@@ -18,14 +19,16 @@ class Settings(BaseSettings):
     docs_url: Optional[str] = None
     redoc_url: Optional[str] = None
 
-    @validator("openapi_url", allow_reuse=True)
+    @field_validator("openapi_url")
+    @classmethod
     def must_start_with_slash(cls, url):
         """validate URLs: must start with a '/'"""
         if not url.startswith("/"):
             raise ValueError("Routed paths must start with '/'")
         return url
 
-    @validator("docs_url", "redoc_url", allow_reuse=True)
+    @field_validator("docs_url", "redoc_url")
+    @classmethod
     def must_start_with_slash_or_none(cls, url):
         """validate URLs: must start with a '/' or be None."""
         if url is not None and not url.startswith("/"):

diff --git a/motley_cue/models.py b/motley_cue/models.py
@@ -11,8 +11,8 @@
 class InfoOp:
     """Data model for responses on the /info/op endpoint."""
 
-    scopes: Optional[List[str]] = Field([], example=["openid", "profile", "email"])
-    audience: Optional[Union[str, List[str]]] = Field("", example="ssh_localhost")
+    scopes: Optional[List[str]] = Field([], examples=[["openid", "profile", "email"]])
+    audience: Optional[Union[str, List[str]]] = Field("", examples=["ssh_localhost"])
 
 
 @dataclass
@@ -21,31 +21,37 @@ class Info:
 
     login_info: dict = Field(
         ...,
-        example={
-            "description": "Local SSH Test Service",
-            "login_help": "Login via `mccli ssh {login_host}`.",
-            "ssh_host": "localhost",
-        },
+        examples=[
+            {
+                "description": "Local SSH Test Service",
+                "login_help": "Login via `mccli ssh {login_host}`.",
+                "ssh_host": "localhost",
+            }
+        ],
     )
     supported_OPs: list = Field(  # pylint: disable=invalid-name
         ...,
-        example=[
-            "https://aai.egi.eu/oidc",
-            "https://login.helmholtz.de/oauth2",
+        examples=[
+            [
+                "https://aai.egi.eu/oidc",
+                "https://login.helmholtz.de/oauth2",
+            ]
         ],
     )
     ops_info: Dict[str, InfoOp] = Field(
         {},
-        example={
-            "https://aai.egi.eu/oidc": {
-                "scopes": ["openid", "profile", "email"],
-                "audience": "ssh_localhost",
-            },
-            "https://login.helmholtz.de/oauth2": {
-                "scopes": ["openid", "profile", "email"],
-                "audience": "ssh_localhost",
-            },
-        },
+        examples=[
+            {
+                "https://aai.egi.eu/oidc": {
+                    "scopes": ["openid", "profile", "email"],
+                    "audience": "ssh_localhost",
+                },
+                "https://login.helmholtz.de/oauth2": {
+                    "scopes": ["openid", "profile", "email"],
+                    "audience": "ssh_localhost",
+                },
+            }
+        ],
     )
 
 
@@ -54,26 +60,26 @@ class InfoAuthorisation:
     """Data model for responses on the /info/authorisation endpoint."""
 
     OP: str = Field(
-        ..., example="https://wlcg.cloud.cnaf.infn.it/"
+        ..., examples=["https://wlcg.cloud.cnaf.infn.it/"]
     )  # pylint: disable=invalid-name
     authorisation_type: str = Field(
-        ..., example=AuthorisationType.VO_BASED.description()["authorisation_type"]
+        ..., examples=[AuthorisationType.VO_BASED.description()["authorisation_type"]]
     )
     authorisation_info: str = Field(
-        ..., example=AuthorisationType.VO_BASED.description()["authorisation_info"]
+        ..., examples=[AuthorisationType.VO_BASED.description()["authorisation_info"]]
     )
     supported_VOs: Optional[list] = Field(
-        [], example=["/wlcg"]
+        [], examples=[["/wlcg"]]
     )  # pylint: disable=invalid-name
-    audience: Optional[Union[str, List[str]]] = Field("", example="ssh_localhost")
+    audience: Optional[Union[str, List[str]]] = Field("", examples=["ssh_localhost"])
 
 
 @dataclass
 class VerifyUser:
     """Data model for responses on the /verify_user endpoint."""
 
-    state: str = Field(..., example="deployed")
-    verified: bool = Field(..., example=True)
+    state: str = Field(..., examples=["deployed"])
+    verified: bool = Field(..., examples=[True])
 
 
 @dataclass
@@ -82,17 +88,21 @@ class FeudalResponse:
     on any /user/* and /admin/* endpoints.
     """
 
-    state: str = Field(..., example="deployed")
-    message: str = Field(..., example="User was created and was added to groups wlcg.")
+    state: str = Field(..., examples=["deployed"])
+    message: str = Field(
+        ..., examples=["User was created and was added to groups wlcg."]
+    )
     credentials: Optional[dict] = Field(
         {},
-        example={
-            "commandline": "ssh wlcg001@localhost",
-            "description": "Local SSH Test Service",
-            "login_help": "Login via `mccli ssh {login_host}`.",
-            "ssh_host": "localhost",
-            "ssh_user": "wlcg001",
-        },
+        examples=[
+            {
+                "commandline": "ssh wlcg001@localhost",
+                "description": "Local SSH Test Service",
+                "login_help": "Login via `mccli ssh {login_host}`.",
+                "ssh_host": "localhost",
+                "ssh_user": "wlcg001",
+            }
+        ],
     )
 
 
@@ -104,9 +114,9 @@ class OTPResponse:
     whether the OTP generation and storage succeeded.
     """
 
-    supported: bool = Field(..., example=True)
-    successful: bool = Field(False, example=True)
-    # message: Optional[str] = Field("", example="OTPs not supported.")
+    supported: bool = Field(..., examples=[True])
+    successful: bool = Field(False, examples=[True])
+    # message: Optional[str] = Field("", examples=["OTPs not supported.")
 
 
 @dataclass

diff --git a/requirements.txt b/requirements.txt
@@ -1,8 +1,10 @@
-feudalAdapter>=0.5.3
-flaat>=1.1.5
+feudalAdapter>=0.6.0
+flaat>=1.1.10
 fastapi==0.*
 uvicorn[standard]==0.*
 gunicorn==20.*
 sqlitedict==2.*
-cryptography>=38.0.3
+cryptography==41.*
 markdown==3.*
+pydantic-settings==2.*
+pydantic==2.*
File	Stmts	Branches	Funcs	Lines	Uncovered Lines
motley_cue
__init__.py	100%	100%	100%	100%
__main__.py	0%	100%	100%	0%	11–12, 3, 6, 8
_version.py	100%	100%	100%	100%
api.py	97.22%	100%	100%	97.22%	148
dependencies.py	96%	100%	100%	96%	27
models.py	100%	100%	100%	100%
static.py	33.33%	100%	100%	33.33%	38–39, 41–44
motley_cue/mapper
__init__.py	61.70%	100%	100%	61.70%	105, 127, 134–137, 143–144, 150–151, 157–159, 167, 173, 180–181, 190–191, 195, 198–204, 29–30, 32–33, 36, 38, 56, 93, 99
authorisation.py	91.51%	100%	100%	91.51%	138–140, 146, 204, 40, 53, 66, 99
config.py	83.19%	100%	100%	83.19%	103, 106–110, 120–128, 143–147, 151–152, 191–194, 203–205, 228, 258, 261–263, 265, 269, 344, 89
exceptions.py	97.06%	100%	100%	97.06%	26
local_user_management.py	90.11%	100%	100%	90.11%	160–161, 163–167, 74–75
token_manager.py	95.31%	100%	100%	95.31%	164, 201, 243, 278, 377, 379, 383, 397, 450–451, 63–64, 68
motley_cue/routers
__init__.py	100%	100%	100%	100%
admin.py	100%	100%	100%	100%
user.py	100%	100%	100%	100%