oidc: use federated login service to sync quay teams (PROJQUAY-6741)

data/users/externaloidc.py

@@ -58,9 +58,9 @@ def query_users(self, query, limit):
         """
         No way to query users so returning empty list
         """
-        return ([], self.federated_service, None)
+        return ([], self._federated_service, None)
 
-    def sync_oidc_groups(self, user_groups, user_obj, service_name):
+    def sync_oidc_groups(self, user_groups, user_obj):
         """
         Adds user to quay teams that have team sync enabled with an OIDC group
         """
@@ -69,10 +69,10 @@ def sync_oidc_groups(self, user_groups, user_obj, service_name):
 
         for oidc_group in user_groups:
             # fetch TeamSync row if exists, for the oidc_group synced with the login service
-            synced_teams = team.get_oidc_team_from_groupname(oidc_group, service_name)
+            synced_teams = team.get_oidc_team_from_groupname(oidc_group, self._federated_service)
             if len(synced_teams) == 0:
                 logger.debug(
-                    f"OIDC group: {oidc_group} is either not synced with a team in quay or is not synced with the {service_name} service"
+                    f"OIDC group: {oidc_group} is either not synced with a team in quay or is not synced with the {self._federated_service} service"
                 )
                 continue
 
@@ -100,13 +100,13 @@ def ping(self):
         """
         return (True, None)
 
-    def resync_quay_teams(self, user_groups, user_obj, login_service_name):
+    def resync_quay_teams(self, user_groups, user_obj):
         """
         Fetch quay teams that user is a member of.
         Remove user from teams that are synced with an OIDC group but group does not exist in "user_groups"
         """
         # fetch user's quay teams that have team sync enabled
-        existing_user_teams = team.get_federated_user_teams(user_obj, login_service_name)
+        existing_user_teams = team.get_federated_user_teams(user_obj, self._federated_service)
         user_groups = user_groups or []
         for user_team in existing_user_teams:
             try:
@@ -129,7 +129,6 @@ def sync_user_groups(self, user_groups, user_obj, login_service):
         if not user_obj:
             return
 
-        service_name = login_service.service_id()
-        self.sync_oidc_groups(user_groups, user_obj, service_name)
-        self.resync_quay_teams(user_groups, user_obj, service_name)
+        self.sync_oidc_groups(user_groups, user_obj)
+        self.resync_quay_teams(user_groups, user_obj)
         return

test/test_external_oidc.py

@@ -47,6 +47,7 @@ def setUp(self):
         setup_database_for_testing(self)
         self.oidc_instance = self.fake_oidc()
         self.oidc_login_service = self.fake_oidc_login_service()
+        self.rhsso_login_service = self.fake_rhsso_login_service()
 
     def tearDown(self):
         finished_database_for_testing(self)
@@ -64,11 +65,11 @@ def test_sync_for_empty_oidc_groups(self):
         assert model.team.add_user_to_team(user_obj, team_2)
 
         user_teams_before_sync = TeamMember.select().where(TeamMember.user == user_obj).count()
-        self.oidc_instance.sync_oidc_groups([], user_obj, "oidc")
+        self.oidc_instance.sync_oidc_groups([], user_obj)
         user_teams_after_sync = TeamMember.select().where(TeamMember.user == user_obj).count()
         assert user_teams_before_sync == user_teams_after_sync
 
-        self.oidc_instance.sync_oidc_groups(None, user_obj, "oidc")
+        self.oidc_instance.sync_oidc_groups(None, user_obj)
         user_teams_after_sync = TeamMember.select().where(TeamMember.user == user_obj).count()
         assert user_teams_before_sync == user_teams_after_sync
 
@@ -103,7 +104,7 @@ def test_sync_for_non_empty_oidc_groups(self):
             "wrong_group_name",
         ]
         user_teams_before_sync = TeamMember.select().where(TeamMember.user == user_obj).count()
-        self.oidc_instance.sync_oidc_groups(user_groups, user_obj, "oidc")
+        self.oidc_instance.sync_oidc_groups(user_groups, user_obj)
 
         user_teams_after_sync = TeamMember.select().where(TeamMember.user == user_obj).count()
 
@@ -113,7 +114,7 @@ def test_resync_for_empty_quay_teams(self):
         user_obj = model.user.get_user("devtable")
 
         user_teams_before_sync = TeamMember.select().where(TeamMember.user == user_obj).count()
-        self.oidc_instance.resync_quay_teams([], user_obj, "oidc")
+        self.oidc_instance.resync_quay_teams([], user_obj)
         user_teams_after_sync = TeamMember.select().where(TeamMember.user == user_obj).count()
         assert user_teams_before_sync == user_teams_after_sync
 
@@ -130,7 +131,7 @@ def test_resync_for_empty_quay_teams(self):
         assert model.team.add_user_to_team(user_obj, team_2)
 
         user_teams_before_sync = TeamMember.select().where(TeamMember.user == user_obj).count()
-        self.oidc_instance.resync_quay_teams([], user_obj, "oidc")
+        self.oidc_instance.resync_quay_teams([], user_obj)
         user_teams_after_sync = TeamMember.select().where(TeamMember.user == user_obj).count()
         assert user_teams_before_sync == user_teams_after_sync
 
@@ -157,7 +158,7 @@ def test_resync_for_non_empty_quay_teams(self):
 
         user_groups = ["test_org_1_team_1", "another_group"]
         # user should be removed from team_2
-        self.oidc_instance.resync_quay_teams(user_groups, user_obj, "oidc")
+        self.oidc_instance.resync_quay_teams(user_groups, user_obj)
         assert (
             TeamMember.select()
             .where(TeamMember.user == user_obj, TeamMember.team == team_2)