From f51b294775a052f4614ca3a85e367ddbb816c408 Mon Sep 17 00:00:00 2001 From: Sunandadadi Date: Tue, 5 Mar 2024 12:27:12 -0500 Subject: [PATCH] oidc: use federated login service to sync quay teams (PROJQUAY-6741) --- data/users/externaloidc.py | 17 ++++++++--------- test/test_external_oidc.py | 13 +++++++------ 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/data/users/externaloidc.py b/data/users/externaloidc.py index 26a57bba8e..1cc2837110 100644 --- a/data/users/externaloidc.py +++ b/data/users/externaloidc.py @@ -58,9 +58,9 @@ def query_users(self, query, limit): """ No way to query users so returning empty list """ - return ([], self.federated_service, None) + return ([], self._federated_service, None) - def sync_oidc_groups(self, user_groups, user_obj, service_name): + def sync_oidc_groups(self, user_groups, user_obj): """ Adds user to quay teams that have team sync enabled with an OIDC group """ @@ -69,10 +69,10 @@ def sync_oidc_groups(self, user_groups, user_obj, service_name): for oidc_group in user_groups: # fetch TeamSync row if exists, for the oidc_group synced with the login service - synced_teams = team.get_oidc_team_from_groupname(oidc_group, service_name) + synced_teams = team.get_oidc_team_from_groupname(oidc_group, self._federated_service) if len(synced_teams) == 0: logger.debug( - f"OIDC group: {oidc_group} is either not synced with a team in quay or is not synced with the {service_name} service" + f"OIDC group: {oidc_group} is either not synced with a team in quay or is not synced with the {self._federated_service} service" ) continue @@ -100,13 +100,13 @@ def ping(self): """ return (True, None) - def resync_quay_teams(self, user_groups, user_obj, login_service_name): + def resync_quay_teams(self, user_groups, user_obj): """ Fetch quay teams that user is a member of. Remove user from teams that are synced with an OIDC group but group does not exist in "user_groups" """ # fetch user's quay teams that have team sync enabled - existing_user_teams = team.get_federated_user_teams(user_obj, login_service_name) + existing_user_teams = team.get_federated_user_teams(user_obj, self._federated_service) user_groups = user_groups or [] for user_team in existing_user_teams: try: @@ -129,7 +129,6 @@ def sync_user_groups(self, user_groups, user_obj, login_service): if not user_obj: return - service_name = login_service.service_id() - self.sync_oidc_groups(user_groups, user_obj, service_name) - self.resync_quay_teams(user_groups, user_obj, service_name) + self.sync_oidc_groups(user_groups, user_obj) + self.resync_quay_teams(user_groups, user_obj) return diff --git a/test/test_external_oidc.py b/test/test_external_oidc.py index c36265319c..d648a5dd64 100644 --- a/test/test_external_oidc.py +++ b/test/test_external_oidc.py @@ -47,6 +47,7 @@ def setUp(self): setup_database_for_testing(self) self.oidc_instance = self.fake_oidc() self.oidc_login_service = self.fake_oidc_login_service() + self.rhsso_login_service = self.fake_rhsso_login_service() def tearDown(self): finished_database_for_testing(self) @@ -64,11 +65,11 @@ def test_sync_for_empty_oidc_groups(self): assert model.team.add_user_to_team(user_obj, team_2) user_teams_before_sync = TeamMember.select().where(TeamMember.user == user_obj).count() - self.oidc_instance.sync_oidc_groups([], user_obj, "oidc") + self.oidc_instance.sync_oidc_groups([], user_obj) user_teams_after_sync = TeamMember.select().where(TeamMember.user == user_obj).count() assert user_teams_before_sync == user_teams_after_sync - self.oidc_instance.sync_oidc_groups(None, user_obj, "oidc") + self.oidc_instance.sync_oidc_groups(None, user_obj) user_teams_after_sync = TeamMember.select().where(TeamMember.user == user_obj).count() assert user_teams_before_sync == user_teams_after_sync @@ -103,7 +104,7 @@ def test_sync_for_non_empty_oidc_groups(self): "wrong_group_name", ] user_teams_before_sync = TeamMember.select().where(TeamMember.user == user_obj).count() - self.oidc_instance.sync_oidc_groups(user_groups, user_obj, "oidc") + self.oidc_instance.sync_oidc_groups(user_groups, user_obj) user_teams_after_sync = TeamMember.select().where(TeamMember.user == user_obj).count() @@ -113,7 +114,7 @@ def test_resync_for_empty_quay_teams(self): user_obj = model.user.get_user("devtable") user_teams_before_sync = TeamMember.select().where(TeamMember.user == user_obj).count() - self.oidc_instance.resync_quay_teams([], user_obj, "oidc") + self.oidc_instance.resync_quay_teams([], user_obj) user_teams_after_sync = TeamMember.select().where(TeamMember.user == user_obj).count() assert user_teams_before_sync == user_teams_after_sync @@ -130,7 +131,7 @@ def test_resync_for_empty_quay_teams(self): assert model.team.add_user_to_team(user_obj, team_2) user_teams_before_sync = TeamMember.select().where(TeamMember.user == user_obj).count() - self.oidc_instance.resync_quay_teams([], user_obj, "oidc") + self.oidc_instance.resync_quay_teams([], user_obj) user_teams_after_sync = TeamMember.select().where(TeamMember.user == user_obj).count() assert user_teams_before_sync == user_teams_after_sync @@ -157,7 +158,7 @@ def test_resync_for_non_empty_quay_teams(self): user_groups = ["test_org_1_team_1", "another_group"] # user should be removed from team_2 - self.oidc_instance.resync_quay_teams(user_groups, user_obj, "oidc") + self.oidc_instance.resync_quay_teams(user_groups, user_obj) assert ( TeamMember.select() .where(TeamMember.user == user_obj, TeamMember.team == team_2)