vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Remove password confirmation in config app

Browse source 
Small fix to manually clean up temp dir when creating new temp dir,
small fix to font awesome icons, change the jwt/keystone
validators to not use username/password
This commit is contained in:
Sam Chow 2018-07-17 10:57:56 -04:00
parent 496d94138c
commit f5a8116f5a
9 changed files with 61 additions and 96 deletions
Download patch file Download diff file Expand all files Collapse all files

17
util/config/validators/test/test_validate_keystone.py
View file

@ -3,7 +3,6 @@ import pytest
from util.config.validator import ValidatorContext
from util.config.validators import ConfigValidationException
from util.config.validators.validate_keystone import KeystoneValidator
from util.morecollections import AttrDict
from test.test_keystone_auth import fake_keystone
@ -29,13 +28,13 @@ def test_invalid_config(unvalidated_config, app):
KeystoneValidator.validate(ValidatorContext(unvalidated_config))
@pytest.mark.parametrize('username, password, expected_exception', [
('invaliduser', 'invalidpass', ConfigValidationException),
('cool.user', 'invalidpass', ConfigValidationException),
('invaliduser', 'somepass', ConfigValidationException),
('cool.user', 'password', None),
@pytest.mark.parametrize('admin_tenant_id, expected_exception', [
('somegroupid', None),
('groupwithnousers', ConfigValidationException),
('somegroupid', None),
('groupwithnousers', ConfigValidationException),
])
def test_validated_keystone(username, password, expected_exception, app):
def test_validated_keystone(admin_tenant_id, expected_exception, app):
with fake_keystone(2) as keystone_auth:
auth_url = keystone_auth.auth_url
@ -44,11 +43,9 @@ def test_validated_keystone(username, password, expected_exception, app):
config['KEYSTONE_AUTH_URL'] = auth_url
config['KEYSTONE_ADMIN_USERNAME'] = 'adminuser'
config['KEYSTONE_ADMIN_PASSWORD'] = 'adminpass'
config['KEYSTONE_ADMIN_TENANT'] = 'admintenant'
config['KEYSTONE_ADMIN_TENANT'] = admin_tenant_id
unvalidated_config = ValidatorContext(config)
unvalidated_config.user = AttrDict(dict(username=username))
unvalidated_config.user_password = password
if expected_exception is not None:
with pytest.raises(ConfigValidationException):

37
util/config/validators/validate_jwt.py
View file

@ -9,8 +9,6 @@ class JWTAuthValidator(BaseValidator):
def validate(cls, validator_context, public_key_path=None):
""" Validates the JWT authentication system. """
config = validator_context.config
user = validator_context.user
user_password = validator_context.user_password
http_client = validator_context.http_client
jwt_auth_max = validator_context.jwt_auth_max
config_provider = validator_context.config_provider
@ -31,10 +29,7 @@ class JWTAuthValidator(BaseValidator):
raise ConfigValidationException('Missing JWT Issuer ID')
# TODO(jschorr): fix this
return
override_config_directory = os.path.join(config_provider.get_config_root(), '../stack/')
override_config_directory = config_provider.get_config_dir_path()
# Try to instatiate the JWT authentication mechanism. This will raise an exception if
# the key cannot be found.
@ -45,31 +40,9 @@ class JWTAuthValidator(BaseValidator):
public_key_path=public_key_path,
requires_email=config.get('FEATURE_MAILING', True))
# Verify that the superuser exists. If not, raise an exception.
username = user.username
(result, err_msg) = users.verify_credentials(username, user_password)
# Verify that we can reach the jwt server
(result, err_msg) = users.ping()
if not result:
msg = ('Verification of superuser %s failed: %s. \n\nThe user either does not ' +
'exist in the remote authentication system ' +
'OR JWT auth is misconfigured') % (username, err_msg)
msg = ('Verification of JWT failed: %s. \n\nWe cannot reach the JWT server' +
'OR JWT auth is misconfigured') % err_msg
raise ConfigValidationException(msg)
# If the query endpoint exists, ensure we can query to find the current user and that we can
# look up users directly.
if query_endpoint:
(results, _, err_msg) = users.query_users(username)
if not results:
err_msg = err_msg or ('Could not find users matching query: %s' % username)
raise ConfigValidationException('Query endpoint is misconfigured or not returning ' +
'proper users: %s' % err_msg)
# Make sure the get user endpoint is also configured.
if not getuser_endpoint:
raise ConfigValidationException('The lookup user endpoint must be configured if the ' +
'query endpoint is set')
(result, err_msg) = users.get_user(username)
if not result:
err_msg = err_msg or ('Could not find user %s' % username)
raise ConfigValidationException('Lookup endpoint is misconfigured or not returning ' +
'properly: %s' % err_msg)

12
util/config/validators/validate_keystone.py
View file

@ -8,8 +8,6 @@ class KeystoneValidator(BaseValidator):
def validate(cls, validator_context):
""" Validates the Keystone authentication system. """
config = validator_context.config
user = validator_context.user
user_password = validator_context.user_password
if config.get('AUTHENTICATION_TYPE', 'Database') != 'Keystone':
return
@ -37,10 +35,10 @@ class KeystoneValidator(BaseValidator):
requires_email)
# Verify that the superuser exists. If not, raise an exception.
username = user.username
(result, err_msg) = users.verify_credentials(username, user_password)
(result, err_msg) = users.at_least_one_user_exists()
if not result:
msg = ('Verification of superuser %s failed: %s \n\nThe user either does not ' +
'exist in the remote authentication system ' +
'OR Keystone auth is misconfigured.') % (username, err_msg)
msg = ('Verification that users exist failed: %s. \n\nNo users exist ' +
'in the admin tenant/project ' +
'in the remote authentication system ' +
'OR Keystone auth is misconfigured.') % err_msg
raise ConfigValidationException(msg)