#242 koji_block_retired: Add kerberos authentication for koji
Merged 2 months ago by kevin. Opened 2 months ago by lenkaseg.
fedora-infra/ lenkaseg/toddlers koji_retired_packages  into  staging

@@ -80,7 +80,11 @@ 

          message = MagicMock()

          message.body = {"commit": {"stats": {"files": {}}}}

          config = MagicMock()

-         config = {"koji_url": "https://example.koji.org"}

+         config = {

+             "koji_url": "https://example.koji.org",

+             "principal": "principal",

+             "keytab": "keytab",

+         }

          self.toddler_cls.process_block_retired(config, message)

          assert caplog.records[-1].message == "No dead.package in the commit, bailing"

  
@@ -96,7 +100,11 @@ 

              }

          }

          config = MagicMock()

-         config = {"koji_url": "https://example.koji.org"}

+         config = {

+             "koji_url": "https://example.koji.org",

+             "principal": "principal",

+             "keytab": "keytab",

+         }

          self.toddler_cls.process_block_retired(config, message)

          assert caplog.records[-1].message == "dead.package file was not added, bailing"

  
@@ -116,7 +124,11 @@ 

              }

          }

          config = MagicMock()

-         config = {"koji_url": "https://example.koji.org"}

+         config = {

+             "koji_url": "https://example.koji.org",

+             "principal": "principal",

+             "keytab": "keytab",

+         }

          self.toddler_cls.process_block_retired(config, message)

          self.toddler_cls.koji_session.packageListBlock.assert_called_once_with(

              taginfo="f41",
@@ -138,7 +150,11 @@ 

              }

          }

          config = MagicMock()

-         config = {"koji_url": "https://example.koji.org"}

+         config = {

+             "koji_url": "https://example.koji.org",

+             "principal": "principal",

+             "keytab": "keytab",

+         }

          self.toddler_cls.process_block_retired(config, message)

          self.toddler_cls.koji_session.packageListBlock.assert_called_once_with(

              taginfo="f38",
@@ -159,7 +175,11 @@ 

              }

          }

          config = MagicMock()

-         config = {"koji_url": "https://example.koji.org"}

+         config = {

+             "koji_url": "https://example.koji.org",

+             "principal": "principal",

+             "keytab": "keytab",

+         }

          self.toddler_cls.koji_session.packageListBlock.side_effect = koji.GenericError(

              "Failed"

          )
@@ -183,7 +203,11 @@ 

              }

          }

          config = MagicMock()

-         config = {"koji_url": "https://example.stg.koji.org"}

+         config = {

+             "koji_url": "https://example.koji.org",

+             "principal": "principal",

+             "keytab": "keytab",

+         }

          self.toddler_cls.koji_session.packageListBlock.side_effect = koji.GenericError(

              "Failed"

          )

file modified
+4
@@ -85,6 +85,10 @@ 

  # Base URL for the Koji build system

  koji_url = "https://koji.fedoraproject.org"

  

+ # Credentials for koji session

+ principal = "insert_principal"

+ keytab = "path_to_file"

+ 

  # Base URL for the Koji package db

  kojipkgs_url = "https://kojipkgs.fedoraproject.org"

  

@@ -35,9 +35,10 @@ 

      def __init__(self):

          self.koji_session = None

  

-     def _create_session(self, koji_url):

+     def _create_session(self, koji_url, principal, keytab):

          """Makes a koji session, that handles logging in"""

          self.koji_session = koji.ClientSession(koji_url)

+         self.koji_session.gssapi_login(principal=principal, keytab=keytab)

  

      def get_rawhide_tag(self):

          releases = []
@@ -71,6 +72,8 @@ 

          msg = message.body

  

          koji_url = f"{config['koji_url']}/kojihub"

+         principal = config["principal"]

+         keytab = config["keytab"]

  

          # If there is no dead.package file in commit, then it can be ignored

          if "dead.package" not in msg["commit"]["stats"]["files"]:
@@ -97,7 +100,7 @@ 

          _log.info("Processing Koji block retired for %s", repo)

  

          if self.koji_session is None:

-             self._create_session(koji_url)

+             self._create_session(koji_url, principal, keytab)

  

          # Untag builds first due to koji/mash bug:

          # https://fedorahosted.org/koji/ticket/299