#247 koji_block_retired: Add kerberos authentication for koji
Closed a month ago by lenkaseg. Opened 2 months ago by lenkaseg.
fedora-infra/ lenkaseg/toddlers koji_prod  into  production

@@ -80,7 +80,11 @@ 

          message = MagicMock()

          message.body = {"commit": {"stats": {"files": {}}}}

          config = MagicMock()

-         config = {"koji_url": "https://example.koji.org"}

+         config = {

+             "koji_url": "https://example.koji.org",

+             "principal": "principal",

+             "keytab": "keytab",

+         }

          self.toddler_cls.process_block_retired(config, message)

          assert caplog.records[-1].message == "No dead.package in the commit, bailing"

  
@@ -96,7 +100,11 @@ 

              }

          }

          config = MagicMock()

-         config = {"koji_url": "https://example.koji.org"}

+         config = {

+             "koji_url": "https://example.koji.org",

+             "principal": "principal",

+             "keytab": "keytab",

+         }

          self.toddler_cls.process_block_retired(config, message)

          assert caplog.records[-1].message == "dead.package file was not added, bailing"

  
@@ -116,7 +124,11 @@ 

              }

          }

          config = MagicMock()

-         config = {"koji_url": "https://example.koji.org"}

+         config = {

+             "koji_url": "https://example.koji.org",

+             "principal": "principal",

+             "keytab": "keytab",

+         }

          self.toddler_cls.process_block_retired(config, message)

          self.toddler_cls.koji_session.packageListBlock.assert_called_once_with(

              taginfo="f41",
@@ -138,7 +150,11 @@ 

              }

          }

          config = MagicMock()

-         config = {"koji_url": "https://example.koji.org"}

+         config = {

+             "koji_url": "https://example.koji.org",

+             "principal": "principal",

+             "keytab": "keytab",

+         }

          self.toddler_cls.process_block_retired(config, message)

          self.toddler_cls.koji_session.packageListBlock.assert_called_once_with(

              taginfo="f38",
@@ -159,12 +175,15 @@ 

              }

          }

          config = MagicMock()

-         config = {"koji_url": "https://example.koji.org"}

+         config = {

+             "koji_url": "https://example.koji.org",

+             "principal": "principal",

+             "keytab": "keytab",

+         }

          self.toddler_cls.koji_session.packageListBlock.side_effect = koji.GenericError(

              "Failed"

          )

-         with pytest.raises(koji.GenericError):

-             self.toddler_cls.process_block_retired(config, message)

+         self.toddler_cls.process_block_retired(config, message)

          assert (

              caplog.records[-1].message

              == "Failed to block retired package example-repo on branch f38: Failed"
@@ -184,12 +203,15 @@ 

              }

          }

          config = MagicMock()

-         config = {"koji_url": "https://example.stg.koji.org"}

+         config = {

+             "koji_url": "https://example.koji.org",

+             "principal": "principal",

+             "keytab": "keytab",

+         }

          self.toddler_cls.koji_session.packageListBlock.side_effect = koji.GenericError(

              "Failed"

          )

-         with pytest.raises(koji.GenericError):

-             self.toddler_cls.process_block_retired(config, message)

+         self.toddler_cls.process_block_retired(config, message)

          assert (

              caplog.records[-1].message

              == "Failed to block retired package example-epel-repo on branch f38: Failed"

file modified
+4
@@ -85,6 +85,10 @@ 

  # Base URL for the Koji build system

  koji_url = "https://koji.fedoraproject.org"

  

+ # Credentials for koji session

+ principal = "insert_principal"

+ keytab = "path_to_file"

+ 

  # Base URL for the Koji package db

  kojipkgs_url = "https://kojipkgs.fedoraproject.org"

  

@@ -35,9 +35,10 @@ 

      def __init__(self):

          self.koji_session = None

  

-     def _create_session(self, koji_url):

+     def _create_session(self, koji_url, principal, keytab):

          """Makes a koji session, that handles logging in"""

          self.koji_session = koji.ClientSession(koji_url)

+         self.koji_session.gssapi_login(principal=principal, keytab=keytab)

  

      def get_rawhide_tag(self):

          releases = []
@@ -70,7 +71,9 @@ 

          """

          msg = message.body

  

-         koji_url = config["koji_url"]

+         koji_url = f"{config['koji_url']}/kojihub"

+         principal = config["principal"]

+         keytab = config["keytab"]

  

          # If there is no dead.package file in commit, then it can be ignored

          if "dead.package" not in msg["commit"]["stats"]["files"]:
@@ -97,7 +100,7 @@ 

          _log.info("Processing Koji block retired for %s", repo)

  

          if self.koji_session is None:

-             self._create_session(koji_url)

+             self._create_session(koji_url, principal, keytab)

  

          # Untag builds first due to koji/mash bug:

          # https://fedorahosted.org/koji/ticket/299
@@ -108,7 +111,6 @@ 

              self.koji_session.untagBuild(tag=branch_name, build=repo)

          except koji.GenericError as e:

              _log.exception(f"Failed to untag build in koji: {e}")

-             raise

  

          try:

              _log.info(f"Blocking package {repo}, tag: {branch_name}")
@@ -117,7 +119,9 @@ 

              _log.exception(

                  f"Failed to block retired package {repo} on branch {branch_name}: {e}"

              )

-             raise

+ 

+         # TODO: In case of exception while blocking a package in koji,

+         # send email with the list of packages that failed to block

  

          # If a package moves from EPEL to RHEL it can only be built if it is unblocked

          # in the epel build tag. Therefore unblock all retired EPEL packages in the
@@ -134,7 +138,6 @@ 

                      )

                  except koji.GenericError as e:

                      _log.exception(f"Failed unblocking epel build tag: {e}")

-                     raise

  

  

  def get_arguments(args):

koji_block_retired toddler related changes, tested on staging and the last commit fixes the failing tests (adds mock for get_rawhide_tag function)

Build succeeded.
https://fedora.softwarefactory-project.io/zuul/buildset/528602bd309d4721ac6723256471e38a

4 new commits added

  • koji_block_retired: Add kerberos authentication for koji
  • koji_block_retired: Fix koji_url
  • koji_block_retired: fix tests
  • koji_block_retired: do not raise an error when tag not present in koji
2 months ago

Removed the test fix (mock get_rawhide_tag), the CI will be failing until #243 gets merged

Build failed. More information on how to proceed and troubleshoot errors available at https://fedoraproject.org/wiki/Zuul-based-ci
https://fedora.softwarefactory-project.io/zuul/buildset/dfc05ec371f644988051a72869031fe3

You shouldn't create PRs directly against production, but rather merge it first to main and then create PR from main to staging/production.

This way you will prevent having conflicts between main and production branches.

Pull-Request has been closed by lenkaseg

a month ago