From f58e07df2abb9f094a353db2fb0a9733465e0b52 Mon Sep 17 00:00:00 2001 From: Brendan Reilly Date: Feb 22 2023 15:41:26 +0000 Subject: Merge #1778 `switch to using gssapi_login for koji` --- diff --git a/module_build_service/common/koji.py b/module_build_service/common/koji.py index fc9b466..bb733eb 100644 --- a/module_build_service/common/koji.py +++ b/module_build_service/common/koji.py @@ -135,13 +135,6 @@ def get_session(config, login=True): authtype = koji_config.authtype log.info("Authenticate session with %r.", authtype) if authtype == "kerberos": - try: - import krbV - # We want to create a context per thread to avoid Kerberos cache corruption - ctx = krbV.Context() - except ImportError: - # If no krbV, we can assume GSSAPI auth is available - ctx = None keytab = getattr(config, "krb_keytab", None) principal = getattr(config, "krb_principal", None) if not keytab and principal: @@ -151,7 +144,7 @@ def get_session(config, login=True): # We want to use the thread keyring for the ccache to ensure we have one cache per # thread to avoid Kerberos cache corruption ccache = "KEYRING:thread:mbs" - koji_session.krb_login(principal=principal, keytab=keytab, ctx=ctx, ccache=ccache) + koji_session.gssapi_login(principal=principal, keytab=keytab, ccache=ccache) elif authtype == "ssl": koji_session.ssl_login( os.path.expanduser(koji_config.cert), None, os.path.expanduser(koji_config.serverca) diff --git a/tests/test_builder/test_content_generator.py b/tests/test_builder/test_content_generator.py index 5dee0d7..6eb4e39 100644 --- a/tests/test_builder/test_content_generator.py +++ b/tests/test_builder/test_content_generator.py @@ -140,7 +140,7 @@ class TestBuild: assert new_mmd.get_module_name().endswith("-devel") # Ensure an anonymous Koji session works - koji_session.krb_login.assert_not_called() + koji_session.gssapi_login.assert_not_called() @patch("koji.ClientSession") @patch("subprocess.Popen") @@ -187,7 +187,7 @@ class TestBuild: assert expected_output == ret # Anonymous koji session should work well. - koji_session.krb_login.assert_not_called() + koji_session.gssapi_login.assert_not_called() def test_prepare_file_directory(self): """ Test preparation of directory with output files """ @@ -221,7 +221,7 @@ class TestBuild: koji_session.tagBuild.assert_called_once_with(123, "nginx-0-2.10e50d06") # tagBuild requires logging into a session in advance. - koji_session.krb_login.assert_called_once() + koji_session.gssapi_login.assert_called_once() @patch("koji.ClientSession") def test_tag_cg_build_fallback_to_default_tag(self, ClientSession): @@ -239,7 +239,7 @@ class TestBuild: koji_session.tagBuild.assert_called_once_with(123, "nginx-0-2.10e50d06") # tagBuild requires logging into a session in advance. - koji_session.krb_login.assert_called_once() + koji_session.gssapi_login.assert_called_once() @patch("koji.ClientSession") def test_tag_cg_build_no_tag_set(self, ClientSession): @@ -253,7 +253,7 @@ class TestBuild: koji_session.tagBuild.assert_not_called() # tagBuild requires logging into a session in advance. - koji_session.krb_login.assert_called_once() + koji_session.gssapi_login.assert_called_once() @patch("koji.ClientSession") def test_tag_cg_build_no_tag_available(self, ClientSession): @@ -266,7 +266,7 @@ class TestBuild: koji_session.tagBuild.assert_not_called() # tagBuild requires logging into a session in advance. - koji_session.krb_login.assert_called_once() + koji_session.gssapi_login.assert_called_once() @patch("module_build_service.builder.KojiContentGenerator.open", create=True) def test_get_arch_mmd_output(self, patched_open): @@ -425,7 +425,7 @@ class TestBuild: assert rpm["license"] == "GPL" # Listing tagged RPMs does not require to log into a session - koji_session.krb_login.assert_not_called() + koji_session.gssapi_login.assert_not_called() @patch("koji.ClientSession") def test_koji_rpms_in_tag_empty_tag(self, ClientSession): diff --git a/tests/test_builder/test_koji.py b/tests/test_builder/test_koji.py index 5874046..7f49c93 100644 --- a/tests/test_builder/test_koji.py +++ b/tests/test_builder/test_koji.py @@ -447,7 +447,7 @@ class TestKojiBuilder: assert session.getTaskDescendents.mock_calls == expected_calls # getLoggedInUser requires to a logged-in session - session.krb_login.assert_called_once() + session.gssapi_login.assert_called_once() @patch("koji.ClientSession") def test_get_build_weights_no_task_id(self, ClientSession): @@ -468,7 +468,7 @@ class TestKojiBuilder: expected_calls = [mock.call(456)] assert session.getTaskDescendents.mock_calls == expected_calls - session.krb_login.assert_called_once() + session.gssapi_login.assert_called_once() @patch("koji.ClientSession") def test_get_build_weights_no_build(self, ClientSession): @@ -489,7 +489,7 @@ class TestKojiBuilder: expected_calls = [mock.call(456)] assert session.getTaskDescendents.mock_calls == expected_calls - session.krb_login.assert_called_once() + session.gssapi_login.assert_called_once() @patch("koji.ClientSession") def test_get_build_weights_listBuilds_failed(self, ClientSession): @@ -508,7 +508,7 @@ class TestKojiBuilder: packageID=2, userID=123, state=1, queryOpts={"limit": 1, "order": "-build_id"}), ] assert session.listBuilds.mock_calls == expected_calls - session.krb_login.assert_called_once() + session.gssapi_login.assert_called_once() @patch("koji.ClientSession") def test_get_build_weights_getPackageID_failed(self, ClientSession): @@ -523,7 +523,7 @@ class TestKojiBuilder: expected_calls = [mock.call("httpd"), mock.call("apr")] assert session.getPackageID.mock_calls == expected_calls - session.krb_login.assert_called_once() + session.gssapi_login.assert_called_once() @patch("koji.ClientSession") def test_get_build_weights_getLoggedInUser_failed(self, ClientSession): @@ -531,7 +531,7 @@ class TestKojiBuilder: session.getAverageBuildDuration.return_value = None weights = KojiModuleBuilder.get_build_weights(["httpd", "apr"]) assert weights == {"httpd": 1.5, "apr": 1.5} - session.krb_login.assert_called_once() + session.gssapi_login.assert_called_once() @pytest.mark.parametrize("blocklist", [False, True]) @pytest.mark.parametrize("custom_whitelist", [False, True]) @@ -824,7 +824,7 @@ class TestKojiBuilder: def test_ensure_builder_use_a_logged_in_koji_session(self, ClientSession): module_build = module_build_service.common.models.ModuleBuild.get_by_id(db_session, 2) builder = KojiModuleBuilder(db_session, "owner", module_build, conf, "module-tag", []) - builder.koji_session.krb_login.assert_called_once() + builder.koji_session.gssapi_login.assert_called_once() @patch("koji.ClientSession") def test_repo_from_tag(self, ClientSession): diff --git a/tests/test_common/test_koji.py b/tests/test_common/test_koji.py index f8d7da5..0f1a9cd 100644 --- a/tests/test_common/test_koji.py +++ b/tests/test_common/test_koji.py @@ -12,4 +12,4 @@ def test_get_anonymous_session(mock_session): mbs_config = mock.Mock(koji_profile="koji", koji_config="conf/koji.conf") session = get_session(mbs_config, login=False) assert mock_session.return_value == session - assert mock_session.return_value.krb_login.assert_not_called + assert mock_session.return_value.gssapi_login.assert_not_called diff --git a/tests/test_scheduler/test_poller.py b/tests/test_scheduler/test_poller.py index 02958aa..497a61c 100644 --- a/tests/test_scheduler/test_poller.py +++ b/tests/test_scheduler/test_poller.py @@ -288,7 +288,7 @@ class TestPoller: producer.delete_old_koji_targets() koji_session.deleteBuildTarget.assert_called_once_with(1) - koji_session.krb_login.assert_called_once() + koji_session.gssapi_login.assert_called_once() @patch("koji.ClientSession") def test_cant_delete_build_target_if_not_reach_delete_time( diff --git a/tests/test_web/test_views.py b/tests/test_web/test_views.py index 31f23e6..acae153 100644 --- a/tests/test_web/test_views.py +++ b/tests/test_web/test_views.py @@ -458,7 +458,7 @@ class TestQueryModuleBuild: "module-build-macros-0.1-1.testmodule_master_20170303190726.src.rpm") mock_session.listTags.assert_called_once_with(mock_rpm_md["build_id"]) - mock_session.krb_login.assert_not_called() + mock_session.gssapi_login.assert_not_called() @pytest.mark.parametrize( "provide_test_data", [{"data_size": 1, "contexts": True}], indirect=True