#6576 sync-blocked-primary.py - add kerberos auth
Closed 3 years ago by sharkcz. Opened 3 years ago by sharkcz.
sharkcz/releng krb  into  master

file modified
+1 -1
@@ -71,7 +71,7 @@ 

  localkojisession = koji.ClientSession(LOCALKOJIHUB, session_opts)

  remotekojisession = koji.ClientSession(REMOTEKOJIHUB)

  if os.path.isfile(CLIENTCERT):

-     localckojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA)

+     localkojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA)

  else:

      if args.keytab and args.principal:

          localkojisession.krb_login(principal=args.principal, keytab=args.keytab)

file modified
+1 -1
@@ -150,7 +150,7 @@ 

  localkojisession = koji.ClientSession(LOCALKOJIHUB, session_opts)

  remotekojisession = koji.ClientSession(REMOTEKOJIHUB)

  if os.path.isfile(CLIENTCERT):

-     localckojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA)

+     localkojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA)

  else:

      if args.keytab and args.principal:

          localkojisession.krb_login(principal=args.principal, keytab=args.keytab)

@@ -15,6 +15,14 @@ 

  import tempfile

  import shutil

  

+ import argparse

+ 

+ # get architecture and tags from command line

+ parser = argparse.ArgumentParser()

+ parser.add_argument("--keytab", help="specify a Kerberos keytab to use")

+ parser.add_argument("--principal", help="specify a Kerberos principal to use")

+ args = parser.parse_args()

+ 

  # Set some variables

  # Some of these could arguably be passed in as args.

  tags = ['f26', 'f25', 'f24', 'f23'] # tag to check in koji
@@ -26,6 +34,10 @@ 

  CLIENTCA = os.path.expanduser('~/.fedora-upload-ca.cert')

  CLIENTCERT = os.path.expanduser('~/.fedora.cert')

  

+ session_opts = {}

+ session_opts['krbservice'] = 'host'

+ session_opts['krb_rdns'] = False

+ 

  kojisession = koji.ClientSession('https://koji.fedoraproject.org/kojihub')

  

  def getBlocked(kojisession, tag):
@@ -51,8 +63,14 @@ 

  for arch in arches:

      print "== Working on Arch: %s" % arch

      # Create a koji session

-     seckojisession = koji.ClientSession('https://%s.koji.fedoraproject.org/kojihub' % arch )

-     seckojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA)

+     seckojisession = koji.ClientSession('https://%s.koji.fedoraproject.org/kojihub' % arch, session_opts)

+     if os.path.isfile(CLIENTCERT):

+         seckojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA)

+     else:

+         if args.keytab and args.principal:

+             seckojisession.krb_login(principal=args.principal, keytab=args.keytab)

+         else:

+             seckojisession.krb_login()

  

      for tag in tags:

          print "=== Working on tag: %s" % tag

no initial comment

2 new commits added

  • fix typos
  • sync-blocked-primary.py: set session_opts for Kerberos
3 years ago

all commits need to be signed off

3 new commits added

  • fix typos
  • sync-blocked-primary.py: set session_opts for Kerberos
  • sync-blocked-primary.py - add kerberos auth
3 years ago

all commits need to be signed off

fixed

there is conflicts now

seems Mohan fixed the scripts in his parallel pull request

Pull-Request has been closed by sharkcz

3 years ago