#353 Revert "Add krb_principal option for waiverdb-cli"
Merged a year ago by lholecek. Opened a year ago by lholecek.
lholecek/waiverdb revert-krb-workaround  into  master

@@ -2,8 +2,6 @@ 

  # Specify OIDC or Kerberos for authentication

  auth_method=OIDC

  api_url=https://waiverdb-web-waiverdb.app.os.fedoraproject.org/api/v1.0

- # Try overriding Kerberos principal if authentication fails

- #krb_principal=HTTP/waiverdb.example.com@EXAMPLE.COM

  oidc_id_provider=https://id.fedoraproject.org/openidc/

  oidc_client_id=waiverdb-authorizer

  oidc_client_secret=notsecret

file modified
+18 -32
@@ -34,37 +34,6 @@ 

          return subject

  

  

- def _krb_auth(url, config, request_arguments):

-     # Try to import this now so the user gets immediate feedback if

-     # it isn't installed

-     try:

-         import gssapi  # noqa: F401

-         import requests_gssapi  # noqa: F401

-     except ImportError:

-         raise click.ClickException(

-             'python-requests-gssapi needs to be installed')

- 

-     auth_kwargs = {}

-     krb_principal = config.get('waiverdb', 'krb_principal', fallback=None)

-     if krb_principal:

-         auth_kwargs['target_name'] = gssapi.Name(

-             krb_principal, gssapi.NameType.kerberos_principal)

-     auth = requests_gssapi.HTTPSPNEGOAuth(

-         mutual_authentication=requests_gssapi.OPTIONAL, **auth_kwargs)

- 

-     resp = requests.request(

-         'POST', url, auth=auth, **request_arguments)

-     if resp.status_code == 401:

-         msg = resp.json().get(

-             'message', ('WaiverDB authentication using GSSAPI failed. Make sure you have a '

-                         'valid Kerberos ticket or that you correctly configured your Kerberos '

-                         'configuration file. Please check the doc for troubleshooting '

-                         'information.'))

-         raise click.ClickException(msg)

- 

-     return resp

- 

- 

  def validate_config(config):

      """

      Validates the configuration needed for WaiverDB
@@ -305,7 +274,24 @@ 

              **common_request_arguments)

          check_response(resp, result_ids)

      elif auth_method == 'Kerberos':

-         resp = _krb_auth(url, config, common_request_arguments)

+         # Try to import this now so the user gets immediate feedback if

+         # it isn't installed

+         try:

+             import requests_gssapi  # noqa: F401

+         except ImportError:

+             raise click.ClickException(

+                 'python-requests-gssapi needs to be installed')

+         auth = requests_gssapi.HTTPKerberosAuth(

+             mutual_authentication=requests_gssapi.OPTIONAL)

+         resp = requests.request(

+             'POST', url, auth=auth, **common_request_arguments)

+         if resp.status_code == 401:

+             msg = resp.json().get(

+                 'message', ('WaiverDB authentication using GSSAPI failed. Make sure you have a '

+                             'valid Kerberos ticket or that you correctly configured your Kerberos '

+                             'configuration file. Please check the doc for troubleshooting '

+                             'information.'))

+             raise click.ClickException(msg)

          check_response(resp, result_ids)

      elif auth_method == 'dummy':

          resp = requests.request(

This reverts commit 5ca2b79.

This is no longer needed since our servers have now correct kerberos
principal.

Signed-off-by: Lukas Holecek hluk@email.cz

Pull-Request has been merged by lholecek

a year ago