Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ISD-2761 Add oauth lib and requirer #621

Open
wants to merge 78 commits into
base: 2/main
Choose a base branch
from

Conversation

Thanhphan1147
Copy link
Collaborator

Overview

Rationale

Juju Events Changes

Module Changes

Library Changes

Checklist

@Thanhphan1147 Thanhphan1147 force-pushed the add_oauth_lib_and_requirer branch from f14b722 to 74248fc Compare December 13, 2024 15:31
requirements.txt Outdated
requests ==2.32.3
python-ulid ==3.0.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keep alphabetic ordering

Comment on lines +116 to +118
self.framework.observe(self._oauth.on.oauth_info_changed, self._on_config_changed)
self.framework.observe(self._oauth.on.oauth_info_removed, self._on_config_changed)
self.framework.observe(self._oauth.on.invalid_client_config, self._on_config_changed)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd rename the hook method to something more "generic"

src/pebble.py Outdated
@@ -401,6 +419,11 @@ def reconcile( # noqa: C901 pylint: disable=too-many-branches,too-many-statemen
ignore_order=True,
ignore_string_case=True,
)

restart_mas(container, rendered_mas_configuration)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be set before restart_syname with a comment explaning it must be done before synapse

src/pebble.py Outdated

restart_mas(container, rendered_mas_configuration)
# Activate MAS on synapse
synapse.configure_mas(current_synapse_config, synapse_msc3861_configuration)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move it before the DeepDiff to allow synapse to restart when the config has changed

@Thanhphan1147 Thanhphan1147 marked this pull request as ready for review January 15, 2025 15:34
Thanhphan1147 and others added 3 commits January 16, 2025 08:19
…ery slight chance that the generated secret contains all digits and is interpreted as an unsigned int
…apse-operator into add_oauth_lib_and_requirer
@javierdelapuente
Copy link
Collaborator

could you update the pull request description? Thanks!

Copy link
Contributor

Test coverage for 7a5f917

Name                                    Stmts   Miss Branch BrPart  Cover   Missing
-----------------------------------------------------------------------------------
src/auth/__init__.py                        0      0      0      0   100%
src/auth/mas.py                            84      7      2      1    91%   82-84, 128->130, 163-164, 325-329
src/backup.py                             175      5     20      2    96%   353-354, 423-424, 481->483, 484
src/backup_observer.py                    134     16     12      0    89%   132-135, 140-143, 179-182, 211-214
src/charm.py                              282     19     66     11    91%   146->148, 151, 229, 287, 291-292, 298-299, 320-321, 345, 352, 427-431, 434-435, 463-465, 485
src/charm_types.py                         30      0      0      0   100%
src/database_client.py                     57      1      8      4    92%   35, 47->exit, 69->exit, 88->98
src/database_observer.py                   49      4      2      0    92%   61-64
src/exceptions.py                           3      0      0      0   100%
src/matrix_auth_observer.py                69      7     10      2    89%   66, 146, 160-164
src/media_observer.py                      45      4      2      1    89%   60-62, 81
src/observability.py                       14      0      0      0   100%
src/pebble.py                             194     23     44     11    86%   157->exit, 168-172, 216-217, 237-238, 256-259, 320->325, 330-331, 343-344, 346-347, 378, 380, 382, 384, 386, 418
src/redis_observer.py                      39      3      4      0    93%   63-66
src/s3_parameters.py                       22      0      4      0   100%
src/smtp_observer.py                       61      1     14      2    96%   89, 108->113
src/state/__init__.py                       0      0      0      0   100%
src/state/charm_state.py                  127      9     32      7    90%   164, 168, 189, 214, 220, 226, 230-231, 314
src/state/mas.py                           79      8      6      3    87%   154, 160-161, 187-189, 204, 224
src/state/validation.py                    36      3      2      0    92%   108-110
src/synapse/__init__.py                     3      0      0      0   100%
src/synapse/api.py                        129      6     18      4    93%   111-112, 161, 172, 174, 314
src/synapse/workload.py                   118      4     24      0    94%   365-368
src/synapse/workload_configuration.py     149     26     34     12    79%   90->exit, 94-95, 143-144, 173, 193-194, 226-227, 260, 269-270, 285, 290-291, 312-313, 332->337, 338, 356->358, 368-369, 397, 405->407, 407->409, 414-415, 435->442, 445, 465-466
src/user.py                                23      0      2      0   100%
-----------------------------------------------------------------------------------
TOTAL                                    1922    146    306     60    91%

Static code analysis report

Working... ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00
Run started:2025-01-16 07:34:31.497877

Test results:
  No issues identified.

Code scanned:
  Total lines of code: 9779
  Total lines skipped (#nosec): 4
  Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
  Total issues (by severity):
  	Undefined: 0
  	Low: 0
  	Medium: 0
  	High: 0
  Total issues (by confidence):
  	Undefined: 0
  	Low: 0
  	Medium: 0
  	High: 0
Files skipped (0):

]

try:
process = container.exec(command=command, working_dir=MAS_WORKING_DIR)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to add a timeout here? Could this command possibly take too much time?

issuer: {{ oauth_provider_info.issuer_url }}
client_id: {{ oauth_provider_info.client_id }}
client_secret: {{ oauth_provider_info.client_secret }}
scope: "openid profile email"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be set by the constant MAS_OIDC_SCOPE (if it changes)?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants