Use requests_gssapi instead of requests_kerberos
Retain ability to use the old requests_kerberos where request_gssapi is not available yet. Signed-off-by: Simo Sorce <simo@redhat.com>
This commit is contained in:
Simo Sorce
Mike McLean
parent
9063f33b07
commit
2c663f0b73
7 changed files with 36 additions and 25 deletions
|
|
@ -70,10 +70,14 @@ from koji.tasks import (
|
|||
from koji.util import dslice, dslice_ex, isSuccess, parseStatus, to_list
|
||||
|
||||
try:
|
||||
import requests_kerberos
|
||||
Krb5Error = requests_kerberos.exceptions.RequestException
|
||||
import requests_gssapi as reqgssapi
|
||||
Krb5Error = reqgssapi.exceptions.RequestException
|
||||
except ImportError: # pragma: no cover
|
||||
requests_kerberos = None
|
||||
try:
|
||||
import requests_kerberos as reqgssapi
|
||||
Krb5Error = reqgssapi.exceptions.RequestException
|
||||
except ImportError: # pragma: no cover
|
||||
reqgssapi = None
|
||||
|
||||
try:
|
||||
import librepo
|
||||
|
|
@ -6597,7 +6601,7 @@ if __name__ == "__main__":
|
|||
quit("Error: Unable to log in. Bad credentials?")
|
||||
except requests.exceptions.ConnectionError:
|
||||
quit("Error: Unable to connect to server %s" % (options.server))
|
||||
elif requests_kerberos:
|
||||
elif reqgssapi:
|
||||
krb_principal = options.krb_principal
|
||||
if krb_principal is None:
|
||||
krb_principal = options.host_principal_format % socket.getfqdn()
|
||||
|
|
|
|||
|
|
@ -145,7 +145,11 @@ Requires: rpm-python%{python3_pkgversion}
|
|||
%endif
|
||||
Requires: python%{python3_pkgversion}-pyOpenSSL
|
||||
Requires: python%{python3_pkgversion}-requests
|
||||
%if 0%{?fedora} >= 32
|
||||
Requires: python%{python3_pkgversion}-requests-gssapi
|
||||
%else
|
||||
Requires: python%{python3_pkgversion}-requests-kerberos
|
||||
%endif
|
||||
Requires: python%{python3_pkgversion}-dateutil
|
||||
Requires: python%{python3_pkgversion}-six
|
||||
|
||||
|
|
|
|||
|
|
@ -72,9 +72,12 @@ except Exception: # pragma: no cover
|
|||
# we ignore it here
|
||||
pass
|
||||
try:
|
||||
import requests_kerberos
|
||||
import requests_gssapi as reqgssapi
|
||||
except ImportError: # pragma: no cover
|
||||
requests_kerberos = None
|
||||
try:
|
||||
import requests_kerberos as reqgssapi
|
||||
except ImportError: # pragma: no cover
|
||||
reqgssapi = None
|
||||
try:
|
||||
import rpm
|
||||
except ImportError:
|
||||
|
|
@ -2460,9 +2463,9 @@ class ClientSession(object):
|
|||
ccache=ccache, proxyuser=proxyuser)
|
||||
|
||||
def gssapi_login(self, principal=None, keytab=None, ccache=None, proxyuser=None):
|
||||
if not requests_kerberos:
|
||||
if not reqgssapi:
|
||||
raise PythonImportError(
|
||||
"Please install python-requests-kerberos to use GSSAPI."
|
||||
"Please install python-requests-gssapi to use GSSAPI."
|
||||
)
|
||||
# force https
|
||||
old_baseurl = self.baseurl
|
||||
|
|
@ -2489,14 +2492,14 @@ class ClientSession(object):
|
|||
old_env['KRB5CCNAME'] = os.environ.get('KRB5CCNAME')
|
||||
os.environ['KRB5CCNAME'] = ccache
|
||||
if principal:
|
||||
if re.match(r'0[.][1-8]\b', requests_kerberos.__version__):
|
||||
if re.match(r'0[.][1-8]\b', reqgssapi.__version__):
|
||||
raise PythonImportError(
|
||||
'python-requests-kerberos >= 0.9.0 required for '
|
||||
'python-requests-gssapi >= 0.9.0 required for '
|
||||
'keytab auth'
|
||||
)
|
||||
else:
|
||||
kwargs['principal'] = principal
|
||||
self.opts['auth'] = requests_kerberos.HTTPKerberosAuth(**kwargs)
|
||||
self.opts['auth'] = reqgssapi.HTTPKerberosAuth(**kwargs)
|
||||
try:
|
||||
# Depending on the server configuration, we might not be able to
|
||||
# connect without client certificate, which means that the conn
|
||||
|
|
|
|||
2
setup.py
2
setup.py
|
|
@ -14,7 +14,7 @@ def get_install_requires():
|
|||
requires = [
|
||||
'python-dateutil',
|
||||
'requests',
|
||||
'requests-kerberos',
|
||||
'requests-gssapi',
|
||||
'six',
|
||||
# 'libcomps',
|
||||
# 'rpm-py-installer', # it is optional feature
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class TestGSSAPI(unittest.TestCase):
|
|||
|
||||
maxDiff = None
|
||||
|
||||
@mock.patch('koji.requests_kerberos', new=None)
|
||||
@mock.patch('koji.reqgssapi', new=None)
|
||||
def test_gssapi_disabled(self):
|
||||
with self.assertRaises(ImportError):
|
||||
self.session.gssapi_login()
|
||||
|
|
@ -33,13 +33,13 @@ class TestGSSAPI(unittest.TestCase):
|
|||
retry=False)
|
||||
self.assertEqual(old_environ, dict(**os.environ))
|
||||
|
||||
@mock.patch('requests_kerberos.HTTPKerberosAuth')
|
||||
@mock.patch('koji.reqgssapi.HTTPKerberosAuth')
|
||||
def test_gssapi_login_keytab(self, HTTPKerberosAuth_mock):
|
||||
principal = 'user@EXAMPLE.COM'
|
||||
keytab = '/path/to/keytab'
|
||||
ccache = '/path/to/cache'
|
||||
old_environ = dict(**os.environ)
|
||||
current_version = koji.requests_kerberos.__version__
|
||||
current_version = koji.reqgssapi.__version__
|
||||
accepted_versions = ['0.12.0.beta1',
|
||||
'0.12.0dev',
|
||||
'0.12.0a1',
|
||||
|
|
@ -47,7 +47,7 @@ class TestGSSAPI(unittest.TestCase):
|
|||
'0.10.0',
|
||||
'0.9.0']
|
||||
for accepted_version in accepted_versions:
|
||||
koji.requests_kerberos.__version__ = accepted_version
|
||||
koji.reqgssapi.__version__ = accepted_version
|
||||
rv = self.session.gssapi_login(principal, keytab, ccache)
|
||||
self.session._callMethod.assert_called_once_with('sslLogin',
|
||||
[None],
|
||||
|
|
@ -55,14 +55,14 @@ class TestGSSAPI(unittest.TestCase):
|
|||
self.assertEqual(old_environ, dict(**os.environ))
|
||||
self.assertTrue(rv)
|
||||
self.session._callMethod.reset_mock()
|
||||
koji.requests_kerberos.__version__ = current_version
|
||||
koji.reqgssapi.__version__ = current_version
|
||||
|
||||
def test_gssapi_login_keytab_unsupported_requests_kerberos_version(self):
|
||||
def test_gssapi_login_keytab_unsupported_requests_kerberos(self):
|
||||
principal = 'user@EXAMPLE.COM'
|
||||
keytab = '/path/to/keytab'
|
||||
ccache = '/path/to/cache'
|
||||
old_environ = dict(**os.environ)
|
||||
current_version = koji.requests_kerberos.__version__
|
||||
current_version = koji.reqgssapi.__version__
|
||||
old_versions = ['0.8.0',
|
||||
'0.7.0',
|
||||
'0.6.1',
|
||||
|
|
@ -72,15 +72,15 @@ class TestGSSAPI(unittest.TestCase):
|
|||
'0.2',
|
||||
'0.1']
|
||||
for old_version in old_versions:
|
||||
koji.requests_kerberos.__version__ = old_version
|
||||
koji.reqgssapi.__version__ = old_version
|
||||
with self.assertRaises(koji.PythonImportError) as cm:
|
||||
self.session.gssapi_login(principal, keytab, ccache)
|
||||
self.assertEqual(cm.exception.args[0],
|
||||
'python-requests-kerberos >= 0.9.0 required for '
|
||||
'python-requests-gssapi >= 0.9.0 required for '
|
||||
'keytab auth')
|
||||
self.session._callMethod.assert_not_called()
|
||||
self.assertEqual(old_environ, dict(**os.environ))
|
||||
koji.requests_kerberos.__version__ = current_version
|
||||
koji.reqgssapi.__version__ = current_version
|
||||
|
||||
def test_gssapi_login_error(self):
|
||||
old_environ = dict(**os.environ)
|
||||
|
|
|
|||
|
|
@ -374,7 +374,7 @@ def activate_session(session):
|
|||
elif options.user:
|
||||
# authenticate using user/password
|
||||
session.login()
|
||||
elif koji.requests_kerberos:
|
||||
elif koji.reqgssapi:
|
||||
session.gssapi_login(principal=options.principal, keytab=options.keytab,
|
||||
proxyuser=options.runas)
|
||||
if not options.noauth and not session.logged_in:
|
||||
|
|
|
|||
|
|
@ -1191,8 +1191,8 @@ if __name__ == "__main__":
|
|||
elif options.user:
|
||||
# authenticate using user/password
|
||||
session.login()
|
||||
elif koji.requests_kerberos and options.principal and options.keytab:
|
||||
session.gssapi_login(options.principal, options.keytab, options.ccache)
|
||||
elif koji.reqgssapi and options.principal and options.keytab:
|
||||
session.krb_login(options.principal, options.keytab, options.ccache)
|
||||
else:
|
||||
quit("No username/password/certificate supplied and Kerberos missing or not configured")
|
||||
# get an exclusive session
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue