diff --git a/builder/kojid b/builder/kojid index e962da35..c385d5fe 100755 --- a/builder/kojid +++ b/builder/kojid @@ -70,10 +70,14 @@ from koji.tasks import ( from koji.util import dslice, dslice_ex, isSuccess, parseStatus, to_list try: - import requests_kerberos - Krb5Error = requests_kerberos.exceptions.RequestException + import requests_gssapi as reqgssapi + Krb5Error = reqgssapi.exceptions.RequestException except ImportError: # pragma: no cover - requests_kerberos = None + try: + import requests_kerberos as reqgssapi + Krb5Error = reqgssapi.exceptions.RequestException + except ImportError: # pragma: no cover + reqgssapi = None try: import librepo @@ -6597,7 +6601,7 @@ if __name__ == "__main__": quit("Error: Unable to log in. Bad credentials?") except requests.exceptions.ConnectionError: quit("Error: Unable to connect to server %s" % (options.server)) - elif requests_kerberos: + elif reqgssapi: krb_principal = options.krb_principal if krb_principal is None: krb_principal = options.host_principal_format % socket.getfqdn() diff --git a/koji.spec b/koji.spec index d8e3a083..c941da5a 100644 --- a/koji.spec +++ b/koji.spec @@ -145,7 +145,11 @@ Requires: rpm-python%{python3_pkgversion} %endif Requires: python%{python3_pkgversion}-pyOpenSSL Requires: python%{python3_pkgversion}-requests +%if 0%{?fedora} >= 32 +Requires: python%{python3_pkgversion}-requests-gssapi +%else Requires: python%{python3_pkgversion}-requests-kerberos +%endif Requires: python%{python3_pkgversion}-dateutil Requires: python%{python3_pkgversion}-six diff --git a/koji/__init__.py b/koji/__init__.py index 99652de0..5a48b1f2 100644 --- a/koji/__init__.py +++ b/koji/__init__.py @@ -72,9 +72,12 @@ except Exception: # pragma: no cover # we ignore it here pass try: - import requests_kerberos + import requests_gssapi as reqgssapi except ImportError: # pragma: no cover - requests_kerberos = None + try: + import requests_kerberos as reqgssapi + except ImportError: # pragma: no cover + reqgssapi = None try: import rpm except ImportError: @@ -2460,9 +2463,9 @@ class ClientSession(object): ccache=ccache, proxyuser=proxyuser) def gssapi_login(self, principal=None, keytab=None, ccache=None, proxyuser=None): - if not requests_kerberos: + if not reqgssapi: raise PythonImportError( - "Please install python-requests-kerberos to use GSSAPI." + "Please install python-requests-gssapi to use GSSAPI." ) # force https old_baseurl = self.baseurl @@ -2489,14 +2492,14 @@ class ClientSession(object): old_env['KRB5CCNAME'] = os.environ.get('KRB5CCNAME') os.environ['KRB5CCNAME'] = ccache if principal: - if re.match(r'0[.][1-8]\b', requests_kerberos.__version__): + if re.match(r'0[.][1-8]\b', reqgssapi.__version__): raise PythonImportError( - 'python-requests-kerberos >= 0.9.0 required for ' + 'python-requests-gssapi >= 0.9.0 required for ' 'keytab auth' ) else: kwargs['principal'] = principal - self.opts['auth'] = requests_kerberos.HTTPKerberosAuth(**kwargs) + self.opts['auth'] = reqgssapi.HTTPKerberosAuth(**kwargs) try: # Depending on the server configuration, we might not be able to # connect without client certificate, which means that the conn diff --git a/setup.py b/setup.py index 45acb149..d34c5179 100644 --- a/setup.py +++ b/setup.py @@ -14,7 +14,7 @@ def get_install_requires(): requires = [ 'python-dateutil', 'requests', - 'requests-kerberos', + 'requests-gssapi', 'six', # 'libcomps', # 'rpm-py-installer', # it is optional feature diff --git a/tests/test_lib/test_gssapi.py b/tests/test_lib/test_gssapi.py index cc2dff35..c87e8cc6 100644 --- a/tests/test_lib/test_gssapi.py +++ b/tests/test_lib/test_gssapi.py @@ -21,7 +21,7 @@ class TestGSSAPI(unittest.TestCase): maxDiff = None - @mock.patch('koji.requests_kerberos', new=None) + @mock.patch('koji.reqgssapi', new=None) def test_gssapi_disabled(self): with self.assertRaises(ImportError): self.session.gssapi_login() @@ -33,13 +33,13 @@ class TestGSSAPI(unittest.TestCase): retry=False) self.assertEqual(old_environ, dict(**os.environ)) - @mock.patch('requests_kerberos.HTTPKerberosAuth') + @mock.patch('koji.reqgssapi.HTTPKerberosAuth') def test_gssapi_login_keytab(self, HTTPKerberosAuth_mock): principal = 'user@EXAMPLE.COM' keytab = '/path/to/keytab' ccache = '/path/to/cache' old_environ = dict(**os.environ) - current_version = koji.requests_kerberos.__version__ + current_version = koji.reqgssapi.__version__ accepted_versions = ['0.12.0.beta1', '0.12.0dev', '0.12.0a1', @@ -47,7 +47,7 @@ class TestGSSAPI(unittest.TestCase): '0.10.0', '0.9.0'] for accepted_version in accepted_versions: - koji.requests_kerberos.__version__ = accepted_version + koji.reqgssapi.__version__ = accepted_version rv = self.session.gssapi_login(principal, keytab, ccache) self.session._callMethod.assert_called_once_with('sslLogin', [None], @@ -55,14 +55,14 @@ class TestGSSAPI(unittest.TestCase): self.assertEqual(old_environ, dict(**os.environ)) self.assertTrue(rv) self.session._callMethod.reset_mock() - koji.requests_kerberos.__version__ = current_version + koji.reqgssapi.__version__ = current_version - def test_gssapi_login_keytab_unsupported_requests_kerberos_version(self): + def test_gssapi_login_keytab_unsupported_requests_kerberos(self): principal = 'user@EXAMPLE.COM' keytab = '/path/to/keytab' ccache = '/path/to/cache' old_environ = dict(**os.environ) - current_version = koji.requests_kerberos.__version__ + current_version = koji.reqgssapi.__version__ old_versions = ['0.8.0', '0.7.0', '0.6.1', @@ -72,15 +72,15 @@ class TestGSSAPI(unittest.TestCase): '0.2', '0.1'] for old_version in old_versions: - koji.requests_kerberos.__version__ = old_version + koji.reqgssapi.__version__ = old_version with self.assertRaises(koji.PythonImportError) as cm: self.session.gssapi_login(principal, keytab, ccache) self.assertEqual(cm.exception.args[0], - 'python-requests-kerberos >= 0.9.0 required for ' + 'python-requests-gssapi >= 0.9.0 required for ' 'keytab auth') self.session._callMethod.assert_not_called() self.assertEqual(old_environ, dict(**os.environ)) - koji.requests_kerberos.__version__ = current_version + koji.reqgssapi.__version__ = current_version def test_gssapi_login_error(self): old_environ = dict(**os.environ) diff --git a/util/koji-gc b/util/koji-gc index 5bb8f73a..18ea5fdb 100755 --- a/util/koji-gc +++ b/util/koji-gc @@ -374,7 +374,7 @@ def activate_session(session): elif options.user: # authenticate using user/password session.login() - elif koji.requests_kerberos: + elif koji.reqgssapi: session.gssapi_login(principal=options.principal, keytab=options.keytab, proxyuser=options.runas) if not options.noauth and not session.logged_in: diff --git a/util/kojira b/util/kojira index 0637a4ee..020b8dc5 100755 --- a/util/kojira +++ b/util/kojira @@ -1191,8 +1191,8 @@ if __name__ == "__main__": elif options.user: # authenticate using user/password session.login() - elif koji.requests_kerberos and options.principal and options.keytab: - session.gssapi_login(options.principal, options.keytab, options.ccache) + elif koji.reqgssapi and options.principal and options.keytab: + session.krb_login(options.principal, options.keytab, options.ccache) else: quit("No username/password/certificate supplied and Kerberos missing or not configured") # get an exclusive session