PR#2151: koji-gc: support request_kerberos

Merges #2151 https://pagure.io/koji/pull-request/2151 Fixes: #2143 https://pagure.io/koji/issue/2143 koji-gc does not support requests-kerberos
2020-05-12 15:28:22 +02:00 · 2020-05-12 15:28:22 +02:00 · 8f2d02c346
commit 8f2d02c346
parent fe736a7ddb bd59d3f985
1 changed files with 3 additions and 40 deletions
--- a/util/koji-gc
+++ b/util/koji-gc
@ -30,11 +30,6 @@ import koji
 import koji.policy
 from koji.util import LazyDict, LazyValue, to_list

-try:
-    import krbV
-except ImportError:  # pragma: no cover
-    krbV = None
-

 def _(args):
    """Stub function for translation"""
@ -51,14 +46,6 @@ def get_options():
                      help=_("use alternate configuration file"))
    parser.add_option("--keytab", help=_("specify a Kerberos keytab to use"))
    parser.add_option("--principal", help=_("specify a Kerberos principal to use"))
-    parser.add_option("--krbservice", default="host",
-                      help=_("the service name of the principal being used by the hub"))
-    parser.add_option("--krb-rdns", action="store_true", default=False,
-                      help=_("get reverse dns FQDN for krb target"))
-    parser.add_option("--krb-canon-host", action="store_true", default=False,
-                      help=_("get canonical hostname for krb target"))
-    parser.add_option("--krb-server-realm",
-                      help=_("the realm of server Kerberos principal"))
    parser.add_option("--runas", metavar="USER",
                      help=_("run as the specified user (requires special privileges)"))
    parser.add_option("--user", help=_("specify user"))
@ -137,10 +124,6 @@ def get_options():
        # name, alias, type
        ['keytab', None, 'string'],
        ['principal', None, 'string'],
-        ['krbservice', None, 'string'],
-        ['krb_rdns', None, 'boolean'],
-        ['krb_canon_host', None, 'boolean'],
-        ['krb_server_realm', None, 'string'],
        ['runas', None, 'string'],
        ['user', None, 'string'],
        ['password', None, 'string'],
@ -368,18 +351,6 @@ def ensure_connection(session):
               (ret, koji.API_VERSION)))


-def has_krb_creds():
-    if krbV is None:
-        return False
-    try:
-        ctx = krbV.default_context()
-        ccache = ctx.default_ccache()
-        ccache.principal()
-        return True
-    except krbV.Krb5Error:
-        return False
-
-
 def activate_session(session):
    """Test and login the session is applicable"""
    global options
@ -392,17 +363,9 @@ def activate_session(session):
    elif options.user:
        # authenticate using user/password
        session.login()
-    elif has_krb_creds() or (options.keytab and options.principal):
-        try:
-            if options.keytab and options.principal:
-                session.krb_login(principal=options.principal, keytab=options.keytab,
-                                  proxyuser=options.runas)
-            else:
-                session.krb_login(proxyuser=options.runas)
-        except krbV.Krb5Error as e:
-            error(_("Kerberos authentication failed: %s (%s)") % (e.args[1], e.args[0]))
-        except socket.error as e:
-            warn(_("Could not connect to Kerberos authentication service: '%s'") % e.args[1])
+    elif koji.requests_kerberos:
+        session.gssapi_login(principal=options.principal, keytab=options.keytab,
+                          proxyuser=options.runas)
    if not options.noauth and not session.logged_in:
        error(_("Error: unable to log in, no authentication methods available"))
    ensure_connection(session)