diff --git a/galaxy_ng/app/dynaconf_hooks.py b/galaxy_ng/app/dynaconf_hooks.py index 9a1f1b48b1..88db163021 100755 --- a/galaxy_ng/app/dynaconf_hooks.py +++ b/galaxy_ng/app/dynaconf_hooks.py @@ -34,21 +34,20 @@ ) -def post(settings: Dynaconf, run_dynamic=True, run_validate=True, testing=False) -> Dict[str, Any]: +def post(settings: Dynaconf, run_dynamic: bool = True, run_validate: bool = True) -> Dict[str, Any]: """The dynaconf post hook is called after all the settings are loaded and set. Post hook is necessary when a setting key depends conditionally on a previouslys et variable. settings: A read-only copy of the django.conf.settings + run_dynamic: update the final data with configure_dynamic_settings + run_validate: call the validate function on the final data returns: a dictionary to be merged to django.conf.settings NOTES: Feature flags must be loaded directly on `app/api/ui/views/feature_flags.py` view. """ - #if testing: - # import epdb; epdb.st() - data = {"dynaconf_merge": False} # existing keys will be merged if dynaconf_merge is set to True # here it is set to false, so it allows each value to be individually marked as a merge. @@ -65,14 +64,13 @@ def post(settings: Dynaconf, run_dynamic=True, run_validate=True, testing=False) data.update(configure_legacy_roles(settings)) data.update(configure_dab_required_settings(settings)) - # This should go last, and it needs to receive the data from the previous configuration + # These should go last, and it needs to receive the data from the previous configuration # functions because this function configures the rest framework auth classes based off # of the galaxy auth classes, and if galaxy auth classes are overridden by any of the # other dynaconf hooks (such as keycloak), those changes need to be applied to the # rest framework auth classes too. data.update(configure_authentication_backends(settings, data)) data.update(configure_authentication_classes(settings, data)) - # import epdb; epdb.st() # This must go last, so that all the default settings are loaded before dynamic and validation if run_dynamic: @@ -81,9 +79,6 @@ def post(settings: Dynaconf, run_dynamic=True, run_validate=True, testing=False) if run_validate: validate(settings) - if testing: - # import epdb; epdb.st() - pass return data @@ -440,6 +435,7 @@ def configure_authentication_classes(settings: Dynaconf, data: Dict[str, Any]) - # switch everything to use the default DRF auth classes, but given how many # environments would have to be reconfigured, this is a lot easier. + ''' all_classes = set() # GALAXY_AUTHENTICATION_CLASSES @@ -457,8 +453,7 @@ def configure_authentication_classes(settings: Dynaconf, data: Dict[str, Any]) - for x in data.get(key, []): #print('\t' + x) all_classes.add(x) - - #print(f'ALL: {all_classes}') + ''' galaxy_auth_classes = data.get( "GALAXY_AUTHENTICATION_CLASSES", @@ -467,32 +462,7 @@ def configure_authentication_classes(settings: Dynaconf, data: Dict[str, Any]) - if galaxy_auth_classes is None: galaxy_auth_classes = [] - # print('AUTH_CLASSES 1: %s' % galaxy_auth_classes) - - ''' # add in keycloak classes if necessary ... - # Obtain values for Social Auth - SOCIAL_AUTH_KEYCLOAK_KEY = settings.get("SOCIAL_AUTH_KEYCLOAK_KEY", default=None) - SOCIAL_AUTH_KEYCLOAK_SECRET = settings.get("SOCIAL_AUTH_KEYCLOAK_SECRET", default=None) - SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = settings.get("SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY", default=None) - KEYCLOAK_PROTOCOL = settings.get("KEYCLOAK_PROTOCOL", default=None) - KEYCLOAK_HOST = settings.get("KEYCLOAK_HOST", default=None) - KEYCLOAK_PORT = settings.get("KEYCLOAK_PORT", default=None) - KEYCLOAK_REALM = settings.get("KEYCLOAK_REALM", default=None) - - # Add settings if Social Auth values are provided - if all( - [ - SOCIAL_AUTH_KEYCLOAK_KEY, - SOCIAL_AUTH_KEYCLOAK_SECRET, - SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY, - KEYCLOAK_HOST, - KEYCLOAK_PORT, - KEYCLOAK_REALM, - ] - ): - ''' - if data.get('GALAXY_AUTH_KEYCLOAK_ENABLED') is True: for class_name in [ "galaxy_ng.app.auth.session.SessionAuthentication", @@ -501,14 +471,6 @@ def configure_authentication_classes(settings: Dynaconf, data: Dict[str, Any]) - ]: if class_name not in galaxy_auth_classes: galaxy_auth_classes.insert(0, class_name) - else: - # print('DID NOT MEET KEYCLOAK CONDITIONS') - pass - - # print('AUTH_CLASSES 2: %s' % galaxy_auth_classes) - - # print(galaxy_auth_classes) - # import epdb; epdb.st() if galaxy_auth_classes: data["ANSIBLE_AUTHENTICATION_CLASSES"] = list(galaxy_auth_classes) diff --git a/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py b/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py index f20eb4ca03..1390be4245 100644 --- a/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py +++ b/galaxy_ng/tests/unit/app/test_dynaconf_hooks.py @@ -1,31 +1,18 @@ import copy import pytest -from unittest.mock import Mock - -from django.contrib.contenttypes.models import ContentType -from django.test import override_settings -from pulp_ansible.app.models import AnsibleDistribution, AnsibleRepository -from pulpcore.plugin.models.role import Role - -from django.test import SimpleTestCase - -from galaxy_ng.app.auth.auth import RHIdentityAuthentication -from galaxy_ng.app.constants import DeploymentMode -from galaxy_ng.app.models import Group, SyncList, User -from galaxy_ng.tests.unit.api import rh_auth as rh_auth_utils -from galaxy_ng.tests.unit.api.base import BaseTestCase from galaxy_ng.app.dynaconf_hooks import post as post_hook from pprint import pprint + class SuperDict(dict): immutable = False def set(self, key, value): if self.immutable: - raise Exception('not mutable!') + raise Exception("not mutable!") self[key] = value def get(self, key, default=None): @@ -43,7 +30,7 @@ def __getattr__(self, key): def __setattr__(self, key, value): # Assign the value to the dictionary using the key if self.immutable: - raise Exception('not mutable!') + raise Exception("not mutable!") self[key] = value @@ -51,285 +38,281 @@ class SuperValidator: @staticmethod def register(*args, **kwargs): pass + @staticmethod def validate(*args, **kwargs): pass AUTHENTICATION_BACKEND_PRESETS_DATA = { - 'ldap': [ + "ldap": [ "galaxy_ng.app.auth.ldap.PrefixedLDAPBackend", # "galaxy_ng.app.auth.ldap.GalaxyLDAPBackend", "django.contrib.auth.backends.ModelBackend", "pulpcore.backends.ObjectRolePermissionBackend", "dynaconf_merge", ], - 'keycloak': [ + "keycloak": [ "social_core.backends.keycloak.KeycloakOAuth2", "dynaconf_merge", - ] + ], } BASE_SETTINGS = { - 'AUTH_PASSWORD_VALIDATORS': [], - 'GALAXY_API_PATH_PREFIX': '/api/galaxy', - 'INSTALLED_APPS': [], - 'REST_FRAMEWORK': True, - 'SPECTACULAR_SETTINGS': True, - 'AUTHENTICATION_BACKENDS': [], - 'MIDDLEWARE': None, - 'AUTHENTICATION_BACKEND_PRESETS_DATA': copy.deepcopy(AUTHENTICATION_BACKEND_PRESETS_DATA), - 'BASE_DIR': 'templates', - 'validators': SuperValidator(), + "AUTH_PASSWORD_VALIDATORS": [], + "GALAXY_API_PATH_PREFIX": "/api/galaxy", + "INSTALLED_APPS": [], + "REST_FRAMEWORK": True, + "SPECTACULAR_SETTINGS": True, + "AUTHENTICATION_BACKENDS": [], + "MIDDLEWARE": None, + "AUTHENTICATION_BACKEND_PRESETS_DATA": copy.deepcopy(AUTHENTICATION_BACKEND_PRESETS_DATA), + "BASE_DIR": "templates", + "validators": SuperValidator(), } @pytest.mark.parametrize( "do_stuff, extra_settings, expected_results", [ - # >=4.10 no external auth ... ( - #True, - False, - {}, - { - 'AUTHENTICATION_BACKENDS': [ - 'ansible_base.lib.backends.prefixed_user_auth.PrefixedUserAuthBackend' - ] - } + True, + # False, + {}, + { + "AUTHENTICATION_BACKENDS": [ + "ansible_base.lib.backends.prefixed_user_auth.PrefixedUserAuthBackend" + ] + }, ), - # >=4.10 ldap ... ( - #True, - False, - { - 'AUTHENTICATION_BACKEND_PRESET': 'ldap', - 'AUTH_LDAP_SERVER_URI': "ldap://ldap:10389", - 'AUTH_LDAP_BIND_DN': "cn=admin,dc=planetexpress,dc=com", - 'AUTH_LDAP_BIND_PASSWORD': "GoodNewsEveryone", - 'AUTH_LDAP_USER_SEARCH_BASE_DN': "ou=people,dc=planetexpress,dc=com", - 'AUTH_LDAP_USER_SEARCH_SCOPE': "SUBTREE", - 'AUTH_LDAP_USER_SEARCH_FILTER': "(uid=%(user)s)", - 'AUTH_LDAP_GROUP_SEARCH_BASE_DN': "ou=people,dc=planetexpress,dc=com", - 'AUTH_LDAP_GROUP_SEARCH_SCOPE': "SUBTREE", - 'AUTH_LDAP_GROUP_SEARCH_FILTER': "(objectClass=Group)", - 'AUTH_LDAP_USER_ATTR_MAP': { - 'first_name': 'givenName', - 'last_name': 'sn', - 'email': 'mail' + True, + # False, + { + "AUTHENTICATION_BACKEND_PRESET": "ldap", + "AUTH_LDAP_SERVER_URI": "ldap://ldap:10389", + "AUTH_LDAP_BIND_DN": "cn=admin,dc=planetexpress,dc=com", + "AUTH_LDAP_BIND_PASSWORD": "GoodNewsEveryone", + "AUTH_LDAP_USER_SEARCH_BASE_DN": "ou=people,dc=planetexpress,dc=com", + "AUTH_LDAP_USER_SEARCH_SCOPE": "SUBTREE", + "AUTH_LDAP_USER_SEARCH_FILTER": "(uid=%(user)s)", + "AUTH_LDAP_GROUP_SEARCH_BASE_DN": "ou=people,dc=planetexpress,dc=com", + "AUTH_LDAP_GROUP_SEARCH_SCOPE": "SUBTREE", + "AUTH_LDAP_GROUP_SEARCH_FILTER": "(objectClass=Group)", + "AUTH_LDAP_USER_ATTR_MAP": { + "first_name": "givenName", + "last_name": "sn", + "email": "mail", + }, + }, + { + "GALAXY_AUTH_LDAP_ENABLED": True, + "AUTH_LDAP_GLOBAL_OPTIONS": {}, + "AUTHENTICATION_BACKENDS": [ + "galaxy_ng.app.auth.ldap.PrefixedLDAPBackend", + "django.contrib.auth.backends.ModelBackend", + "pulpcore.backends.ObjectRolePermissionBackend", + "dynaconf_merge", + "ansible_base.lib.backends.prefixed_user_auth.PrefixedUserAuthBackend", + ], + "ANSIBLE_AUTHENTICATION_CLASSES": None, + "GALAXY_AUTHENTICATION_CLASSES": None, + "REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES": None, }, - }, - { - 'GALAXY_AUTH_LDAP_ENABLED': True, - "AUTH_LDAP_GLOBAL_OPTIONS": {}, - 'AUTHENTICATION_BACKENDS': [ - "galaxy_ng.app.auth.ldap.PrefixedLDAPBackend", - "django.contrib.auth.backends.ModelBackend", - "pulpcore.backends.ObjectRolePermissionBackend", - "dynaconf_merge", - 'ansible_base.lib.backends.prefixed_user_auth.PrefixedUserAuthBackend' - ], - 'ANSIBLE_AUTHENTICATION_CLASSES': None, - 'GALAXY_AUTHENTICATION_CLASSES': None, - 'REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES': None, - } ), - # >=4.10 keycloak ... ( - #True, - False, - { - 'AUTHENTICATION_BACKEND_PRESET': 'keycloak', - "SOCIAL_AUTH_KEYCLOAK_KEY": 'xyz', - "SOCIAL_AUTH_KEYCLOAK_SECRET": 'abc', - "SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY": '1234', - "KEYCLOAK_PROTOCOL": 'http', - "KEYCLOAK_HOST": 'cloak.com', - "KEYCLOAK_PORT": 8080, - "KEYCLOAK_REALM": "aap", - }, - { - 'GALAXY_AUTH_KEYCLOAK_ENABLED': True, - 'GALAXY_FEATURE_FLAGS__external_authentication': True, - 'AUTHENTICATION_BACKENDS': [ - 'social_core.backends.keycloak.KeycloakOAuth2', - 'dynaconf_merge', - 'ansible_base.lib.backends.prefixed_user_auth.PrefixedUserAuthBackend', - ], - 'ANSIBLE_AUTHENTICATION_CLASSES': [ - 'galaxy_ng.app.auth.keycloak.KeycloakBasicAuth', - 'galaxy_ng.app.auth.token.ExpiringTokenAuthentication', - 'galaxy_ng.app.auth.session.SessionAuthentication', - ], - 'GALAXY_AUTHENTICATION_CLASSES': [ - 'galaxy_ng.app.auth.keycloak.KeycloakBasicAuth', - 'galaxy_ng.app.auth.token.ExpiringTokenAuthentication', - 'galaxy_ng.app.auth.session.SessionAuthentication', - ], - 'REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES': [ - 'galaxy_ng.app.auth.keycloak.KeycloakBasicAuth', - 'galaxy_ng.app.auth.token.ExpiringTokenAuthentication', - 'galaxy_ng.app.auth.session.SessionAuthentication', - ] - } + True, + # False, + { + "AUTHENTICATION_BACKEND_PRESET": "keycloak", + "SOCIAL_AUTH_KEYCLOAK_KEY": "xyz", + "SOCIAL_AUTH_KEYCLOAK_SECRET": "abc", + "SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY": "1234", + "KEYCLOAK_PROTOCOL": "http", + "KEYCLOAK_HOST": "cloak.com", + "KEYCLOAK_PORT": 8080, + "KEYCLOAK_REALM": "aap", + }, + { + "GALAXY_AUTH_KEYCLOAK_ENABLED": True, + "GALAXY_FEATURE_FLAGS__external_authentication": True, + "AUTHENTICATION_BACKENDS": [ + "social_core.backends.keycloak.KeycloakOAuth2", + "dynaconf_merge", + "ansible_base.lib.backends.prefixed_user_auth.PrefixedUserAuthBackend", + ], + "ANSIBLE_AUTHENTICATION_CLASSES": [ + "galaxy_ng.app.auth.keycloak.KeycloakBasicAuth", + "galaxy_ng.app.auth.token.ExpiringTokenAuthentication", + "galaxy_ng.app.auth.session.SessionAuthentication", + ], + "GALAXY_AUTHENTICATION_CLASSES": [ + "galaxy_ng.app.auth.keycloak.KeycloakBasicAuth", + "galaxy_ng.app.auth.token.ExpiringTokenAuthentication", + "galaxy_ng.app.auth.session.SessionAuthentication", + ], + "REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES": [ + "galaxy_ng.app.auth.keycloak.KeycloakBasicAuth", + "galaxy_ng.app.auth.token.ExpiringTokenAuthentication", + "galaxy_ng.app.auth.session.SessionAuthentication", + ], + }, ), - # >=4.10 dab .. ( - # True, - False, + True, + # False, { - 'GALAXY_AUTHENTICATION_CLASSES': [ - 'galaxy_ng.app.auth.session.SessionAuthentication', - 'ansible_base.jwt_consumer.hub.auth.HubJWTAuth', - 'rest_framework.authentication.TokenAuthentication', - 'rest_framework.authentication.BasicAuthentication', + "GALAXY_AUTHENTICATION_CLASSES": [ + "galaxy_ng.app.auth.session.SessionAuthentication", + "ansible_base.jwt_consumer.hub.auth.HubJWTAuth", + "rest_framework.authentication.TokenAuthentication", + "rest_framework.authentication.BasicAuthentication", ] }, { - 'AUTHENTICATION_BACKENDS': [ - 'ansible_base.lib.backends.prefixed_user_auth.PrefixedUserAuthBackend', + "AUTHENTICATION_BACKENDS": [ + "ansible_base.lib.backends.prefixed_user_auth.PrefixedUserAuthBackend", ], - 'ANSIBLE_AUTHENTICATION_CLASSES': [ - 'galaxy_ng.app.auth.session.SessionAuthentication', - 'ansible_base.jwt_consumer.hub.auth.HubJWTAuth', - 'rest_framework.authentication.TokenAuthentication', - 'rest_framework.authentication.BasicAuthentication', + "ANSIBLE_AUTHENTICATION_CLASSES": [ + "galaxy_ng.app.auth.session.SessionAuthentication", + "ansible_base.jwt_consumer.hub.auth.HubJWTAuth", + "rest_framework.authentication.TokenAuthentication", + "rest_framework.authentication.BasicAuthentication", ], - 'GALAXY_AUTHENTICATION_CLASSES': [ - 'galaxy_ng.app.auth.session.SessionAuthentication', - 'ansible_base.jwt_consumer.hub.auth.HubJWTAuth', - 'rest_framework.authentication.TokenAuthentication', - 'rest_framework.authentication.BasicAuthentication', + "GALAXY_AUTHENTICATION_CLASSES": [ + "galaxy_ng.app.auth.session.SessionAuthentication", + "ansible_base.jwt_consumer.hub.auth.HubJWTAuth", + "rest_framework.authentication.TokenAuthentication", + "rest_framework.authentication.BasicAuthentication", ], - 'REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES': [ - 'galaxy_ng.app.auth.session.SessionAuthentication', - 'ansible_base.jwt_consumer.hub.auth.HubJWTAuth', - 'rest_framework.authentication.TokenAuthentication', - 'rest_framework.authentication.BasicAuthentication', + "REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES": [ + "galaxy_ng.app.auth.session.SessionAuthentication", + "ansible_base.jwt_consumer.hub.auth.HubJWTAuth", + "rest_framework.authentication.TokenAuthentication", + "rest_framework.authentication.BasicAuthentication", ], }, ), - # >=4.10 keycloak+dab ... ( - #True, - False, + True, + # False, { - 'AUTHENTICATION_BACKEND_PRESET': 'keycloak', - "SOCIAL_AUTH_KEYCLOAK_KEY": 'xyz', - "SOCIAL_AUTH_KEYCLOAK_SECRET": 'abc', - "SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY": '1234', - "KEYCLOAK_PROTOCOL": 'http', - "KEYCLOAK_HOST": 'cloak.com', + "AUTHENTICATION_BACKEND_PRESET": "keycloak", + "SOCIAL_AUTH_KEYCLOAK_KEY": "xyz", + "SOCIAL_AUTH_KEYCLOAK_SECRET": "abc", + "SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY": "1234", + "KEYCLOAK_PROTOCOL": "http", + "KEYCLOAK_HOST": "cloak.com", "KEYCLOAK_PORT": 8080, "KEYCLOAK_REALM": "aap", - 'GALAXY_AUTHENTICATION_CLASSES': [ - 'galaxy_ng.app.auth.session.SessionAuthentication', - 'ansible_base.jwt_consumer.hub.auth.HubJWTAuth', - 'rest_framework.authentication.TokenAuthentication', - 'rest_framework.authentication.BasicAuthentication', - ] + "GALAXY_AUTHENTICATION_CLASSES": [ + "galaxy_ng.app.auth.session.SessionAuthentication", + "ansible_base.jwt_consumer.hub.auth.HubJWTAuth", + "rest_framework.authentication.TokenAuthentication", + "rest_framework.authentication.BasicAuthentication", + ], }, { - 'GALAXY_AUTH_KEYCLOAK_ENABLED': True, - 'GALAXY_FEATURE_FLAGS__external_authentication': True, - 'AUTHENTICATION_BACKENDS': [ - 'social_core.backends.keycloak.KeycloakOAuth2', - 'dynaconf_merge', - 'ansible_base.lib.backends.prefixed_user_auth.PrefixedUserAuthBackend', - ], - 'ANSIBLE_AUTHENTICATION_CLASSES': [ - 'galaxy_ng.app.auth.keycloak.KeycloakBasicAuth', - 'galaxy_ng.app.auth.token.ExpiringTokenAuthentication', - 'galaxy_ng.app.auth.session.SessionAuthentication', - 'ansible_base.jwt_consumer.hub.auth.HubJWTAuth', - 'rest_framework.authentication.TokenAuthentication', - 'rest_framework.authentication.BasicAuthentication', + "GALAXY_AUTH_KEYCLOAK_ENABLED": True, + "GALAXY_FEATURE_FLAGS__external_authentication": True, + "AUTHENTICATION_BACKENDS": [ + "social_core.backends.keycloak.KeycloakOAuth2", + "dynaconf_merge", + "ansible_base.lib.backends.prefixed_user_auth.PrefixedUserAuthBackend", ], - 'GALAXY_AUTHENTICATION_CLASSES': [ - 'galaxy_ng.app.auth.keycloak.KeycloakBasicAuth', - 'galaxy_ng.app.auth.token.ExpiringTokenAuthentication', - 'galaxy_ng.app.auth.session.SessionAuthentication', - 'ansible_base.jwt_consumer.hub.auth.HubJWTAuth', - 'rest_framework.authentication.TokenAuthentication', - 'rest_framework.authentication.BasicAuthentication', + "ANSIBLE_AUTHENTICATION_CLASSES": [ + "galaxy_ng.app.auth.keycloak.KeycloakBasicAuth", + "galaxy_ng.app.auth.token.ExpiringTokenAuthentication", + "galaxy_ng.app.auth.session.SessionAuthentication", + "ansible_base.jwt_consumer.hub.auth.HubJWTAuth", + "rest_framework.authentication.TokenAuthentication", + "rest_framework.authentication.BasicAuthentication", ], - 'REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES': [ - 'galaxy_ng.app.auth.keycloak.KeycloakBasicAuth', - 'galaxy_ng.app.auth.token.ExpiringTokenAuthentication', - 'galaxy_ng.app.auth.session.SessionAuthentication', - 'ansible_base.jwt_consumer.hub.auth.HubJWTAuth', - 'rest_framework.authentication.TokenAuthentication', - 'rest_framework.authentication.BasicAuthentication', - ] - } + "GALAXY_AUTHENTICATION_CLASSES": [ + "galaxy_ng.app.auth.keycloak.KeycloakBasicAuth", + "galaxy_ng.app.auth.token.ExpiringTokenAuthentication", + "galaxy_ng.app.auth.session.SessionAuthentication", + "ansible_base.jwt_consumer.hub.auth.HubJWTAuth", + "rest_framework.authentication.TokenAuthentication", + "rest_framework.authentication.BasicAuthentication", + ], + "REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES": [ + "galaxy_ng.app.auth.keycloak.KeycloakBasicAuth", + "galaxy_ng.app.auth.token.ExpiringTokenAuthentication", + "galaxy_ng.app.auth.session.SessionAuthentication", + "ansible_base.jwt_consumer.hub.auth.HubJWTAuth", + "rest_framework.authentication.TokenAuthentication", + "rest_framework.authentication.BasicAuthentication", + ], + }, ), - # >=4.10 ldap+dab ... ( - True, - #False, - { - 'AUTHENTICATION_BACKEND_PRESET': 'ldap', - 'AUTH_LDAP_SERVER_URI': "ldap://ldap:10389", - 'AUTH_LDAP_BIND_DN': "cn=admin,dc=planetexpress,dc=com", - 'AUTH_LDAP_BIND_PASSWORD': "GoodNewsEveryone", - 'AUTH_LDAP_USER_SEARCH_BASE_DN': "ou=people,dc=planetexpress,dc=com", - 'AUTH_LDAP_USER_SEARCH_SCOPE': "SUBTREE", - 'AUTH_LDAP_USER_SEARCH_FILTER': "(uid=%(user)s)", - 'AUTH_LDAP_GROUP_SEARCH_BASE_DN': "ou=people,dc=planetexpress,dc=com", - 'AUTH_LDAP_GROUP_SEARCH_SCOPE': "SUBTREE", - 'AUTH_LDAP_GROUP_SEARCH_FILTER': "(objectClass=Group)", - 'AUTH_LDAP_USER_ATTR_MAP': { - 'first_name': 'givenName', - 'last_name': 'sn', - 'email': 'mail' + True, + # False, + { + "AUTHENTICATION_BACKEND_PRESET": "ldap", + "AUTH_LDAP_SERVER_URI": "ldap://ldap:10389", + "AUTH_LDAP_BIND_DN": "cn=admin,dc=planetexpress,dc=com", + "AUTH_LDAP_BIND_PASSWORD": "GoodNewsEveryone", + "AUTH_LDAP_USER_SEARCH_BASE_DN": "ou=people,dc=planetexpress,dc=com", + "AUTH_LDAP_USER_SEARCH_SCOPE": "SUBTREE", + "AUTH_LDAP_USER_SEARCH_FILTER": "(uid=%(user)s)", + "AUTH_LDAP_GROUP_SEARCH_BASE_DN": "ou=people,dc=planetexpress,dc=com", + "AUTH_LDAP_GROUP_SEARCH_SCOPE": "SUBTREE", + "AUTH_LDAP_GROUP_SEARCH_FILTER": "(objectClass=Group)", + "AUTH_LDAP_USER_ATTR_MAP": { + "first_name": "givenName", + "last_name": "sn", + "email": "mail", + }, + "GALAXY_AUTHENTICATION_CLASSES": [ + "galaxy_ng.app.auth.session.SessionAuthentication", + "ansible_base.jwt_consumer.hub.auth.HubJWTAuth", + "rest_framework.authentication.TokenAuthentication", + "rest_framework.authentication.BasicAuthentication", + ], + }, + { + "GALAXY_AUTH_LDAP_ENABLED": True, + "AUTH_LDAP_GLOBAL_OPTIONS": {}, + "AUTHENTICATION_BACKENDS": [ + "galaxy_ng.app.auth.ldap.PrefixedLDAPBackend", + "django.contrib.auth.backends.ModelBackend", + "pulpcore.backends.ObjectRolePermissionBackend", + "dynaconf_merge", + "ansible_base.lib.backends.prefixed_user_auth.PrefixedUserAuthBackend", + ], + "ANSIBLE_AUTHENTICATION_CLASSES": [ + "galaxy_ng.app.auth.session.SessionAuthentication", + "ansible_base.jwt_consumer.hub.auth.HubJWTAuth", + "rest_framework.authentication.TokenAuthentication", + "rest_framework.authentication.BasicAuthentication", + ], + "GALAXY_AUTHENTICATION_CLASSES": [ + "galaxy_ng.app.auth.session.SessionAuthentication", + "ansible_base.jwt_consumer.hub.auth.HubJWTAuth", + "rest_framework.authentication.TokenAuthentication", + "rest_framework.authentication.BasicAuthentication", + ], + "REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES": [ + "galaxy_ng.app.auth.session.SessionAuthentication", + "ansible_base.jwt_consumer.hub.auth.HubJWTAuth", + "rest_framework.authentication.TokenAuthentication", + "rest_framework.authentication.BasicAuthentication", + ], }, - 'GALAXY_AUTHENTICATION_CLASSES': [ - 'galaxy_ng.app.auth.session.SessionAuthentication', - 'ansible_base.jwt_consumer.hub.auth.HubJWTAuth', - 'rest_framework.authentication.TokenAuthentication', - 'rest_framework.authentication.BasicAuthentication', - ] - }, - { - 'GALAXY_AUTH_LDAP_ENABLED': True, - "AUTH_LDAP_GLOBAL_OPTIONS": {}, - 'AUTHENTICATION_BACKENDS': [ - "galaxy_ng.app.auth.ldap.PrefixedLDAPBackend", - "django.contrib.auth.backends.ModelBackend", - "pulpcore.backends.ObjectRolePermissionBackend", - "dynaconf_merge", - 'ansible_base.lib.backends.prefixed_user_auth.PrefixedUserAuthBackend' - ], - 'ANSIBLE_AUTHENTICATION_CLASSES': [ - 'galaxy_ng.app.auth.session.SessionAuthentication', - 'ansible_base.jwt_consumer.hub.auth.HubJWTAuth', - 'rest_framework.authentication.TokenAuthentication', - 'rest_framework.authentication.BasicAuthentication', - ], - 'GALAXY_AUTHENTICATION_CLASSES': [ - 'galaxy_ng.app.auth.session.SessionAuthentication', - 'ansible_base.jwt_consumer.hub.auth.HubJWTAuth', - 'rest_framework.authentication.TokenAuthentication', - 'rest_framework.authentication.BasicAuthentication', - ], - 'REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES': [ - 'galaxy_ng.app.auth.session.SessionAuthentication', - 'ansible_base.jwt_consumer.hub.auth.HubJWTAuth', - 'rest_framework.authentication.TokenAuthentication', - 'rest_framework.authentication.BasicAuthentication', - ], - } ), - - ] + ], ) -def test_dynaconf_hooks(do_stuff, extra_settings, expected_results): +def test_dynaconf_hooks_authentication_backends_and_classes(do_stuff, extra_settings, expected_results): + + # skip test this way ... if not do_stuff: return @@ -337,24 +320,18 @@ def test_dynaconf_hooks(do_stuff, extra_settings, expected_results): xsettings.update(copy.deepcopy(BASE_SETTINGS)) if extra_settings: xsettings.update(copy.deepcopy(extra_settings)) - xsettings.immutable = True - - # import epdb; epdb.st() - print(f'XSETTINGS: {id(xsettings)}') - new_settings = post_hook(xsettings, testing=True, run_dynamic=False, run_validate=False) - - print('\n*******************************************') - pprint(new_settings) + # don't allow the downstream to edit this data ... + xsettings.immutable = True + new_settings = post_hook(xsettings, run_dynamic=False, run_validate=False) for key, val in expected_results.items(): + """ try: assert new_settings[key] == val except Exception as e: print(e) import epdb; epdb.st() print(e) + """ assert new_settings.get(key) == val - - # import epdb; epdb.st() - #print('foobar')