refactor: adapt dependency management for v24

.github/workflows/publish.yml

@@ -15,7 +15,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v4
         with:
-          python-version: "3.10"
+          python-version: "3.11"
       - uses: abatilo/actions-poetry@v2
       - name: Publish package
         run: |

.github/workflows/test.yml

@@ -18,7 +18,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v4
         with:
-          python-version: "3.10"
+          python-version: "3.11"
       - uses: psf/black@stable
         with:
           options: "--check ."
@@ -56,7 +56,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v4
         with:
-          python-version: "3.10"
+          python-version: "3.11"
       - uses: abatilo/actions-poetry@v2
       - uses: actions/setup-node@v3
         with:
@@ -65,8 +65,6 @@ jobs:
         run: yarn set version 1.22.21
       - run: |
           sudo apt-get update && sudo apt-get install -y libxmlsec1-dev libmaxminddb-dev
-          python3 -m venv venv
-          . venv/bin/activate
-          venv/bin/pip3 install -U wheel
-          make develop
-          make test
+          poetry install --with test
+          make deps
+          poetry run pytest

.gitignore

@@ -7,3 +7,6 @@ venv
 .venv
 .coverage
 .vscode/
+# Fetched from upstream
+requirements-sentry.txt
+tests/conftest.py

.python-version

@@ -1 +1 @@
-3.10.13
+3.11.8

Makefile

@@ -1,17 +1,17 @@
 SENTRY_VERSION := 24.2.0
 
-.PHONY: clean develop test
+.PHONY: clean deps
 
-develop:
-	pip3 install -e git+https://github.com/getsentry/sentry.git@$(SENTRY_VERSION)#egg=sentry[dev]
-	poetry install -n --no-dev
-	poetry build && pip3 install -U dist/*.whl
-	pip3 install -U codecov pytest freezegun fixtures
-
-test:
-	@echo "--> Running Python tests"
-	python -m pytest tests || exit 1
-	@echo ""
+# Upstream no longer tracks its own dependencies in the package as dev extras,
+# so we cannot resolve them here as transitive dependencies. Instead we fetch
+# their locked development dependencies.
+# Likewise, their root-level conftest is not provided as a pytest plugin for
+# use outside their own tests, but we need their fixtures. We fetch them into
+# our own namespace here.
+deps:
+	curl -L -o requirements-sentry.txt https://github.com/getsentry/sentry/raw/$(SENTRY_VERSION)/requirements-dev-frozen.txt
+	curl -L -o tests/conftest.py https://github.com/getsentry/sentry/raw/$(SENTRY_VERSION)/tests/conftest.py
+	poetry run pip install -r requirements-sentry.txt
 
 clean:
 	rm -rf *.egg-info src/*.egg-info

docker-compose.yml

@@ -0,0 +1,21 @@
+services:
+  postgres:
+    image: postgres:14.11
+    environment:
+      POSTGRES_HOST_AUTH_METHOD: trust
+    # Set health checks to wait until postgres has started
+    healthcheck:
+      test: ["CMD-SHELL", “pg_isready”]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    ports:
+      - 5432:5432
+  memcached:
+    image: memcached:1.6.23-alpine
+    ports:
+      - 11211:11211
+  redis:
+    image: redis:6.2.14-alpine
+    ports:
+      - 6379:6379

oidc/provider.py

@@ -68,26 +68,20 @@ def get_configure_view(self):
 
     def get_auth_pipeline(self):
         return [
-            OIDCLogin(self.get_client_id(), domains=self.domains),
+            OIDCLogin(domains=self.domains, client_id=self.get_client_id()),
             OAuth2Callback(
                 access_token_url=TOKEN_ENDPOINT,
                 client_id=self.get_client_id(),
                 client_secret=self.get_client_secret(),
             ),
-            FetchUser(
-                domains=self.domains,
-                version=self.version,
-            ),
+            FetchUser(domains=self.domains, version=self.version),
         ]
 
     def get_refresh_token_url(self):
         return TOKEN_ENDPOINT
 
     def build_config(self, state):
-        return {
-            "domains": [state["domain"]],
-            "version": DATA_VERSION,
-        }
+        return {"domains": [state["domain"]], "version": DATA_VERSION}
 
     def get_user_info(self, bearer_token):
         endpoint = USERINFO_ENDPOINT

pyproject.toml

@@ -2,7 +2,11 @@
 name = "sentry-auth-oidc"
 version = "8.0.0"
 description = "OpenID Connect authentication provider for Sentry"
-authors = ["Max Wittig <[email protected]>, Diego Louzán <[email protected]>"]
+authors = [
+    "Max Wittig <[email protected]>",
+    "Diego Louzán <[email protected]>",
+    "Nejc Habjan <[email protected]>",
+]
 license = "Apache 2.0"
 readme = "README.rst"
 classifiers = [
@@ -16,14 +20,18 @@ packages = [
 ]
 
 [tool.poetry.dependencies]
-python = "^3.10"
+python = "^3.11"
 
 [tool.poetry.dev-dependencies]
 black = "^22.8.0"
 isort = "^5.7.0"
 flake8 = "^3.8.4"
+
+[tool.poetry.group.test.dependencies]
 codecov = "^2.1.12"
 pytest = "^7.1.3"
+sentry = {git = "https://github.com/getsentry/sentry.git", rev = "24.2.0"}
+fixtures = "^4.1.0"
 
 [tool.isort]
 profile = "black"

tests/test_provider.py

@@ -2,55 +2,48 @@
 from sentry import auth
 from sentry.auth.exceptions import IdentityNotValid
 from sentry.models import AuthIdentity, AuthProvider
-from sentry.testutils import TestCase
+from sentry.testutils.cases import TestCase
+from sentry.testutils.silo import control_silo_test
 
 from oidc.constants import DATA_VERSION
 from oidc.provider import OIDCProvider
 
 
+@control_silo_test
 class OIDCProviderTest(TestCase):
     def setUp(self):
-        self.user = self.create_user("[email protected]")
-        self.org = self.create_organization(owner=self.user)
-        self.auth_provider = AuthProvider.objects.create(
-            provider="oidc",
-            organization=self.org,
+        self.auth_provider_inst = AuthProvider.objects.create(
+            provider="oidc", organization_id=self.organization.id
         )
         auth.register("oidc", OIDCProvider)
-        super(OIDCProviderTest, self).setUp()
+        super().setUp()
 
     def test_refresh_identity_without_refresh_token(self):
         auth_identity = AuthIdentity.objects.create(
-            auth_provider=self.auth_provider,
+            auth_provider=self.auth_provider_inst,
             user=self.user,
-            data={
-                "access_token": "access_token",
-            },
+            data={"access_token": "access_token"},
         )
 
-        provider = self.auth_provider.get_provider()
+        provider = self.auth_provider_inst.get_provider()
 
         with pytest.raises(IdentityNotValid):
             provider.refresh_identity(auth_identity)
 
     def test_handles_multiple_domains(self):
-        self.auth_provider.update(
-            config={"domains": ["example.com"]},
-        )
+        self.auth_provider_inst.update(config={"domains": ["example.com"]})
 
-        provider = self.auth_provider.get_provider()
+        provider = self.auth_provider_inst.get_provider()
         assert provider.domains == ["example.com"]
 
     def test_handles_legacy_single_domain(self):
-        self.auth_provider.update(
-            config={"domain": "example.com"},
-        )
+        self.auth_provider_inst.update(config={"domain": "example.com"})
 
-        provider = self.auth_provider.get_provider()
+        provider = self.auth_provider_inst.get_provider()
         assert provider.domains == ["example.com"]
 
     def test_build_config(self):
-        provider = self.auth_provider.get_provider()
+        provider = self.auth_provider_inst.get_provider()
         state = {
             "domain": "example.com",
             "user": {
@@ -67,7 +60,4 @@ def test_build_config(self):
             },
         }
         result = provider.build_config(state)
-        assert result == {
-            "domains": ["example.com"],
-            "version": DATA_VERSION,
-        }
+        assert result == {"domains": ["example.com"], "version": DATA_VERSION}