Skip to content

Commit 0b4ce1d

Browse files
committed
fix(git_utils): get_git_token format adjustment
This commit fixes a bug on `get_git_token` as the `iib_index_configs_gitlab_tokens_map` will always be a `dict[str, str]` from HashiVault, never being able to be a Tuple. In order to return a Tuple we need to split the token-name from token-value. For that, we're stablishing the standard as a column `:` to separate such values. Refers to CLOUDDST-29117 Signed-off-by: Jonathan Gangi <jgangi@redhat.com>
1 parent df88c5b commit 0b4ce1d

3 files changed

Lines changed: 48 additions & 3 deletions

File tree

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -340,6 +340,7 @@ The custom configuration options for the Celery workers are listed below:
340340
`{registry}/iib-build:{request_id}`.
341341
* `iib_index_configs_gitlab_tokens_map` - A map of index image addresses to GitLab tokens.
342342
These Gitlab repositories are intended to store image `/configs` directories.
343+
Its format should be the full repository URL as keys and `token-name:token-value` as value.
343344
* `iib_log_level` - the Python log level for `iib.workers` logger. This defaults to `INFO`.
344345
* `iib_max_recursive_related_bundles` - the maximum number of recursive related bundles IIB will
345346
recurse through. This is to avoid DOS attacks.

iib/workers/tasks/git_utils.py

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -185,7 +185,15 @@ def get_git_token(git_repo) -> Tuple[str, str]:
185185
git_token_map = get_worker_config()['iib_index_configs_gitlab_tokens_map']
186186
if git_repo not in git_token_map:
187187
raise IIBError(f"Missing key '{git_repo}' in 'iib_index_configs_gitlab_tokens_map'")
188-
return git_token_map[git_repo]
188+
str_token_name_value = git_token_map[git_repo]
189+
splitted_token = str_token_name_value.split(":")
190+
if ":" not in str_token_name_value or '' in splitted_token[:2]:
191+
raise IIBError(
192+
f"Invalid token format for '{git_repo}' in 'iib_index_configs_gitlab_tokens_map'. "
193+
"Expected 'token_name:token_value'."
194+
)
195+
token_name, token_value = splitted_token[:2]
196+
return token_name, token_value
189197

190198

191199
def clone_git_repo(

tests/test_workers/test_tasks/test_git_utils.py

Lines changed: 38 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,15 +27,18 @@
2727
PUB_PENDING_GIT_REPO = f"{GIT_BASE_URL}/iib-pub-pending-index-configs.git"
2828
PUB_PENDING_TOKEN_NAME = "iibpubpendingtoken"
2929
PUB_PENDING_TOKEN_VALUE = "iibpubpendingabc123"
30+
TESTING_REPO = f"{GIT_BASE_URL}/testing.git"
31+
TESTING_TOKEN_VALUE = "abcdef"
3032

3133

3234
@pytest.fixture()
3335
def mock_gwc():
3436
with mock.patch('iib.workers.tasks.git_utils.get_worker_config') as mc:
3537
mc.return_value = {
3638
"iib_index_configs_gitlab_tokens_map": {
37-
PUB_GIT_REPO: (PUB_TOKEN_NAME, PUB_TOKEN_VALUE),
38-
PUB_PENDING_GIT_REPO: (PUB_PENDING_TOKEN_NAME, PUB_PENDING_TOKEN_VALUE),
39+
PUB_GIT_REPO: f"{PUB_TOKEN_NAME}:{PUB_TOKEN_VALUE}",
40+
PUB_PENDING_GIT_REPO: f"{PUB_PENDING_TOKEN_NAME}:{PUB_PENDING_TOKEN_VALUE}",
41+
TESTING_REPO: f"{TESTING_TOKEN_VALUE}:{TESTING_TOKEN_VALUE}:",
3942
},
4043
}
4144
yield mc
@@ -73,6 +76,7 @@ def test_unmapped_git_token(mock_gwc):
7376
[
7477
(PUB_GIT_REPO, PUB_TOKEN_NAME, PUB_TOKEN_VALUE),
7578
(PUB_PENDING_GIT_REPO, PUB_PENDING_TOKEN_NAME, PUB_PENDING_TOKEN_VALUE),
79+
(TESTING_REPO, TESTING_TOKEN_VALUE, TESTING_TOKEN_VALUE),
7680
],
7781
)
7882
def test_get_git_token(repo_url, expected_token_name, expected_token_value, mock_gwc):
@@ -81,6 +85,38 @@ def test_get_git_token(repo_url, expected_token_name, expected_token_value, mock
8185
assert git_token_value == expected_token_value
8286

8387

88+
@pytest.mark.parametrize(
89+
"repo_url, token_value, expected_err",
90+
[
91+
(
92+
TESTING_REPO,
93+
TESTING_TOKEN_VALUE,
94+
f"Invalid token format for '{TESTING_REPO}' in 'iib_index_configs_gitlab_tokens_map'. Expected 'token_name:token_value'.", # noqa: E501
95+
),
96+
(
97+
TESTING_REPO,
98+
"",
99+
f"Invalid token format for '{TESTING_REPO}' in 'iib_index_configs_gitlab_tokens_map'. Expected 'token_name:token_value'.", # noqa: E501
100+
),
101+
(
102+
TESTING_REPO,
103+
":some_value",
104+
f"Invalid token format for '{TESTING_REPO}' in 'iib_index_configs_gitlab_tokens_map'. Expected 'token_name:token_value'.", # noqa: E501
105+
),
106+
(
107+
TESTING_REPO,
108+
"some_name:",
109+
f"Invalid token format for '{TESTING_REPO}' in 'iib_index_configs_gitlab_tokens_map'. Expected 'token_name:token_value'.", # noqa: E501
110+
),
111+
],
112+
)
113+
def test_get_git_token_missing_name_value(repo_url, token_value, expected_err, mock_gwc):
114+
with mock.patch('iib.workers.tasks.git_utils.get_worker_config') as mc:
115+
mc.return_value = {"iib_index_configs_gitlab_tokens_map": {repo_url: token_value}}
116+
with pytest.raises(IIBError, match=expected_err):
117+
git_utils.get_git_token(repo_url)
118+
119+
84120
def test_unmapped_git_url(mock_gwc, gitlab_url_mapping, caplog):
85121
# Setting the logging level via caplog.set_level is not sufficient. The flask
86122
# related settings from previous tests interfere with this.

0 commit comments

Comments
 (0)