Page MenuHomeSoftware Heritage

auth: Map Keycloak user permissions to Django ones
ClosedPublic

Authored by anlambert on Jun 17 2020, 4:10 PM.

Details

Summary

This was the last task remaining to implement in order to close T2048.

Keycloak user permissions are named Roles in Keycloak semantics.

Extract them from each decoded access token and override methods from
django.contrib.auth.models.PermissionsMixin in order to manipulate them
as Django user permissions.

Closes T2247

Diff Detail

Repository
rDWAPPS Web applications
Branch
auth-map-keycloak-permissions
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 12916
Build 19668: Phabricator diff pipeline on jenkinsJenkins console · Jenkins
Build 19667: arc lint + arc unit

Event Timeline

Build is green

Patch application report for D3304 (id=11707)

Rebasing onto e926cadb92...

Current branch diff-target is up to date.
Changes applied before test
commit 7e719461588132fdaf854e20ccf244b83bc607da
Author: Antoine Lambert <antoine.lambert@inria.fr>
Date:   Wed Jun 17 16:02:08 2020 +0200

    auth: Map Keycloak user permissions to Django ones
    
    Keycloak user permissions are named Roles in Keycloak semantics.
    
    Extract them from each decoded access token and override methods from
    django.contrib.auth.models.PermissionsMixin in order to manipulate them
    as Django user permissions.
    
    Closes T2247

See https://jenkins.softwareheritage.org/job/DWAPPS/job/tests-on-diff/188/ for more details.

ardumont added a subscriber: ardumont.

I gather it's good (but some things may escape me).

I'm missing a bit description what tests are testing, i suggested some docstrings.
Hopefully, that helps.

Cheers,

swh/web/tests/auth/test_backends.py
52

Maybe add docstring to clarify what's the scenario we are testing.

"Staff member should be allowed access" (or something better if you have in store ;)

91

"User with app permission should be allowed authentication" (please something better if you have that in store ;)

168

"User with app permission should be allowed api authentication" ?

This revision is now accepted and ready to land.Jun 18 2020, 9:11 AM

I gather it's good (but some things may escape me).

I have created T2458 for documenting users management with Keycloak, this should fill the blanks when it's done ;-)

I'm missing a bit description what tests are testing, i suggested some docstrings.
Hopefully, that helps.

Cheers,

Ack, will add test docstrings in a new commit.

Ack, will add test docstrings in a new commit.

D3312

swh/web/tests/auth/test_backends.py
52