-
Notifications
You must be signed in to change notification settings - Fork 327
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configurable GV Mock + HMAC Auth #10623
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good! found some nits but it took some effort -- i like how you've used dataclasses for lightweight bespoke fakery
|
||
|
||
@dataclasses.dataclass | ||
class _MockGVEntity: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
naming nitpick (feel free to disregard): could be confusing to call these things "mocks", since they have nothing to do with the standard Mock
interface (with assert_called
and friends) -- the word's not wrong, but the collision with a standard-lib term could be misleading...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤿
into gv-files-provider-waffle * 'develop' of https://github.com/CenterForOpenScience/osf.io: Configurable GV Mock + HMAC Auth (CenterForOpenScience#10623)
into remove-quickfiles-code * 'develop' of https://github.com/CenterForOpenScience/osf.io: (166 commits) update dataverse dep revision to get changes Update CHANGELOG, bump version [CR][ENG-5681] Great Big Python Upgrade (CenterForOpenScience#10648) Revert "[ENG-3685] Add permissions for withdrawn registration files (CenterForOpenScience#10650)" (CenterForOpenScience#10666) Check Registration READ perms on the Registration - Do not record download metrics for renders Fix signature Allow DOI metadata updates to be queued [ENG-3685] Add permissions for withdrawn registration files (CenterForOpenScience#10650) Update CHANGELOG, bump version [ENG-5030] Preprints Phase 2 - BE (CenterForOpenScience#10617) Update CHANGELOG, bump version Ensure Assumed-HAM users do not get autobanned [ENG-5762] Get GV set up in osf docker configs (CenterForOpenScience#10643) [ENG-5718] Use `make_auth` to avoid assumptions about `auth.user` (CenterForOpenScience#10647) [ENG-5699] Framework for getting Addon Info from GV (CenterForOpenScience#10641) [ENG-5178] Allow unauthenticated users to see public files (CenterForOpenScience#10645) Fix RelationshipPostMakesNoChanges exception in project creation (CenterForOpenScience#10644) [ENG - 5008] Support Unicode and special characters in file names during archiving (CenterForOpenScience#10627) Set Default Resource Type for Registrations to "Study Registration" (CenterForOpenScience#10636) Configurable GV Mock + HMAC Auth (CenterForOpenScience#10623) ... # Conflicts: # addons/base/views.py # api/caching/tasks.py # api_tests/files/views/test_file_detail.py # api_tests/wb/views/test_wb_hooks.py # osf/management/commands/data_storage_usage.py # osf/management/commands/reindex_quickfiles.py # osf/management/commands/transfer_quickfiles_to_projects.py # osf/models/__init__.py # osf/models/private_link.py # osf/models/quickfiles.py # osf/models/user.py # scripts/fix_merged_user_quickfiles.py # tests/test_views.py # website/mails/mails.py # website/search/elastic_search.py # website/settings/defaults.py
Purpose
Add
Changes
osf/external/gravyvalet/auth_helpers
is copied almost directly from GravyValet but adds support for sendingX-Requesting-User-URI
,X-Requested-Resource-URI
, andX-Requested-Resource-Permissions
headers (and including them in the HMAC signature).requests.Request
format instead of therest_framework.Request
formatvalidate_hmac_signed_headers
function to accept the new headersosf/external/gravyvalet/gv_mocks
implements naive versions of the top-level GravyValet entities as Dataclasses, provides utilities for configuring new entities, and provides a context manager that mocks and re-routes requests to GravyValet to retrieve these configured entities.QA Notes
Please make verification statements inspired by your code and what your code touches.
What are the areas of risk?
Any concerns/considerations/questions that development raised?
Documentation
Side Effects
Ticket