From 638a8337ed21fdd90671fe6a1f373ad86a6ef03e Mon Sep 17 00:00:00 2001 From: Alexander VanTol Date: Wed, 23 Feb 2022 12:04:38 -0600 Subject: [PATCH 1/4] Create image_build_push.yaml --- .github/workflows/image_build_push.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .github/workflows/image_build_push.yaml diff --git a/.github/workflows/image_build_push.yaml b/.github/workflows/image_build_push.yaml new file mode 100644 index 000000000..de360f16d --- /dev/null +++ b/.github/workflows/image_build_push.yaml @@ -0,0 +1,8 @@ +name: Build Image and Push to Quay + +on: push + +jobs: + ci: + name: Build Image and Push to Quay + uses: uc-cdis/.github/.github/workflows/image_build_push.yaml@feat/build-push-image From b2ecc4aa59e49bc7b6e604d3a131d6425a3e8bfa Mon Sep 17 00:00:00 2001 From: Alexander VanTol Date: Wed, 23 Feb 2022 14:30:39 -0600 Subject: [PATCH 2/4] Update image_build_push.yaml --- .github/workflows/image_build_push.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/image_build_push.yaml b/.github/workflows/image_build_push.yaml index de360f16d..d63ae8674 100644 --- a/.github/workflows/image_build_push.yaml +++ b/.github/workflows/image_build_push.yaml @@ -6,3 +6,8 @@ jobs: ci: name: Build Image and Push to Quay uses: uc-cdis/.github/.github/workflows/image_build_push.yaml@feat/build-push-image + secrets: + ECR_AWS_ACCESS_KEY_ID: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }} + ECR_AWS_SECRET_ACCESS_KEY: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }} + QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }} + QUAY_ROBOT_TOKEN: ${{ secrets.QUAY_ROBOT_TOKEN }} From 82e8bbfbe59e5602baa886b4c73db091f2e89f38 Mon Sep 17 00:00:00 2001 From: Pauline Ribeyre <4224001+paulineribeyre@users.noreply.github.com> Date: Fri, 25 Feb 2022 11:37:19 -0600 Subject: [PATCH 3/4] Fix ENABLED_IDENTITY_PROVIDERS errors (#1010) --- fence/auth.py | 4 ++-- fence/blueprints/login/__init__.py | 4 ++-- fence/blueprints/oauth2.py | 4 ++-- fence/config-default.yaml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/fence/auth.py b/fence/auth.py index 37eb9a221..18bd8f634 100644 --- a/fence/auth.py +++ b/fence/auth.py @@ -194,8 +194,8 @@ def wrapper(*args, **kwargs): ] else: # fall back on "providers" - enable_shib = "shibboleth" in config.get( - "ENABLED_IDENTITY_PROVIDERS", {} + enable_shib = "shibboleth" in ( + config.get("ENABLED_IDENTITY_PROVIDERS") or {} ).get("providers", {}) if enable_shib and "SHIBBOLETH_HEADER" in config: diff --git a/fence/blueprints/login/__init__.py b/fence/blueprints/login/__init__.py index 791d69bc2..b2157bc33 100644 --- a/fence/blueprints/login/__init__.py +++ b/fence/blueprints/login/__init__.py @@ -178,7 +178,7 @@ def get_login_providers_info(): # default login option if config.get("DEFAULT_LOGIN_IDP"): default_idp = config["DEFAULT_LOGIN_IDP"] - elif "default" in config.get("ENABLED_IDENTITY_PROVIDERS", {}): + elif "default" in (config.get("ENABLED_IDENTITY_PROVIDERS") or {}): # fall back on ENABLED_IDENTITY_PROVIDERS.default default_idp = config["ENABLED_IDENTITY_PROVIDERS"]["default"] else: @@ -188,7 +188,7 @@ def get_login_providers_info(): # other login options if config["LOGIN_OPTIONS"]: login_options = config["LOGIN_OPTIONS"] - elif "providers" in config.get("ENABLED_IDENTITY_PROVIDERS", {}): + elif "providers" in (config.get("ENABLED_IDENTITY_PROVIDERS") or {}): # fall back on "providers" and convert to "login_options" format enabled_providers = config["ENABLED_IDENTITY_PROVIDERS"]["providers"] login_options = [ diff --git a/fence/blueprints/oauth2.py b/fence/blueprints/oauth2.py index d6c4129dc..0aaa3ffc0 100644 --- a/fence/blueprints/oauth2.py +++ b/fence/blueprints/oauth2.py @@ -78,8 +78,8 @@ def authorize(*args, **kwargs): login_url = None if not idp: - if not config.get("DEFAULT_LOGIN_IDP") and "default" not in config.get( - "ENABLED_IDENTITY_PROVIDERS", {} + if not config.get("DEFAULT_LOGIN_IDP") and "default" not in ( + config.get("ENABLED_IDENTITY_PROVIDERS") or {} ): # fall back on deprecated DEFAULT_LOGIN_URL login_url = config.get("DEFAULT_LOGIN_URL") diff --git a/fence/config-default.yaml b/fence/config-default.yaml index c3471ec5c..d4c4bc8a7 100755 --- a/fence/config-default.yaml +++ b/fence/config-default.yaml @@ -349,7 +349,7 @@ DEFAULT_LOGIN_URL: '{{BASE_URL}}/login/google' LOGIN_REDIRECT_WHITELIST: [] ### DEPRECATED and replaced by OPENID_CONNECT + LOGIN_OPTIONS configs -ENABLED_IDENTITY_PROVIDERS: +ENABLED_IDENTITY_PROVIDERS: {} # ////////////////////////////////////////////////////////////////////////////////////// From 292d8a3a2d57285a8f5ee7f43fb94f5ca913afe1 Mon Sep 17 00:00:00 2001 From: Alexander VanTol Date: Fri, 25 Feb 2022 15:07:52 -0600 Subject: [PATCH 4/4] Update image_build_push.yaml --- .github/workflows/image_build_push.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image_build_push.yaml b/.github/workflows/image_build_push.yaml index d63ae8674..bea11d288 100644 --- a/.github/workflows/image_build_push.yaml +++ b/.github/workflows/image_build_push.yaml @@ -5,7 +5,7 @@ on: push jobs: ci: name: Build Image and Push to Quay - uses: uc-cdis/.github/.github/workflows/image_build_push.yaml@feat/build-push-image + uses: uc-cdis/.github/.github/workflows/image_build_push.yaml@master secrets: ECR_AWS_ACCESS_KEY_ID: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }} ECR_AWS_SECRET_ACCESS_KEY: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}