Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use of oidc configuration in the server unit test as default #3249

Merged

Conversation

npalaska
Copy link
Member

@npalaska npalaska commented Feb 10, 2023

We have decided to keep the internal users table for the purpose of quick user lookup and logging. However, unlike the current users table, there won't be any user credentials stored in the internal database. To facilitate this transition we have to break the user table and active tokens table SQL relationship.

This will break all the unit tests because of the way they are set up right now. Currently, we update the active tokens table when we create a new JWT token in the unit test and update the respective user table relationship. And validation of the token depends on it being available in the active tokens table.

This story is to start using the oidc configuration as a default setup in the unit tests and start using RS256 to encode and decode the JWT tokens (using oidc token introspection). And remove the active tokens dependency from the unit tests.

PBENCH-1079

@npalaska npalaska self-assigned this Feb 10, 2023
@npalaska npalaska added Server Unit tests Users Of and relating to working with users. labels Feb 10, 2023
@npalaska npalaska added this to the v0.72 milestone Feb 10, 2023
@npalaska npalaska force-pushed the pbench_1079 branch 2 times, most recently from 8221f22 to 305a2c3 Compare February 10, 2023 23:27
dbutenhof
dbutenhof previously approved these changes Feb 13, 2023
Copy link
Member

@dbutenhof dbutenhof left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To facilitate this transition we have to break the user table and active tokens table SQL relationship.

Not sure I really believe "we have to", and being able to join from our API key table (new "active tokens") back to our local ID cache might possibly be handy.

On the other hand we'll likely want OIDC UUID in both anyway, which serves to connect them and having a specialized foreign key (much less SQLAlchemy join relationship) is unlikely to provide much extra value, so I'm only commenting on the wording, not really objecting to the conclusion. 😆

lib/pbench/test/unit/server/conftest.py Outdated Show resolved Hide resolved
@npalaska
Copy link
Member Author

Not sure I really believe "we have to", and being able to join from our API key table (new "active tokens") back to our local ID cache might possibly be handy.

Yeah, I could have said that the current active tokens table relationship needs to be dropped from the Users table and will be replaced with a new API keys table.

On the other hand we'll likely want OIDC UUID in both anyway, which serves to connect them and having a specialized foreign key (much less SQLAlchemy join relationship) is unlikely to provide much extra value, so I'm only commenting on the wording, not really objecting to the conclusion.

Yeah, when we have a new API key table, we could possibly include the OIDC UUID in it as the first API key will always be generated using the OIDC token.

Copy link
Member

@webbnh webbnh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nothing huge, but there are a few little things which ought to be fixed (and some smaller things for your consideration).

lib/pbench/server/auth/__init__.py Outdated Show resolved Hide resolved
lib/pbench/test/unit/server/conftest.py Outdated Show resolved Hide resolved
lib/pbench/test/unit/server/conftest.py Show resolved Hide resolved
lib/pbench/test/unit/server/conftest.py Outdated Show resolved Hide resolved
lib/pbench/test/unit/server/test_shell_cli.py Show resolved Hide resolved
Copy link
Member

@webbnh webbnh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, and the build is running, now.

@npalaska npalaska requested a review from dbutenhof February 14, 2023 15:51
@npalaska npalaska merged commit 19b20b7 into distributed-system-analysis:openid-connect Feb 14, 2023
npalaska added a commit to npalaska/pbench that referenced this pull request Mar 9, 2023
…uted-system-analysis#3249)

Use of OIDC configuration in the server unit test as default.

We have decided to keep the internal Users table for the purpose of quick user lookup and logging. However, unlike the current Users table, there won't be any user credentials stored in the internal database. To facilitate this transition we have to update the User table and active tokens table.

This will break all the unit tests because of the way they are set up right now. Currently, we update the active tokens table when we create a new JWT token in the unit test and update the respective user table relationship. And validation of the token depends on it being available in the active tokens table.

This change is to use OIDC configuration in the unit tests and start using RS256 to encode and decode the JWT tokens (using OIDC token introspection). And remove the active tokens dependency from the unit tests.

PBENCH-1079
npalaska added a commit that referenced this pull request Mar 13, 2023
Use of OIDC configuration in the server unit test as default.

We have decided to keep the internal Users table for the purpose of quick user lookup and logging. However, unlike the current Users table, there won't be any user credentials stored in the internal database. To facilitate this transition we have to update the User table and active tokens table.

This will break all the unit tests because of the way they are set up right now. Currently, we update the active tokens table when we create a new JWT token in the unit test and update the respective user table relationship. And validation of the token depends on it being available in the active tokens table.

This change is to use OIDC configuration in the unit tests and start using RS256 to encode and decode the JWT tokens (using OIDC token introspection). And remove the active tokens dependency from the unit tests.

PBENCH-1079
npalaska added a commit to npalaska/pbench that referenced this pull request Mar 27, 2023
…uted-system-analysis#3249)

Use of OIDC configuration in the server unit test as default.

We have decided to keep the internal Users table for the purpose of quick user lookup and logging. However, unlike the current Users table, there won't be any user credentials stored in the internal database. To facilitate this transition we have to update the User table and active tokens table.

This will break all the unit tests because of the way they are set up right now. Currently, we update the active tokens table when we create a new JWT token in the unit test and update the respective user table relationship. And validation of the token depends on it being available in the active tokens table.

This change is to use OIDC configuration in the unit tests and start using RS256 to encode and decode the JWT tokens (using OIDC token introspection). And remove the active tokens dependency from the unit tests.

PBENCH-1079
npalaska added a commit to npalaska/pbench that referenced this pull request Mar 27, 2023
…uted-system-analysis#3249)

Use of OIDC configuration in the server unit test as default.

We have decided to keep the internal Users table for the purpose of quick user lookup and logging. However, unlike the current Users table, there won't be any user credentials stored in the internal database. To facilitate this transition we have to update the User table and active tokens table.

This will break all the unit tests because of the way they are set up right now. Currently, we update the active tokens table when we create a new JWT token in the unit test and update the respective user table relationship. And validation of the token depends on it being available in the active tokens table.

This change is to use OIDC configuration in the unit tests and start using RS256 to encode and decode the JWT tokens (using OIDC token introspection). And remove the active tokens dependency from the unit tests.

PBENCH-1079
npalaska added a commit to npalaska/pbench that referenced this pull request Mar 28, 2023
…uted-system-analysis#3249)

Use of OIDC configuration in the server unit test as default.

We have decided to keep the internal Users table for the purpose of quick user lookup and logging. However, unlike the current Users table, there won't be any user credentials stored in the internal database. To facilitate this transition we have to update the User table and active tokens table.

This will break all the unit tests because of the way they are set up right now. Currently, we update the active tokens table when we create a new JWT token in the unit test and update the respective user table relationship. And validation of the token depends on it being available in the active tokens table.

This change is to use OIDC configuration in the unit tests and start using RS256 to encode and decode the JWT tokens (using OIDC token introspection). And remove the active tokens dependency from the unit tests.

PBENCH-1079
npalaska added a commit to npalaska/pbench that referenced this pull request Mar 30, 2023
…uted-system-analysis#3249)

Use of OIDC configuration in the server unit test as default.

We have decided to keep the internal Users table for the purpose of quick user lookup and logging. However, unlike the current Users table, there won't be any user credentials stored in the internal database. To facilitate this transition we have to update the User table and active tokens table.

This will break all the unit tests because of the way they are set up right now. Currently, we update the active tokens table when we create a new JWT token in the unit test and update the respective user table relationship. And validation of the token depends on it being available in the active tokens table.

This change is to use OIDC configuration in the unit tests and start using RS256 to encode and decode the JWT tokens (using OIDC token introspection). And remove the active tokens dependency from the unit tests.

PBENCH-1079
npalaska added a commit to npalaska/pbench that referenced this pull request Mar 31, 2023
…uted-system-analysis#3249)

Use of OIDC configuration in the server unit test as default.

We have decided to keep the internal Users table for the purpose of quick user lookup and logging. However, unlike the current Users table, there won't be any user credentials stored in the internal database. To facilitate this transition we have to update the User table and active tokens table.

This will break all the unit tests because of the way they are set up right now. Currently, we update the active tokens table when we create a new JWT token in the unit test and update the respective user table relationship. And validation of the token depends on it being available in the active tokens table.

This change is to use OIDC configuration in the unit tests and start using RS256 to encode and decode the JWT tokens (using OIDC token introspection). And remove the active tokens dependency from the unit tests.

PBENCH-1079
npalaska added a commit that referenced this pull request Mar 31, 2023
Use of OIDC configuration in the server unit test as default.

We have decided to keep the internal Users table for the purpose of quick user lookup and logging. However, unlike the current Users table, there won't be any user credentials stored in the internal database. To facilitate this transition we have to update the User table and active tokens table.

This will break all the unit tests because of the way they are set up right now. Currently, we update the active tokens table when we create a new JWT token in the unit test and update the respective user table relationship. And validation of the token depends on it being available in the active tokens table.

This change is to use OIDC configuration in the unit tests and start using RS256 to encode and decode the JWT tokens (using OIDC token introspection). And remove the active tokens dependency from the unit tests.

PBENCH-1079
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Server Unit tests Users Of and relating to working with users.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants