OIDC active state form #15168
OIDC active state form #15168
Conversation
ada3c70 to
1e9cb8b
Compare
|
I'll review this once #13980 is merged and conflicts are resolved here! |
59af76f to
d4916b4
Compare
|
@di, @woodruffw. Before you give this PR a super thorough review, I'll point out that I've included quite a bit of duplication tests/unit/accounts/test_views.py. I think I would be able to avoid this if I changed all of the validation tests in that file to call That could result in quite large or complex parameterize lists though. Any thoughts? |
|
@th3coop We already have parametrized tests for these which were added recently, e.g. for that specific example: warehouse/tests/unit/accounts/test_views.py Lines 3442 to 3526 in e62049b I think if you get this branch up to date, you should just be able to add a new ActiveState parameter to these existing tests, rather than duplicating them. |
|
@th3coop Is it possible you're rebasing on the out-of-date |
|
@di, that is possible. I often pull in the upstream |
d4916b4 to
a66fad3
Compare
|
OK. @di,I got things fixed up. Again, sorry about that mixup. Also, I'm working on getting Allowing changes to a pull request branch created from a fork enabled on this PR. I don't appear to have permissions to do that. |
40e20e5 to
07eb067
Compare
|
Hey @di. It appears that we can't turn on **Allowing changes to a pull request branch created from a fork If not having this turned on is a huge pain for y'all, let me know and I can move the remaining PRs to my personal account. |
|
Yeah, that's an unfortunate known long-standing bug with GitHub orgs and forks. The hacky workaround is to manually give the person commit rights on your fork, but that's not always desirable 🙃 |
|
I'm fine with that! Thanks for the workaround @woodruffw. Invites sent to yourself and DI. I'll remove you both when we get the PRs merged. |
|
Thanks so much for all your time @woodruffw ! |
|
@miketheman will you have time to review this PR this week? |
There was a problem hiding this comment.
Thanks to the heavy lifting the other folks did before, this was relatively easy to review.
I had a few notes, questions, comments inline - the only real blocker are with the linter disables which should be an easy fix.
There's other questions and comments inline, feel free to address them as you wish.
The branch should also be rebased/merged once ready.
| self.metrics.increment( | ||
| "warehouse.oidc.add_publisher.ok", tags=["publisher:ActiveState"] | ||
| ) |
There was a problem hiding this comment.
Now that we're at a third implementation, it might be smart for us to look at commonalities and refactoring opportunities. I'd invoke the Rule of Three, but I'm happy to let this become the Rule of Four, so we can see how these behave in reality.
It's also starting to feel like there's inheritance/service/Protocol opportunities here, but again, worth leaving for a real refactor.
| def _no_leading_or_trailing_dashes(form, field): | ||
| if field.data.startswith("-") or field.data.endswith("-"): | ||
| raise wtforms.validators.ValidationError( | ||
| _("Leading or trailing dashes are not allowed in the name") | ||
| ) |
There was a problem hiding this comment.
I hear you on the specificity - it's always great to have users get the feedback that will guide them to resolution.
These validation rules are from the ActiveState service, and subject to change. Would it be smarter to have the validation here be simpler, and for the GQL API to accept the input and return the correct response in the API call?
Also not going to block on this, but something for @th3coop and the platform folks to consider.
| _GRAPHQL_GET_ACTOR, {"username": actor}, process_actor_response | ||
| ) | ||
|
|
||
| def validate_actor(self, field): |
There was a problem hiding this comment.
I was reading more about wtforms validators, and I think that if there's a named validator function, it fires before the validators on the field, so validate_actor() would perform API calls before the other validators like regex/dashes are in play.
It's definitely worth re-verifying - since if our validators operate in that order, then we're performing an API call regardless. I hope I'm wrong! If that is true, then it's not only this form - so I don't think it's immediately actionable, but if you can test it, that'd be great.
There was a problem hiding this comment.
If you like the idea here #15168 (comment). I would do that change for this validator as well. We really just need a "you entered the wrong text" kind of feedback here.
|
Thanks for the review, @miketheman! Great notes in there. I'll work through them either later today or tomorrow. The GQL API is available again if you wanted to, or have time to take it for a manual test drive. Again, sorry for that terrible timing. |
There was a problem hiding this comment.
@th3coop we're almost there! I dropped a couple of notes inline, should be straightforward changes.
Then a rebase and make translations update, and should be good to merge!
d8fa465 to
8f064db
Compare
Except that the type needs to match on __str__ which shouldn't return str | None
21081d5 to
52e8231
Compare
|
Alrighty @miketheman, this comment remains. I'm happy to remove the regexs for username and organization, or just leave them as is. I'm leaning towards removing them though. Other than that though, I think we're good, assuming the checks all pa....oh they passed! |
@th3coop go ahead and remove them - less is more 😁 |
4ff5ac6 to
9c806c9
Compare
Agreed and done. Fixed the tests and took it for a spin and it works as I'd expect it to |
aa679b4 to
933fefe
Compare
Hurray! Thanks so much Mike, Will and Dustin! |
This PR follows from #13980. It adds form management portion of the ActiveState Publisher in PyPI Account settings.
Without #13980 merged, this PR have about 1400 more changed lines than it should. It'll look more like this when 13980 is merged: ActiveState#3