Merge pull request #95 from tisnik/refactoring-auth-in-own-module

Refactoring: auth as separated module to be pluginable
road-core · Nov 8, 2024 · b2d9920 · b2d9920
2 parents 24645a0 + 548defd
commit b2d9920
Show file tree

Hide file tree

Showing 11 changed files with 30 additions and 28 deletions.
diff --git a/ols/app/endpoints/authorized.py b/ols/app/endpoints/authorized.py
@@ -12,7 +12,7 @@
     ForbiddenResponse,
     UnauthorizedResponse,
 )
-from ols.utils.auth_dependency import AuthDependency
+from ols.src.auth.k8s import AuthDependency
 
 logger = logging.getLogger(__name__)
 router = APIRouter(tags=["authorized"])

diff --git a/ols/app/endpoints/feedback.py b/ols/app/endpoints/feedback.py
@@ -18,7 +18,7 @@
     StatusResponse,
     UnauthorizedResponse,
 )
-from ols.utils.auth_dependency import AuthDependency
+from ols.src.auth.k8s import AuthDependency
 from ols.utils.suid import get_suid
 
 logger = logging.getLogger(__name__)

diff --git a/ols/app/endpoints/ols.py b/ols/app/endpoints/ols.py
@@ -28,12 +28,12 @@
     UnauthorizedResponse,
 )
 from ols.customize import keywords, prompts
+from ols.src.auth.k8s import AuthDependency
 from ols.src.llms.llm_loader import LLMConfigurationError, resolve_provider_config
 from ols.src.query_helpers.attachment_appender import append_attachments_to_query
 from ols.src.query_helpers.docs_summarizer import DocsSummarizer
 from ols.src.query_helpers.question_validator import QuestionValidator
 from ols.utils import errors_parsing, suid
-from ols.utils.auth_dependency import AuthDependency
 from ols.utils.token_handler import PromptTooLongError
 
 logger = logging.getLogger(__name__)

diff --git a/ols/app/metrics/metrics.py b/ols/app/metrics/metrics.py
@@ -13,7 +13,7 @@
     generate_latest,
 )
 
-from ols.utils.auth_dependency import AuthDependency
+from ols.src.auth.k8s import AuthDependency
 from ols.utils.config import AppConfig
 
 router = APIRouter(tags=["metrics"])

diff --git a/ols/src/auth/__init__.py b/ols/src/auth/__init__.py
@@ -0,0 +1 @@
+"""Various implementations of auth module."""
diff --git a/ols/utils/auth_dependency.py → ols/src/auth/k8s.py b/ols/utils/auth_dependency.py → ols/src/auth/k8s.py
diff --git a/ols/user_data_collection/data_collector.py b/ols/user_data_collection/data_collector.py
@@ -36,7 +36,7 @@
 
 
 # pylint: disable-next=C0413
-from ols.utils.auth_dependency import K8sClientSingleton  # noqa: E402
+from ols.src.auth.k8s import K8sClientSingleton  # noqa: E402
 
 INITIAL_WAIT = 60 * 5  # 5 minutes in seconds
 INGRESS_TIMEOUT = 30  # seconds

diff --git a/tests/integration/test_authorized.py b/tests/integration/test_authorized.py
@@ -64,8 +64,8 @@ def test_post_authorized_no_token():
 
 
 @pytest.mark.usefixtures("_enabled_auth")
-@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authn_api")
-@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authz_api")
+@patch("ols.src.auth.k8s.K8sClientSingleton.get_authn_api")
+@patch("ols.src.auth.k8s.K8sClientSingleton.get_authz_api")
 def test_is_user_authorized_valid_token(mock_authz_api, mock_authn_api):
     """Tests the is_user_authorized function with a mocked valid-token."""
     # Setup mock responses for valid token
@@ -87,8 +87,8 @@ def test_is_user_authorized_valid_token(mock_authz_api, mock_authn_api):
 
 
 @pytest.mark.usefixtures("_enabled_auth")
-@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authn_api")
-@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authz_api")
+@patch("ols.src.auth.k8s.K8sClientSingleton.get_authn_api")
+@patch("ols.src.auth.k8s.K8sClientSingleton.get_authz_api")
 def test_is_user_authorized_invalid_token(mock_authz_api, mock_authn_api):
     """Test the is_user_authorized function with a mocked invalid-token."""
     # Setup mock responses for invalid token

diff --git a/tests/unit/app/endpoints/test_authorized.py b/tests/unit/app/endpoints/test_authorized.py
@@ -56,8 +56,8 @@ def test_is_user_authorized_false_no_bearer_token():
 
 
 @pytest.mark.usefixtures("_enabled_auth")
-@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authn_api")
-@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authz_api")
+@patch("ols.src.auth.k8s.K8sClientSingleton.get_authn_api")
+@patch("ols.src.auth.k8s.K8sClientSingleton.get_authz_api")
 def test_is_user_authorized_valid_token(mock_authz_api, mock_authn_api):
     """Tests the is_user_authorized function with a mocked valid-token."""
     # Setup mock responses for valid token
@@ -78,8 +78,8 @@ def test_is_user_authorized_valid_token(mock_authz_api, mock_authn_api):
 
 
 @pytest.mark.usefixtures("_enabled_auth")
-@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authn_api")
-@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authz_api")
+@patch("ols.src.auth.k8s.K8sClientSingleton.get_authn_api")
+@patch("ols.src.auth.k8s.K8sClientSingleton.get_authz_api")
 def test_is_user_authorized_invalid_token(mock_authz_api, mock_authn_api):
     """Test the is_user_authorized function with a mocked invalid-token."""
     # Setup mock responses for invalid token

diff --git a/tests/unit/auth/__init__.py b/tests/unit/auth/__init__.py
@@ -0,0 +1 @@
+"""Unit tests for auth. dependency."""
diff --git a/tests/unit/utils/test_auth_dependency.py → tests/unit/auth/test_k8s.py b/tests/unit/utils/test_auth_dependency.py → tests/unit/auth/test_k8s.py
@@ -9,7 +9,7 @@
 from kubernetes.client.rest import ApiException
 
 from ols import config
-from ols.utils.auth_dependency import (
+from ols.src.auth.k8s import (
     CLUSTER_ID_LOCAL,
     AuthDependency,
     ClusterIDUnavailableError,
@@ -40,8 +40,8 @@ def test_singleton_pattern():
 
 @pytest.mark.usefixtures("_setup")
 @pytest.mark.asyncio()
-@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authn_api")
-@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authz_api")
+@patch("ols.src.auth.k8s.K8sClientSingleton.get_authn_api")
+@patch("ols.src.auth.k8s.K8sClientSingleton.get_authz_api")
 async def test_auth_dependency_valid_token(mock_authz_api, mock_authn_api):
     """Tests the auth dependency with a mocked valid-token."""
     # Setup mock responses for valid token
@@ -66,8 +66,8 @@ async def test_auth_dependency_valid_token(mock_authz_api, mock_authn_api):
 
 @pytest.mark.usefixtures("_setup")
 @pytest.mark.asyncio()
-@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authn_api")
-@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authz_api")
+@patch("ols.src.auth.k8s.K8sClientSingleton.get_authn_api")
+@patch("ols.src.auth.k8s.K8sClientSingleton.get_authz_api")
 async def test_auth_dependency_invalid_token(mock_authz_api, mock_authn_api):
     """Test the auth dependency with a mocked invalid-token."""
     # Setup mock responses for invalid token
@@ -93,7 +93,7 @@ async def test_auth_dependency_invalid_token(mock_authz_api, mock_authn_api):
 
 @pytest.mark.usefixtures("_setup")
 @pytest.mark.asyncio()
-@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authz_api")
+@patch("ols.src.auth.k8s.K8sClientSingleton.get_authz_api")
 async def test_cluster_id_is_used_for_kube_admin(mock_authz_api):
     """Test the cluster id is used as user_id when user is kube:admin."""
     mock_authz_api.return_value.create_subject_access_review.side_effect = (
@@ -107,13 +107,13 @@ async def test_cluster_id_is_used_for_kube_admin(mock_authz_api):
 
     with (
         patch(
-            "ols.utils.auth_dependency.get_user_info",
+            "ols.src.auth.k8s.get_user_info",
             return_value=MockK8sResponseStatus(
                 True, True, "kube:admin", "some-uuid", "ols-group"
             ),
         ),
         patch(
-            "ols.utils.auth_dependency.K8sClientSingleton.get_cluster_id",
+            "ols.src.auth.k8s.K8sClientSingleton.get_cluster_id",
             return_value="some-cluster-id",
         ),
     ):
@@ -128,7 +128,7 @@ async def test_cluster_id_is_used_for_kube_admin(mock_authz_api):
 @patch.dict(os.environ, {"KUBECONFIG": "tests/config/kubeconfig"})
 def test_auth_dependency_config():
     """Test the auth dependency can load kubeconfig file."""
-    from ols.utils.auth_dependency import K8sClientSingleton
+    from ols.src.auth.k8s import K8sClientSingleton
 
     authn_client = K8sClientSingleton.get_authn_api()
     authz_client = K8sClientSingleton.get_authz_api()
@@ -140,7 +140,7 @@ def test_auth_dependency_config():
     ), "authz_client is not an instance of AuthorizationV1Api"
 
 
-@patch("ols.utils.auth_dependency.K8sClientSingleton.get_custom_objects_api")
+@patch("ols.src.auth.k8s.K8sClientSingleton.get_custom_objects_api")
 def test_get_cluster_id(mock_get_custom_objects_api):
     """Test get_cluster_id function."""
     cluster_id = {"spec": {"clusterID": "some-cluster-id"}}
@@ -176,17 +176,17 @@ def test_get_cluster_id(mock_get_custom_objects_api):
         K8sClientSingleton._get_cluster_id()
 
 
-@patch("ols.utils.auth_dependency.RUNNING_IN_CLUSTER", True)
-@patch("ols.utils.auth_dependency.K8sClientSingleton.__new__")
-@patch("ols.utils.auth_dependency.K8sClientSingleton._get_cluster_id")
+@patch("ols.src.auth.k8s.RUNNING_IN_CLUSTER", True)
+@patch("ols.src.auth.k8s.K8sClientSingleton.__new__")
+@patch("ols.src.auth.k8s.K8sClientSingleton._get_cluster_id")
 def test_get_cluster_id_in_cluster(mock_get_cluster_id, _mock_new):
     """Test get_cluster_id function when running inside of cluster."""
     mock_get_cluster_id.return_value = "some-cluster-id"
     assert K8sClientSingleton.get_cluster_id() == "some-cluster-id"
 
 
-@patch("ols.utils.auth_dependency.RUNNING_IN_CLUSTER", False)
-@patch("ols.utils.auth_dependency.K8sClientSingleton.__new__")
+@patch("ols.src.auth.k8s.RUNNING_IN_CLUSTER", False)
+@patch("ols.src.auth.k8s.K8sClientSingleton.__new__")
 def test_get_cluster_id_outside_of_cluster(_mock_new):
     """Test get_cluster_id function when running outside of cluster."""
     # ensure cluster_id is None to trigger the condition