diff --git a/ols/app/endpoints/authorized.py b/ols/app/endpoints/authorized.py index cab6c82a..5f734c57 100644 --- a/ols/app/endpoints/authorized.py +++ b/ols/app/endpoints/authorized.py @@ -12,7 +12,7 @@ ForbiddenResponse, UnauthorizedResponse, ) -from ols.utils.auth_dependency import AuthDependency +from ols.src.auth.k8s import AuthDependency logger = logging.getLogger(__name__) router = APIRouter(tags=["authorized"]) diff --git a/ols/app/endpoints/feedback.py b/ols/app/endpoints/feedback.py index 1fa63927..b5828a4e 100644 --- a/ols/app/endpoints/feedback.py +++ b/ols/app/endpoints/feedback.py @@ -18,7 +18,7 @@ StatusResponse, UnauthorizedResponse, ) -from ols.utils.auth_dependency import AuthDependency +from ols.src.auth.k8s import AuthDependency from ols.utils.suid import get_suid logger = logging.getLogger(__name__) diff --git a/ols/app/endpoints/ols.py b/ols/app/endpoints/ols.py index 35d0a4c2..488cba82 100644 --- a/ols/app/endpoints/ols.py +++ b/ols/app/endpoints/ols.py @@ -28,12 +28,12 @@ UnauthorizedResponse, ) from ols.customize import keywords, prompts +from ols.src.auth.k8s import AuthDependency from ols.src.llms.llm_loader import LLMConfigurationError, resolve_provider_config from ols.src.query_helpers.attachment_appender import append_attachments_to_query from ols.src.query_helpers.docs_summarizer import DocsSummarizer from ols.src.query_helpers.question_validator import QuestionValidator from ols.utils import errors_parsing, suid -from ols.utils.auth_dependency import AuthDependency from ols.utils.token_handler import PromptTooLongError logger = logging.getLogger(__name__) diff --git a/ols/app/metrics/metrics.py b/ols/app/metrics/metrics.py index 9c5fbbb1..533cc4d3 100644 --- a/ols/app/metrics/metrics.py +++ b/ols/app/metrics/metrics.py @@ -13,7 +13,7 @@ generate_latest, ) -from ols.utils.auth_dependency import AuthDependency +from ols.src.auth.k8s import AuthDependency from ols.utils.config import AppConfig router = APIRouter(tags=["metrics"]) diff --git a/ols/src/auth/__init__.py b/ols/src/auth/__init__.py new file mode 100644 index 00000000..76de4604 --- /dev/null +++ b/ols/src/auth/__init__.py @@ -0,0 +1 @@ +"""Various implementations of auth module.""" diff --git a/ols/utils/auth_dependency.py b/ols/src/auth/k8s.py similarity index 100% rename from ols/utils/auth_dependency.py rename to ols/src/auth/k8s.py diff --git a/ols/user_data_collection/data_collector.py b/ols/user_data_collection/data_collector.py index 86671930..8a327a38 100644 --- a/ols/user_data_collection/data_collector.py +++ b/ols/user_data_collection/data_collector.py @@ -36,7 +36,7 @@ # pylint: disable-next=C0413 -from ols.utils.auth_dependency import K8sClientSingleton # noqa: E402 +from ols.src.auth.k8s import K8sClientSingleton # noqa: E402 INITIAL_WAIT = 60 * 5 # 5 minutes in seconds INGRESS_TIMEOUT = 30 # seconds diff --git a/tests/integration/test_authorized.py b/tests/integration/test_authorized.py index ba13b51f..4df48300 100644 --- a/tests/integration/test_authorized.py +++ b/tests/integration/test_authorized.py @@ -64,8 +64,8 @@ def test_post_authorized_no_token(): @pytest.mark.usefixtures("_enabled_auth") -@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authn_api") -@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authz_api") +@patch("ols.src.auth.k8s.K8sClientSingleton.get_authn_api") +@patch("ols.src.auth.k8s.K8sClientSingleton.get_authz_api") def test_is_user_authorized_valid_token(mock_authz_api, mock_authn_api): """Tests the is_user_authorized function with a mocked valid-token.""" # Setup mock responses for valid token @@ -87,8 +87,8 @@ def test_is_user_authorized_valid_token(mock_authz_api, mock_authn_api): @pytest.mark.usefixtures("_enabled_auth") -@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authn_api") -@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authz_api") +@patch("ols.src.auth.k8s.K8sClientSingleton.get_authn_api") +@patch("ols.src.auth.k8s.K8sClientSingleton.get_authz_api") def test_is_user_authorized_invalid_token(mock_authz_api, mock_authn_api): """Test the is_user_authorized function with a mocked invalid-token.""" # Setup mock responses for invalid token diff --git a/tests/unit/app/endpoints/test_authorized.py b/tests/unit/app/endpoints/test_authorized.py index 39a61ff5..941f027d 100644 --- a/tests/unit/app/endpoints/test_authorized.py +++ b/tests/unit/app/endpoints/test_authorized.py @@ -56,8 +56,8 @@ def test_is_user_authorized_false_no_bearer_token(): @pytest.mark.usefixtures("_enabled_auth") -@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authn_api") -@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authz_api") +@patch("ols.src.auth.k8s.K8sClientSingleton.get_authn_api") +@patch("ols.src.auth.k8s.K8sClientSingleton.get_authz_api") def test_is_user_authorized_valid_token(mock_authz_api, mock_authn_api): """Tests the is_user_authorized function with a mocked valid-token.""" # Setup mock responses for valid token @@ -78,8 +78,8 @@ def test_is_user_authorized_valid_token(mock_authz_api, mock_authn_api): @pytest.mark.usefixtures("_enabled_auth") -@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authn_api") -@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authz_api") +@patch("ols.src.auth.k8s.K8sClientSingleton.get_authn_api") +@patch("ols.src.auth.k8s.K8sClientSingleton.get_authz_api") def test_is_user_authorized_invalid_token(mock_authz_api, mock_authn_api): """Test the is_user_authorized function with a mocked invalid-token.""" # Setup mock responses for invalid token diff --git a/tests/unit/auth/__init__.py b/tests/unit/auth/__init__.py new file mode 100644 index 00000000..8d46762d --- /dev/null +++ b/tests/unit/auth/__init__.py @@ -0,0 +1 @@ +"""Unit tests for auth. dependency.""" diff --git a/tests/unit/utils/test_auth_dependency.py b/tests/unit/auth/test_k8s.py similarity index 86% rename from tests/unit/utils/test_auth_dependency.py rename to tests/unit/auth/test_k8s.py index 9eedacbc..b9ecd1e0 100644 --- a/tests/unit/utils/test_auth_dependency.py +++ b/tests/unit/auth/test_k8s.py @@ -9,7 +9,7 @@ from kubernetes.client.rest import ApiException from ols import config -from ols.utils.auth_dependency import ( +from ols.src.auth.k8s import ( CLUSTER_ID_LOCAL, AuthDependency, ClusterIDUnavailableError, @@ -40,8 +40,8 @@ def test_singleton_pattern(): @pytest.mark.usefixtures("_setup") @pytest.mark.asyncio() -@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authn_api") -@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authz_api") +@patch("ols.src.auth.k8s.K8sClientSingleton.get_authn_api") +@patch("ols.src.auth.k8s.K8sClientSingleton.get_authz_api") async def test_auth_dependency_valid_token(mock_authz_api, mock_authn_api): """Tests the auth dependency with a mocked valid-token.""" # Setup mock responses for valid token @@ -66,8 +66,8 @@ async def test_auth_dependency_valid_token(mock_authz_api, mock_authn_api): @pytest.mark.usefixtures("_setup") @pytest.mark.asyncio() -@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authn_api") -@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authz_api") +@patch("ols.src.auth.k8s.K8sClientSingleton.get_authn_api") +@patch("ols.src.auth.k8s.K8sClientSingleton.get_authz_api") async def test_auth_dependency_invalid_token(mock_authz_api, mock_authn_api): """Test the auth dependency with a mocked invalid-token.""" # Setup mock responses for invalid token @@ -93,7 +93,7 @@ async def test_auth_dependency_invalid_token(mock_authz_api, mock_authn_api): @pytest.mark.usefixtures("_setup") @pytest.mark.asyncio() -@patch("ols.utils.auth_dependency.K8sClientSingleton.get_authz_api") +@patch("ols.src.auth.k8s.K8sClientSingleton.get_authz_api") async def test_cluster_id_is_used_for_kube_admin(mock_authz_api): """Test the cluster id is used as user_id when user is kube:admin.""" mock_authz_api.return_value.create_subject_access_review.side_effect = ( @@ -107,13 +107,13 @@ async def test_cluster_id_is_used_for_kube_admin(mock_authz_api): with ( patch( - "ols.utils.auth_dependency.get_user_info", + "ols.src.auth.k8s.get_user_info", return_value=MockK8sResponseStatus( True, True, "kube:admin", "some-uuid", "ols-group" ), ), patch( - "ols.utils.auth_dependency.K8sClientSingleton.get_cluster_id", + "ols.src.auth.k8s.K8sClientSingleton.get_cluster_id", return_value="some-cluster-id", ), ): @@ -128,7 +128,7 @@ async def test_cluster_id_is_used_for_kube_admin(mock_authz_api): @patch.dict(os.environ, {"KUBECONFIG": "tests/config/kubeconfig"}) def test_auth_dependency_config(): """Test the auth dependency can load kubeconfig file.""" - from ols.utils.auth_dependency import K8sClientSingleton + from ols.src.auth.k8s import K8sClientSingleton authn_client = K8sClientSingleton.get_authn_api() authz_client = K8sClientSingleton.get_authz_api() @@ -140,7 +140,7 @@ def test_auth_dependency_config(): ), "authz_client is not an instance of AuthorizationV1Api" -@patch("ols.utils.auth_dependency.K8sClientSingleton.get_custom_objects_api") +@patch("ols.src.auth.k8s.K8sClientSingleton.get_custom_objects_api") def test_get_cluster_id(mock_get_custom_objects_api): """Test get_cluster_id function.""" cluster_id = {"spec": {"clusterID": "some-cluster-id"}} @@ -176,17 +176,17 @@ def test_get_cluster_id(mock_get_custom_objects_api): K8sClientSingleton._get_cluster_id() -@patch("ols.utils.auth_dependency.RUNNING_IN_CLUSTER", True) -@patch("ols.utils.auth_dependency.K8sClientSingleton.__new__") -@patch("ols.utils.auth_dependency.K8sClientSingleton._get_cluster_id") +@patch("ols.src.auth.k8s.RUNNING_IN_CLUSTER", True) +@patch("ols.src.auth.k8s.K8sClientSingleton.__new__") +@patch("ols.src.auth.k8s.K8sClientSingleton._get_cluster_id") def test_get_cluster_id_in_cluster(mock_get_cluster_id, _mock_new): """Test get_cluster_id function when running inside of cluster.""" mock_get_cluster_id.return_value = "some-cluster-id" assert K8sClientSingleton.get_cluster_id() == "some-cluster-id" -@patch("ols.utils.auth_dependency.RUNNING_IN_CLUSTER", False) -@patch("ols.utils.auth_dependency.K8sClientSingleton.__new__") +@patch("ols.src.auth.k8s.RUNNING_IN_CLUSTER", False) +@patch("ols.src.auth.k8s.K8sClientSingleton.__new__") def test_get_cluster_id_outside_of_cluster(_mock_new): """Test get_cluster_id function when running outside of cluster.""" # ensure cluster_id is None to trigger the condition