From dddebe87e62dfefa79e03240ad48c8e0b351a6ed Mon Sep 17 00:00:00 2001 From: "Zhang Rong(Jon)" Date: Wed, 22 May 2024 16:56:28 +0800 Subject: [PATCH] Refine the auth provider This commit will refine auth provider, to make the auth can disable from the source code and without exception. Move the global scope methods into the class. Test Plan: 1. Enabling the authentication worked correctly. 2. Disabling the authentication worked as expected without any exceptions. Issue-ID: INF-462 Change-Id: Ief69016ed73a525ca8e6a12eda959cb1422968f6 Signed-off-by: Zhang Rong(Jon) --- o2app/entrypoints/flask_application.py | 8 ++++---- o2common/authmw/authprov.py | 16 +++++++--------- 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/o2app/entrypoints/flask_application.py b/o2app/entrypoints/flask_application.py index c7e0ef9..d55b50a 100644 --- a/o2app/entrypoints/flask_application.py +++ b/o2app/entrypoints/flask_application.py @@ -25,8 +25,10 @@ from o2common.config.config import get_review_url from o2common.helper import o2logging +AUTH_ENABLED = True +FLASK_API_VERSION = '1.0.0' + # apibase = config.get_o2ims_api_base() -auth = True app = Flask(__name__) logger = o2logging.get_logger(__name__) @@ -39,9 +41,7 @@ def _get_k8s_url(): raise Exception('Get k8s token review url failed') -FLASK_API_VERSION = '1.0.0' - -if auth: +if AUTH_ENABLED: # perform service account identity&privilege check. _get_k8s_url() ad = authprov.auth_definer('ad') diff --git a/o2common/authmw/authprov.py b/o2common/authmw/authprov.py index c6f5646..11243df 100644 --- a/o2common/authmw/authprov.py +++ b/o2common/authmw/authprov.py @@ -24,14 +24,6 @@ ssl._create_default_https_context = ssl._create_unverified_context logger = o2logging.get_logger(__name__) -# read the conf from config file -auth_prv_conf = get_auth_provider() - -try: - token_review_url = get_review_url() -except Exception: - raise Exception('Get k8s token review url failed') - class K8SAuthenticaException(Exception): def __init__(self, value): @@ -48,6 +40,8 @@ class auth_definer(): def __init__(self, name): super().__init__() self.name = name + # read the conf from config file + auth_prv_conf = get_auth_provider() if auth_prv_conf == 'k8s': self.obj = k8s_auth_provider('k8s') else: @@ -71,6 +65,10 @@ class k8s_auth_provider(auth_definer): def __init__(self, name): self.name = name + try: + self.token_review_url = get_review_url() + except Exception: + raise Exception('Failed to get k8s token review url.') def tokenissue(self, **args2): pass @@ -105,7 +103,7 @@ def authenticate(self, token): 'Content-Type': 'application/json'} try: req = urllib.request.Request( - token_review_url, data=binary_data, headers=header) + self.token_review_url, data=binary_data, headers=header) response = urllib.request.urlopen(req) data = json.load(response) if data['status']['authenticated'] is True: