[Pulp-list] Fwd: CDS: gofer authentication

Jeff Ortel jortel at redhat.com
Fri Mar 18 19:19:59 UTC 2011 


On 03/18/2011 01:20 PM, Jay Dobies wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> One last point, I swear.
>
> The CDS DB verification script needs to be updated for the addition of
> the "secret" field and a migrate script created.

I wrote the five.py and forgot to add it in git.

>
> On 03/18/2011 12:40 PM, Jay Dobies wrote:
>> One more thing:
>>
>>          try:
>>              secret = self._cds_stub(cds).initialize()
>>              return secret
>>          except RequestTimeout, e:
>>              raise CdsTimeoutException(e), None, sys.exc_info()[2]
>>          except DispatchError, e:
>>              raise CdsCommunicationsException(e), None, sys.exc_info()[2]
>>          except NotAuthorized, e:
>>              raise CdsAuthException(e), None, sys.exc_info()[2]
>>          except Exception, e:
>>              raise CdsMethodException(e), None, sys.exc_info()[2]
>>
>> NotAuthorized is a subclass of DispatchError, so that code block will
>> never get executed. Need to reverse the order on those.
>>
>>
>> On 03/18/2011 12:38 PM, Jay Dobies wrote:
>>>> Jason,
>>
>>>> I pushed the pulp ->  external CDS authentication feature.
>>
>>>> Commit: cf449c22299e01e872dff9b92a3cff65ac39cc36
>>
>>>> Mind doing a quick review?  I'll be making a pass though the unit tests
>>>> today.
>>
>>>> -jeff
>>
>>
>>> Looks pretty solid. Most of my comments focus around things you'll run
>>> into in one way or another when you do the unit tests, though you may
>>> have approaches in mind and I'm just not thinking of.
>>
>>
>>> dispatcher.py:
>>> - init_cds():  Method now returns the secret, don't forget to update the
>>> docstring to mention that and say if it's a string or something more
>>> complex.
>>
>>
>>> gofer_cds_plugin.py:
>>> - There aren't any tests for this (sorry about that, my bad) so you'll
>>> have to add the test file itself.
>>
>>> - How are you going to override the location of the secret file for unit
>>> tests? The path can be specified but the object is constructed inside of
>>> getsecret(). The default is to read from config, but that's loaded by
>>> gofer (there may be some way of overriding config values loaded by
>>> gofer, which is one reason I'm asking since I don't know).
>>
>>> - We'll need tests that run both with the secret file present (scenario
>>> of normal usage) and not present (scenario of an initialize). When
>>> cleaning up the test runs by deleting the secret file directory, won't
>>> we run into an issue since Secret is a singleton, is already loaded, so
>>> __mkdir won't get called again?
>>
>>> - The caching doesn't come into play if gofer is restarted. The secret
>>> is cached on write, but not on read. So if the CDS is bounced after it's
>>> initialized, the caching isn't used.
>>
>>> - In my experience, singletons have always been a headache in unit tests
>>> since modules aren't unloaded between runs, so you never know exactly
>>> which test is the one causing the instantiation. Is there a benefit to
>>> this approach over simply having module methods read_secret,
>>> write_secret, and delete_secret and caching in the module itself?
>>
>>
>>
>> _______________________________________________
>> Pulp-list mailing list
>> Pulp-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-list
>>
>>
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
>
>
> - --
> Jay Dobies
> RHCE# 805008743336126
> Freenode: jdob
> http://pulpproject.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJNg6JnAAoJEOMmcTqOSQHCEb0IALJ7jupCu84TPluJoNuHAQaA
> 6A7KvMespAymr6MLYQJU2VGLbkwLYaI8ixmAPWLWfqQEouEgQWxxAuv1GfyTBWYJ
> upnZ9+qvdp7zjWs40SkdqKTn6nqJ9F2qWJqqD0ugnNBPqtfLNl7Y4K1d4j0u4F0g
> irTw7YXurSHXRoRuf71xfhxC53mFLb0VFfarpMgtSA77gkT7q5yiqkyWszrFqTbQ
> XqI6kFgOi4Z0cFYUDuPNhHMEiz9H9Mr0akmSRXf79f2CHUe8L7+3vDos0Wvcsl2f
> IY+BeWmXvrHv8lknwhXBtBrIzXJ1aYG+HVzHgMDzTFdslVwtq8VBPvtW9P7TvZM=
> =xbsX
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list

More information about the Pulp-list mailing list