launchpad-buildd

Merge ~ines-almeida/launchpad-buildd:update-close-session-for-fetch-service into launchpad-buildd:master

  1. Git
  2. lp:~ines-almeida/launchpad-buildd
  3. update-close-session-for-fetch-service
  4. Merge into master
Proposed by Ines Almeida
Status: Merged
Approved by: Ines Almeida
Approved revision: 25cb50d6e81e84531af45e716a21e43763a0373c
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~ines-almeida/launchpad-buildd:update-close-session-for-fetch-service
Merge into: launchpad-buildd:master
Diff against target: 64 lines (+15/-8)
2 files modified
lpbuildd/tests/test_util.py (+3/-1)
lpbuildd/util.py (+12/-7)
Reviewer Review Type Date Requested Status
Jürgen Gmach Approve
Review via email: mp+464529@code.launchpad.net

Commit message

Update fetch service revoke token authentication

We now use the proxy token as authentication to the fetch service control API to revoke itself.
This is the only control endpoint that can be authenticated with the proxy token, as all it can do it revoke itself.

To post a comment you must log in.
Revision history for this message
Jürgen Gmach (jugmac00) wrote :

Thank you!

review: Approve
Revision history for this message
Ines Almeida (ines-almeida) :

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/lpbuildd/tests/test_util.py b/lpbuildd/tests/test_util.py
index ab65f5f..8a5d766 100644
--- a/lpbuildd/tests/test_util.py
+++ b/lpbuildd/tests/test_util.py
@@ -92,7 +92,8 @@ class TestRevokeToken(TestCase):
92 def test_revoke_fetch_service_token(self):92 def test_revoke_fetch_service_token(self):
93 """Proxy token revocation for the fetch service"""93 """Proxy token revocation for the fetch service"""
9494
95 proxy_url = "http://session_id:token@proxy.fetch-service.example"95 token = "token"
96 proxy_url = f"http://session_id:{token}@proxy.fetch-service.example"
96 revocation_endpoint = (97 revocation_endpoint = (
97 "http://control.fetch-service.example/session_id/token"98 "http://control.fetch-service.example/session_id/token"
98 )99 )
@@ -111,3 +112,4 @@ class TestRevokeToken(TestCase):
111 "http://control.fetch-service.example/session_id/token",112 "http://control.fetch-service.example/session_id/token",
112 request.url,113 request.url,
113 )114 )
115 self.assertEqual(f"Basic {token}", request.headers["Authorization"])
diff --git a/lpbuildd/util.py b/lpbuildd/util.py
index 664f92b..b09b33f 100644
--- a/lpbuildd/util.py
+++ b/lpbuildd/util.py
@@ -1,6 +1,7 @@
1# Copyright 2015-2017 Canonical Ltd. This software is licensed under the1# Copyright 2015-2017 Canonical Ltd. This software is licensed under the
2# GNU Affero General Public License version 3 (see the file LICENSE).2# GNU Affero General Public License version 3 (see the file LICENSE).
33
4import base64
4import os5import os
5import subprocess6import subprocess
6import sys7import sys
@@ -81,21 +82,25 @@ def revoke_proxy_token(
81 authentication to revoke its token.82 authentication to revoke its token.
8283
83 If using the fetch service:84 If using the fetch service:
84 The call to revoke a token does not require authentication.85 The proxy_url for the Fetch Service has the following format:
86 http://{session_id}:{token}@{host}:{port}
8587
86 XXX ines-almeida 2024-04-15: this might change depending on88 We use the token from the proxy_url for authentication to revoke
87 conversations about fetch service authentication. We might decide to89 elself.
88 instead use the token itself as the authentication.
8990
90 :raises RevokeProxyTokenError: if attempting to revoke the token failed.91 :raises RevokeProxyTokenError: if attempting to revoke the token failed.
91 """92 """
92 url = urlparse(proxy_url)93 url = urlparse(proxy_url)
9394
94 auth = None
95 if not use_fetch_service:95 if not use_fetch_service:
96 auth = (url.username, url.password)96 auth_string = f"{url.username}:{url.password}"
97 token = base64.b64encode(auth_string.encode()).decode()
98 else:
99 token = url.password
100
101 headers = {"Authorization": f"Basic {token}"}
97102
98 try:103 try:
99 requests.delete(revocation_endpoint, auth=auth, timeout=15)104 requests.delete(revocation_endpoint, headers=headers, timeout=15)
100 except requests.RequestException as e:105 except requests.RequestException as e:
101 raise RevokeProxyTokenError(url.username, e)106 raise RevokeProxyTokenError(url.username, e)

Subscribers

People subscribed via source and target branches