- 16 Dec, 2022 1 commit
-
-
Edmund Smith authored
This adds support for two new low-level LAVA XMLRPC calls: - system.get_all_users to find all the users present on a LAVA instance by email - system.set_user_active to lock or unlock a user account on a LAVA server. Signed-off-by:
Ed Smith <ed.smith@collabora.com> Co-authored-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
- 15 Dec, 2022 16 commits
-
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
This allows simplifying the logging a bit Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
MS Graph API SDK ships huge autogenerated files which require a lot of memory, so lightweight runners are not enough anymore. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
The MS Graph API packages are huge, causing the linter to time out. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
This brings a couple of bug fixes and removes false positives. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
We actually report error here. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
This implementation assumes users are not allowed to change their usernames. MS Graph API provides a few different elements to identify users: - the oid, which is guaranteed to uniquely map to a single user in a tenant, and globally if combined with the tid (tenant id) - the userPrincipalName, in the form <username@tenant.domain> - the free-form email address Ideally, all services should use the oid+tid as an internal user identifier, the userPrincipalName as a username, and the free-form email for notifications. When federation of tenants is out of scope, the oid and the username part of the userPrincipalName would be enough. Due to various reasons, the services the mediator is used with on our setup use those elements differently: * OBS uses <username> for user IDs, but *usually* the free-form email for emails. * GitLab uses integers for user IDs, the free-form email for primary emails, <username> as the username and the full userPrincipalName for the openid_connect authentication method (which, arguably, should be changed to use the oid+tid), but has no easy way to retrieve users by such identifier (however, it is exposed in some of the user listing API when using administrator’s rights) * LAVA currently uses the free-form email and should be fixed to use the username from the userPrincipalName Since in our setup the userPrincipalName cannot be changed and cannot be re-used, and federation is not in scope, using the username part of the userPrincipalName is enough to reliably identify users across services, and it is also what users expect. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
The new version exposes more object fields of the GitLab API. In particular, we need bot: true to be able to filter out bot users. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
- 06 Dec, 2022 1 commit
-
-
Andrej Shadura authored
The backend will also have some per-backend group sync functionality, so this name is more appropriate. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
- 30 Nov, 2022 1 commit
-
-
Edmund Smith authored
This is a typo fix that was just overlooked. The URL used in newLavaClient was hardcoded to be the one for the docker image in the compose test, rather than using the configured URL. Note that the URL the lava backend is receiving is the callback URL, not the root LAVA url. There's no obvious nice way to do this, one option would be to add another config option with the LAVA root URL, but instead I've pruned off the (fixed) callback portion.
-
- 29 Nov, 2022 4 commits
-
-
Ryan Gonzalez authored
This adds the ability for mediator-managed groups to be all children of a single parent group. https://phabricator.apertis.org/T8937 Signed-off-by:
Ryan Gonzalez <ryan.gonzalez@collabora.com>
-
Ryan Gonzalez authored
Previously, the tests didn't actually go through the complete addition and removal flow. This enhances the current addition test to actually check for an added group, and it adds a new test to check for a removed group. https://phabricator.apertis.org/T8937 Signed-off-by:
Ryan Gonzalez <ryan.gonzalez@collabora.com>
-
These type arguments aren't needed, resulting in the "unnecessary type arguments" lint being triggered. https://phabricator.apertis.org/T8937
-
The client package already does this, so double-escaping gives invalid results. https://phabricator.apertis.org/T8937
-
- 24 Nov, 2022 1 commit
-
-
Ryan Gonzalez authored
A lot of these files hadn't yet been run through it. https://phabricator.apertis.org/T8937 Signed-off-by:
Ryan Gonzalez <ryan.gonzalez@collabora.com>
-
- 22 Nov, 2022 8 commits
-
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Stringifying a GitLab error needs a valid Request URL. This used to work as nothing tried to stringify the fake error, but now that we have structured logging plugged in, it attempts to log the error and panics. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Use apex/log for logs: this allows less repetition and more context in the logs. Wrap HTTP request handlers to log basic request data. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Move the HTTP server into a goroutine, stop it upon a termination signal. Golint has to be silenced to prevent a false positive from failing the build. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
- 10 Nov, 2022 1 commit
-
-
- 09 Nov, 2022 1 commit
-
-
This is considerably simpler than it might be, because LAVA exports the API we want - set all the groups to which a user belongs. The main complication here is that LAVA uses basic authentication, which means we need an XMLRPC library which supports setting this header. The majority of go XMLRPC libraries I looked at did not seem to support this.
-
- 13 Oct, 2022 2 commits
-
-
Edmund Smith authored
In !47 I fixed a regression that caused the CI pipelines for the master branch to fail. I should have been more careful here in how I described this error. In that commit I mistakenly said that selenium had been upgraded silently; in fact we fix the version of the selenium docker image. The real issue is that *python*-selenium was silently upgraded, even though it ought to be more or less version fixed by virtue of using the Apertis package of it. This happens because we did not version fix pytest-selenium, which is installed from pip. When pytest-selenium transitioned to v4.0.0, it caused pip to automatically upgrade the python-selenium module, replacing the distro installed version.
-
Edmund Smith authored
This avoids having tests silently regress without any changes being made to the repository. The versions are the current tags at the time of writing.
-
- 12 Oct, 2022 1 commit
-
-
Edmund Smith authored
In Selenium 4.3.0, the `find_element_by_*` family of methods, which had been deprecated, were removed. The preferred form (now, the only form) is `find_element(key, value)`.
-
- 22 Aug, 2022 3 commits
-
-
Emanuele Aina authored
Group creation got dropped, so get rid of some leftovers. Signed-off-by:
Emanuele Aina <emanuele.aina@collabora.com>
-
In the past, when a user should have been added as member to a group and the group was missing on GitLab, the mediator took care of creating it. The previous commit changes the behaviour to ignore groups that are missing from GitLab, even if the user login token has a matching claim. Tweak the test to ensure that the previous assumption that for each matching claim there was an actual GitLab group does not bite us now that it does no longer hold true. Signed-off-by:
Emanuele Aina <emanuele.aina@collabora.com>
-
As groups have to be configured by hand anyway (to give them relevant permissions etc) auto-creating groups isn't actually that helpful and may cause unintended groups to be created. So revert to only adding users to (existing) groups rather then creating them on demand Signed-off-by:
Sjoerd Simons <sjoerd@collabora.com>
-