Summary

Fix up authentication issues with the HostingServiceAccount API.

Review Request #14128 — Created Aug. 29, 2024 and submitted Sept. 17, 2024, 6:13 p.m.

Information

Owner

david

Repository

Review Board

Branch

release-7.x

Bugs

Depends On

Reviewers

Groups

reviewboard

People

Description

The HostingServiceAccountResource has always been primarily used in a
read capacity, and the implementation for create wansn't able to
create hosting service accounts for any kind of authenticated services.
There are two big issues here:

HostingServiceAccountResource.create() was manually calling
service.authorize, but with a legacy function signature that did not
work for everything. We started the process of migrating
HostingService subclasses to use a new credentials dict, but that
still isn't implemented everywhere, and for services that do use it,
the API endpoint was just completely broken.
Many HostingService instances have custom authentication forms which
add or remove fields. These forms are what actually create the content
of the credentials dict. In the case of the reported bug, GitLab's
form uses a private_token field in credentials rather than
password.

This change makes it so the API resource instantiates the hosting
service's auth form and then use that form to create the
HostingServiceAccount. This makes it so we're always calling authorize
with the expected kwargs for the given service, and any custom fields
which are relied on will be properly validated and applied.

This adds a few new unit tests that use the GitLab service, since that's
an example of something that uses a custom auth form and uses
non-standard keys in the credentials dict.

Testing Done

Ran unit tests.

Commits

Summary	ID
Fix up authentication issues with the HostingServiceAccount API. The `HostingServiceAccountResource` has always been primarily used in a read capacity, and the implementation for `create` wansn't able to create hosting service accounts for any kind of authenticated services. There are two big issues here: - `HostingServiceAccountResource.create()` was manually calling `service.authorize`, but with a legacy function signature that did not work for everything. We started the process of migrating HostingService subclasses to use a new `credentials` dict, but that still isn't implemented everywhere, and for services that do use it, the API endpoint was just completely broken. - Many `HostingService` instances have custom authentication forms which add or remove fields. These forms are what actually create the content of the `credentials` dict. In the case of the reported bug, GitLab's form uses a `private_token` field in credentials rather than `password`. This change makes it so the API resource instantiates the hosting service's auth form and then use that form to create the HostingServiceAccount. This makes it so we're always calling `authorize` with the expected kwargs for the given service, and any custom fields which are relied on will be properly validated and applied. This adds a few new unit tests that use the GitLab service, since that's an example of something that uses a custom auth form and uses non-standard keys in the credentials dict. Testing Done: Ran unit tests.	ab33f0a379dd5e5611dcbeb00f8a2c87973a0ab9

Summary

Fix up authentication issues with the HostingServiceAccount API.

The `HostingServiceAccountResource` has always been primarily used in a read capacity, and the implementation for `create` wansn't able to create hosting service accounts for any kind of authenticated services. There are two big issues here: - `HostingServiceAccountResource.create()` was manually calling `service.authorize`, but with a legacy function signature that did not work for everything. We started the process of migrating HostingService subclasses to use a new `credentials` dict, but that still isn't implemented everywhere, and for services that do use it, the API endpoint was just completely broken. - Many `HostingService` instances have custom authentication forms which add or remove fields. These forms are what actually create the content of the `credentials` dict. In the case of the reported bug, GitLab's form uses a `private_token` field in credentials rather than `password`. This change makes it so the API resource instantiates the hosting service's auth form and then use that form to create the HostingServiceAccount. This makes it so we're always calling `authorize` with the expected kwargs for the given service, and any custom fields which are relied on will be properly validated and applied. This adds a few new unit tests that use the GitLab service, since that's an example of something that uses a custom auth form and uses non-standard keys in the credentials dict. Testing Done: Ran unit tests.

ab33f0a379dd5e5611dcbeb00f8a2c87973a0ab9

Issues

Description	From	Last Updated
line too long (99 > 79 characters) Column: 80 Error code: E501	reviewbot	Aug. 29, 2024, 9:20 a.m.
whitespace after '{' Column: 22 Error code: E201	reviewbot	Aug. 29, 2024, 9:20 a.m.
whitespace before '}' Column: 49 Error code: E202	reviewbot	Aug. 29, 2024, 9:20 a.m.
Small nit, but let's alphabetize these keys.	chipx86	Sept. 6, 2024, 8:21 a.m.
Feel free to discard: This could be simplified to a dictionary expression, and you'd get the typing for free.	chipx86	Sept. 6, 2024, 8:22 a.m.

flake8 failed.

JSHint passed.

flake8

reviewboard/webapi/tests/test_hosting_service_account.py (Diff revision 1)
The issue has been dropped. Show all issues
```
line too long (99 > 79 characters)

Column: 80
Error code: E501
```
reviewboard/webapi/tests/test_hosting_service_account.py (Diff revision 1)
The issue has been dropped. Show all issues
```
whitespace after '{'

Column: 22
Error code: E201
```
reviewboard/webapi/tests/test_hosting_service_account.py (Diff revision 1)
The issue has been dropped. Show all issues
```
whitespace before '}'

Column: 49
Error code: E202
```

Commits:

	Summary	ID
	Fix up authentication issues with the HostingServiceAccount API. The `HostingServiceAccountResource` has always been primarily used in a read capacity, and the implementation for `create` wansn't able to create hosting service accounts for any kind of authenticated services. There are two big issues here: - `HostingServiceAccountResource.create()` was manually calling `service.authorize`, but with a legacy function signature that did not work for everything. We started the process of migrating HostingService subclasses to use a new `credentials` dict, but that still isn't implemented everywhere, and for services that do use it, the API endpoint was just completely broken. - Many `HostingService` instances have custom authentication forms which add or remove fields. These forms are what actually create the content of the `credentials` dict. In the case of the reported bug, GitLab's form uses a `private_token` field in credentials rather than `password`. This change makes it so the API resource instantiates the hosting service's auth form and then use that form to create the HostingServiceAccount. This makes it so we're always calling `authorize` with the expected kwargs for the given service, and any custom fields which are relied on will be properly validated and applied. This adds a few new unit tests that use the GitLab service, since that's an example of something that uses a custom auth form and uses non-standard keys in the credentials dict. Testing Done: Ran unit tests.	128b2ec2fdb72b2cadfe49fbd2131181277647eb
	Fix up authentication issues with the HostingServiceAccount API. The `HostingServiceAccountResource` has always been primarily used in a read capacity, and the implementation for `create` wansn't able to create hosting service accounts for any kind of authenticated services. There are two big issues here: - `HostingServiceAccountResource.create()` was manually calling `service.authorize`, but with a legacy function signature that did not work for everything. We started the process of migrating HostingService subclasses to use a new `credentials` dict, but that still isn't implemented everywhere, and for services that do use it, the API endpoint was just completely broken. - Many `HostingService` instances have custom authentication forms which add or remove fields. These forms are what actually create the content of the `credentials` dict. In the case of the reported bug, GitLab's form uses a `private_token` field in credentials rather than `password`. This change makes it so the API resource instantiates the hosting service's auth form and then use that form to create the HostingServiceAccount. This makes it so we're always calling `authorize` with the expected kwargs for the given service, and any custom fields which are relied on will be properly validated and applied. This adds a few new unit tests that use the GitLab service, since that's an example of something that uses a custom auth form and uses non-standard keys in the credentials dict. Testing Done: Ran unit tests.	8692f12259f59798ef9c44b13a83f9ce949c2077

Diff:

Revision 2 (+278 -24)

Show changes

	reviewboard/webapi/resources/hosting_service_account.py
	reviewboard/webapi/tests/test_hosting_service_account.py

Checks run (2 succeeded)

flake8 passed.

JSHint passed.

Ship it!

```
Ship It!
```

Change Summary:

Mention that some services might need additional fields in the API POST docs.

Commits:

	Summary	ID
	Fix up authentication issues with the HostingServiceAccount API. The `HostingServiceAccountResource` has always been primarily used in a read capacity, and the implementation for `create` wansn't able to create hosting service accounts for any kind of authenticated services. There are two big issues here: - `HostingServiceAccountResource.create()` was manually calling `service.authorize`, but with a legacy function signature that did not work for everything. We started the process of migrating HostingService subclasses to use a new `credentials` dict, but that still isn't implemented everywhere, and for services that do use it, the API endpoint was just completely broken. - Many `HostingService` instances have custom authentication forms which add or remove fields. These forms are what actually create the content of the `credentials` dict. In the case of the reported bug, GitLab's form uses a `private_token` field in credentials rather than `password`. This change makes it so the API resource instantiates the hosting service's auth form and then use that form to create the HostingServiceAccount. This makes it so we're always calling `authorize` with the expected kwargs for the given service, and any custom fields which are relied on will be properly validated and applied. This adds a few new unit tests that use the GitLab service, since that's an example of something that uses a custom auth form and uses non-standard keys in the credentials dict. Testing Done: Ran unit tests.	8692f12259f59798ef9c44b13a83f9ce949c2077
	Fix up authentication issues with the HostingServiceAccount API. The `HostingServiceAccountResource` has always been primarily used in a read capacity, and the implementation for `create` wansn't able to create hosting service accounts for any kind of authenticated services. There are two big issues here: - `HostingServiceAccountResource.create()` was manually calling `service.authorize`, but with a legacy function signature that did not work for everything. We started the process of migrating HostingService subclasses to use a new `credentials` dict, but that still isn't implemented everywhere, and for services that do use it, the API endpoint was just completely broken. - Many `HostingService` instances have custom authentication forms which add or remove fields. These forms are what actually create the content of the `credentials` dict. In the case of the reported bug, GitLab's form uses a `private_token` field in credentials rather than `password`. This change makes it so the API resource instantiates the hosting service's auth form and then use that form to create the HostingServiceAccount. This makes it so we're always calling `authorize` with the expected kwargs for the given service, and any custom fields which are relied on will be properly validated and applied. This adds a few new unit tests that use the GitLab service, since that's an example of something that uses a custom auth form and uses non-standard keys in the credentials dict. Testing Done: Ran unit tests.	38cc82f8df1c26579836904490a1eb3772c67fd5

Diff:

Revision 3 (+290 -24)

Show changes

	reviewboard/webapi/resources/hosting_service_account.py
	reviewboard/webapi/tests/test_hosting_service_account.py

Checks run (2 succeeded)

flake8 passed.

JSHint passed.

reviewboard/webapi/resources/hosting_service_account.py (Diff revision 3)
The issue has been resolved. Show all issues
```
Small nit, but let's alphabetize these keys.
```

reviewboard/webapi/resources/hosting_service_account.py (Diff revision 3)

The issue has been dropped. Show all issues

Feel free to discard: This could be simplified to a dictionary expression, and you'd get the typing for free.

david Sept. 6, 2024, 8:22 a.m.

I feel like nested comprehensions are... difficult to comprehend.

Commits:

	Summary	ID
	Fix up authentication issues with the HostingServiceAccount API. The `HostingServiceAccountResource` has always been primarily used in a read capacity, and the implementation for `create` wansn't able to create hosting service accounts for any kind of authenticated services. There are two big issues here: - `HostingServiceAccountResource.create()` was manually calling `service.authorize`, but with a legacy function signature that did not work for everything. We started the process of migrating HostingService subclasses to use a new `credentials` dict, but that still isn't implemented everywhere, and for services that do use it, the API endpoint was just completely broken. - Many `HostingService` instances have custom authentication forms which add or remove fields. These forms are what actually create the content of the `credentials` dict. In the case of the reported bug, GitLab's form uses a `private_token` field in credentials rather than `password`. This change makes it so the API resource instantiates the hosting service's auth form and then use that form to create the HostingServiceAccount. This makes it so we're always calling `authorize` with the expected kwargs for the given service, and any custom fields which are relied on will be properly validated and applied. This adds a few new unit tests that use the GitLab service, since that's an example of something that uses a custom auth form and uses non-standard keys in the credentials dict. Testing Done: Ran unit tests.	38cc82f8df1c26579836904490a1eb3772c67fd5
	Fix up authentication issues with the HostingServiceAccount API. The `HostingServiceAccountResource` has always been primarily used in a read capacity, and the implementation for `create` wansn't able to create hosting service accounts for any kind of authenticated services. There are two big issues here: - `HostingServiceAccountResource.create()` was manually calling `service.authorize`, but with a legacy function signature that did not work for everything. We started the process of migrating HostingService subclasses to use a new `credentials` dict, but that still isn't implemented everywhere, and for services that do use it, the API endpoint was just completely broken. - Many `HostingService` instances have custom authentication forms which add or remove fields. These forms are what actually create the content of the `credentials` dict. In the case of the reported bug, GitLab's form uses a `private_token` field in credentials rather than `password`. This change makes it so the API resource instantiates the hosting service's auth form and then use that form to create the HostingServiceAccount. This makes it so we're always calling `authorize` with the expected kwargs for the given service, and any custom fields which are relied on will be properly validated and applied. This adds a few new unit tests that use the GitLab service, since that's an example of something that uses a custom auth form and uses non-standard keys in the credentials dict. Testing Done: Ran unit tests.	ab33f0a379dd5e5611dcbeb00f8a2c87973a0ab9

Diff:

Revision 4 (+290 -24)

Show changes

	reviewboard/webapi/resources/hosting_service_account.py
	reviewboard/webapi/tests/test_hosting_service_account.py

Checks run (2 succeeded)

flake8 passed.

JSHint passed.

Ship it!

```
Ship It!
```

Status:: Completed
Change Summary:: Pushed to release-7.x (adbefff)