@@ -52,31 +52,26 @@ class MASUserUtils():
5252 def __init__ (self , mas_instance_id : str , mas_workspace_id : str , k8s_client : client .api_client .ApiClient , coreapi_port : int = 443 , admin_dashboard_port : int = 443 , manage_api_port : int = 443 ):
5353 self .mas_instance_id = mas_instance_id
5454 self .mas_workspace_id = mas_workspace_id
55- self .k8s_client = k8s_client
5655 self .logger = logging .getLogger (f"{ __name__ } { self .__class__ .__name__ } )
5756
58- self .coreapi_port = coreapi_port
59- self .admin_dashboard_port = admin_dashboard_port
60- self .manage_api_port = manage_api_port
61-
6257 self .mas_core_namespace = f"mas-{ self .mas_instance_id }
6358 self .manage_namespace = f"mas-{ self .mas_instance_id }
64- self .dyn_client = DynamicClient (self .k8s_client )
65- self .v1_secrets = self .dyn_client .resources .get (api_version = "v1" , kind = "Secret" )
59+
60+ dyn_client = DynamicClient (k8s_client )
61+ self .v1_secrets = dyn_client .resources .get (api_version = "v1" , kind = "Secret" )
6662
6763 self ._mas_superuser_credentials = None
64+ self ._superuser_auth_token = None
6865
69- self ._mas_admin_url_internal = None
66+ self .mas_admin_url_internal = f'https://admin-dashboard. { self . mas_core_namespace } .svc.cluster.local: { admin_dashboard_port } '
7067 self ._admin_internal_tls_secret = None
7168 self ._admin_internal_ca_pem_file_path = None
7269
73- self ._mas_api_url_internal = None
70+ self .mas_api_url_internal = f'https://coreapi. { self . mas_core_namespace } .svc.cluster.local: { coreapi_port } '
7471 self ._core_internal_tls_secret = None
7572 self ._core_internal_ca_pem_file_path = None
7673
77- self ._superuser_auth_token = None
78-
79- self ._manage_api_url_internal = None
74+ self .manage_api_url_internal = f'https://{ self .mas_instance_id } { self .mas_workspace_id } { self .manage_namespace } { manage_api_port }
8075 self ._manage_internal_tls_secret = None
8176 self ._manage_internal_ca_pem_file_path = None
8277 self ._manage_internal_client_pem_file_path = None
@@ -90,22 +85,11 @@ def mas_superuser_credentials(self):
9085 if self ._mas_superuser_credentials is None :
9186 k8s_secret = self .v1_secrets .get (name = f"{ self .mas_instance_id } , namespace = self .mas_core_namespace )
9287 self ._mas_superuser_credentials = dict (
93- username = base64 .b64decode (str ( k8s_secret .data . username ) ).decode ("utf-8" ),
94- password = base64 .b64decode (str ( k8s_secret .data . password ) ).decode ("utf-8" ),
88+ username = base64 .b64decode (k8s_secret .data [ " username" ] ).decode ("utf-8" ),
89+ password = base64 .b64decode (k8s_secret .data [ " password" ] ).decode ("utf-8" ),
9590 )
9691 return self ._mas_superuser_credentials
9792
98- @property
99- def mas_admin_url_internal (self ):
100- if self ._mas_admin_url_internal is None :
101- self ._mas_admin_url_internal = f'https://admin-dashboard.{ self .mas_core_namespace } { self .admin_dashboard_port }
102-
103- # for local testing:
104- # add to /etc/hosts:
105- # 127.0.0.1 admin-dashboard.mas-tgk01-core.svc.cluster.local
106- # oc port-forward service/admin-dashboard 8445:443 -n mas-tgk01-core
107- return self ._mas_admin_url_internal
108-
10993 @property
11094 def admin_internal_tls_secret (self ):
11195 if self ._admin_internal_tls_secret is None :
@@ -115,7 +99,7 @@ def admin_internal_tls_secret(self):
11599 @property
116100 def admin_internal_ca_pem_file_path (self ):
117101 if self ._admin_internal_ca_pem_file_path is None :
118- ca = base64 .b64decode (self .core_internal_tls_secret .data ["ca.crt" ]).decode ('utf-8' )
102+ ca = base64 .b64decode (self .admin_internal_tls_secret .data ["ca.crt" ]).decode ('utf-8' )
119103 with tempfile .NamedTemporaryFile (delete = False , suffix = ".pem" ) as pem_file :
120104 pem_file .write (ca .encode ())
121105 pem_file .flush ()
@@ -124,17 +108,6 @@ def admin_internal_ca_pem_file_path(self):
124108 self ._admin_internal_ca_pem_file_path = pem_file .name
125109 return self ._admin_internal_ca_pem_file_path
126110
127- @property
128- def mas_api_url_internal (self ):
129- if self ._mas_api_url_internal is None :
130- self ._mas_api_url_internal = f'https://coreapi.{ self .mas_core_namespace } { self .coreapi_port }
131-
132- # for local testing:
133- # add to /etc/hosts:
134- # 127.0.0.1 coreapi.mas-tgk01-core.svc.cluster.local
135- # oc port-forward service/coreapi 8444:443 -n mas-tgk01-core
136- return self ._mas_api_url_internal
137-
138111 @property
139112 def core_internal_tls_secret (self ):
140113 if self ._core_internal_tls_secret is None :
@@ -153,18 +126,6 @@ def core_internal_ca_pem_file_path(self):
153126 self ._core_internal_ca_pem_file_path = pem_file .name
154127 return self ._core_internal_ca_pem_file_path
155128
156- @property
157- def manage_api_url_internal (self ):
158- if self ._manage_api_url_internal is None :
159- # for local testing:
160- # add to /etc/hosts:
161- # 127.0.0.1 tgk01-masdev.mas-tgk01-manage.svc.cluster.local
162-
163- # oc port-forward service/tgk01-masdev 8443:443 -n mas-tgk01-manage
164-
165- self ._manage_api_url_internal = f'https://{ self .mas_instance_id } { self .mas_workspace_id } { self .manage_namespace } { self .manage_api_port }
166- return self ._manage_api_url_internal
167-
168129 @property
169130 def superuser_auth_token (self ):
170131 if self ._superuser_auth_token is None :
@@ -231,6 +192,27 @@ def mas_workspace_application_ids(self):
231192 self ._mas_workspace_application_ids = list (map (lambda ma : ma ["id" ], self .get_mas_applications_in_workspace ()))
232193 return self ._mas_workspace_application_ids
233194
195+ def get_user (self , user_id ):
196+ self .logger .debug (f"Getting user { user_id } )
197+ url = f"{ self .mas_api_url_internal } { user_id }
198+ headers = {
199+ "Accept" : "application/json" ,
200+ "x-access-token" : self .superuser_auth_token
201+ }
202+ response = requests .get (
203+ url ,
204+ headers = headers ,
205+ verify = self .core_internal_ca_pem_file_path
206+ )
207+
208+ if response .status_code == 404 :
209+ return None
210+
211+ if response .status_code == 200 :
212+ return response .json ()
213+
214+ raise Exception (f"{ response .status_code } { response .text } )
215+
234216 def get_or_create_user (self , payload ):
235217 '''
236218 User is identified by payload["id"] field
@@ -308,6 +290,9 @@ def link_user_to_local_idp(self, user_id, email_password=False):
308290
309291 # For the sake of idempotency, check if the user already has a local identity
310292 user = self .get_user (user_id )
293+ if user is None :
294+ raise Exception (f"User { user_id } )
295+
311296 if "identities" in user and "_local" in user ["identities" ]:
312297 self .logger .info (f"User { user_id } )
313298 return None
@@ -338,27 +323,6 @@ def link_user_to_local_idp(self, user_id, email_password=False):
338323
339324 return None
340325
341- def get_user (self , user_id ):
342- self .logger .debug (f"Getting user { user_id } )
343- url = f"{ self .mas_api_url_internal } { user_id }
344- headers = {
345- "Accept" : "application/json" ,
346- "x-access-token" : self .superuser_auth_token
347- }
348- response = requests .get (
349- url ,
350- headers = headers ,
351- verify = self .core_internal_ca_pem_file_path
352- )
353-
354- if response .status_code == 404 :
355- return None
356-
357- if response .status_code == 200 :
358- return response .json ()
359-
360- raise Exception (f"{ response .status_code } { response .text } )
361-
362326 def get_user_workspaces (self , user_id ):
363327 '''
364328 Assumes user exists, raises if not.
0 commit comments