Merge pull request #121 from ARGOeu/devel

Version  0.1.4

Jenkinsfile

@@ -1,7 +1,7 @@
 pipeline {
     agent { 
         docker { 
-            image 'argo.registry:5000/epel-7-mgo' 
+            image 'argo.registry:5000/epel-7-mgo1.14'
             args '-u jenkins:jenkins'
         }
     }
@@ -63,6 +63,12 @@ pipeline {
         }
         success {
             script{
+                if ( env.BRANCH_NAME == 'devel' ) {
+                    build job: '/ARGO-utils/argo-swagger-docs', propagate: false
+                    build job: '/ARGO/argodoc/devel', propagate: false
+                } else if ( env.BRANCH_NAME == 'master' ) {
+                    build job: '/ARGO/argodoc/master', propagate: false
+                }
                 if ( env.BRANCH_NAME == 'master' || env.BRANCH_NAME == 'devel' ) {
                     slackSend( message: ":rocket: New version for <$BUILD_URL|$PROJECT_DIR>:$BRANCH_NAME Job: $JOB_NAME !")
                 }

README.md

@@ -15,7 +15,7 @@ Before you start, you need to issue a valid certificate.
 
 ## Set Up
 
-1. Install Golang 1.10
+1. Install Golang 1.14
 2. Create a new work space:
 
       `mkdir ~/go-workspace`

argo-api-authn.spec

@@ -3,7 +3,7 @@
 
 Name: argo-api-authn
 Summary: ARGO Authentication API. Map X509, OICD to token.
-Version: 0.1.3
+Version: 0.1.4
 Release: 1%{?dist}
 License: ASL 2.0
 Buildroot: %{_tmppath}/%{name}-buildroot
@@ -57,6 +57,8 @@ go clean
 %attr(0644,root,root) /usr/lib/systemd/system/argo-api-authn.service
 
 %changelog
+* Thu Jun 13 2019 Agelos Tsalapatis  <[email protected]> - 0.1.4-1%{?dist}
+- Release of argo-api-authn version 0.1.4
 * Thu Jun 13 2019 Agelos Tsalapatis  <[email protected]> - 0.1.3-1%{?dist}
 - ARGO-1773 Update authn scripts to filter service endpoints before creating the respective user
 - ARGO-1615 update authn scripts to get site-mail from gocdb

auth/certificate_test.go

@@ -154,8 +154,9 @@ lBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf
 
 	// mismatch
 	crt = ParseCert(commonCert)
+	crt.Subject.CommonName = "example.com"
 	err2 := ValidateClientCertificate(crt, "127.0.0.1:8080")
-	suite.Equal("x509: certificate is valid for COMODO RSA Domain Validation Secure Server CA, not localhost", err2.Error())
+	suite.Equal("x509: certificate is valid for example.com, not localhost", err2.Error())
 
 	// mismatch
 	crt = ParseCert(commonCert)

authmethods/authmethods_test.go

@@ -7,6 +7,7 @@ import (
 	"github.com/stretchr/testify/suite"
 	"io"
 	"io/ioutil"
+	"reflect"
 	"testing"
 )
 
@@ -148,7 +149,7 @@ func (suite *AuthMethodsTestSuite) TestAuthMethodFIndAll() {
 	mockstore.AuthMethods = []stores.QAuthMethod{}
 	aMList2, err2 := AuthMethodFindAll(mockstore)
 
-	suite.Equal(expAmList, aMList)
+	suite.True(reflect.DeepEqual(expAmList, aMList))
 	suite.Equal(0, len(aMList2.AuthMethods))
 
 	suite.Nil(err1)

bin/argo-api-authn-scripts/ams-create-users-cloud-info.py

@@ -220,13 +220,19 @@ def create_users(config, verify):
         # user count
         user_count = 0
 
+        # updated bindings count
+        update_binding_count= 0 
+
+        # updated bindings names
+        update_bindings_names= []
+
         # form the goc db url
         goc_db_url = goc_db_url_arch.replace("{{service-type}}", srv_type)
         LOGGER.info("\nAccessing url: " + goc_db_url)
         LOGGER.info("\nStarted the process for service-type: " + srv_type)
 
         # grab the xml data from goc db
-        goc_request = requests.get(goc_db_url, verify=False)
+        goc_request = requests.get(url=goc_db_url, cert=cert_creds, verify=False)
         LOGGER.info(goc_request.text)
 
         # users from goc db that don't have a dn registered
@@ -260,7 +266,7 @@ def create_users(config, verify):
                     site_url = goc_db_site_url.replace("{{sitename}}", site_name)
                     goc_site_request = requests.get(site_url, cert=cert_creds, verify=False)
                     site_xml_obj = ET.fromstring(goc_site_request.text)
-
+                    
                     # check if the site is in production
                     in_prod = site_xml_obj.find("SITE").find("PRODUCTION_INFRASTRUCTURE")
                     if in_prod.text != 'Production':
@@ -269,7 +275,7 @@ def create_users(config, verify):
                     # check for certified or uncertified
                     cert_uncert = site_xml_obj.find("SITE").find("CERTIFICATION_STATUS")
                     if cert_uncert.text != "Certified" and cert_uncert.text != "Uncertified":
-                        raise Exception("Neither certified not uncertified")
+                        raise Exception("Neither certified nor uncertified")
 
                     contact_email = site_xml_obj.find("SITE").find("CONTACT_EMAIL").text
                     site_contact_emails[site_name] = contact_email
@@ -295,10 +301,8 @@ def create_users(config, verify):
             usr_create = {'projects': [project], 'email': contact_email}
 
             # create the user
-            ams_usr_crt_req = requests.post(
-                "https://" + ams_host + "/v1/users/" + user_binding_name +
-                "?key=" + ams_token,
-                data=json.dumps(usr_create), verify=verify)
+            api_url = 'https://{0}/v1/projects/{1}/members/{2}?key={3}'.format(ams_host, ams_project, user_binding_name, ams_token)
+            ams_usr_crt_req = requests.post(url=api_url, data=json.dumps(usr_create), verify=verify)
             LOGGER.info(ams_usr_crt_req.text)
 
             ams_user_uuid = ""
@@ -320,10 +324,8 @@ def create_users(config, verify):
 
             # If the user already exists, Get user by username
             if ams_usr_crt_req.status_code == 409:
-
-                ams_usr_get_req = requests.get(
-                    "https://" + ams_host + "/v1/users/" +
-                    user_binding_name + "?key=" + ams_token, verify=verify)
+                proj_member_list_url = "https://{0}/v1/projects/{1}/members/{2}?key={3}".format(ams_host, ams_project, user_binding_name, ams_token)
+                ams_usr_get_req = requests.get(url=proj_member_list_url, verify=verify)
 
                 # if the user retrieval was ok
                 if ams_usr_get_req.status_code == 200:
@@ -337,17 +339,16 @@ def create_users(config, verify):
 
             # Create the respective AUTH binding
             bd_data = {
-                'name': user_binding_name,
                 'service_uuid': authn_service_uuid,
                 'host': authn_service_host,
                 'auth_identifier': service_dn,
                 'unique_key': ams_user_uuid,
                 "auth_type": "x509"
             }
-
-            authn_binding_crt_req = requests.post(
-                "https://"+authn_host+"/v1/bindings?key="+authn_token,
-                data=json.dumps(bd_data), verify=verify)
+            
+            create_binding_url = "https://{0}/v1/bindings/{1}?key={2}".format(authn_host, user_binding_name, authn_token)
+
+            authn_binding_crt_req = requests.post(url=create_binding_url, data=json.dumps(bd_data), verify=verify)
             LOGGER.info(authn_binding_crt_req.text)
 
             # if the response is neither a 201(Created) nor a 409(already exists)
@@ -358,6 +359,32 @@ def create_users(config, verify):
                     authn_binding_crt_req.text)
                 continue
 
+            # if the binding already exists, check for an updated DN from gocdb
+            if authn_binding_crt_req.status_code == 409:
+                retrieve_binding_url = "https://{0}/v1/bindings/{1}?key={2}".format(authn_host, user_binding_name, authn_token)
+                authn_ret_bind_req = requests.get(url=retrieve_binding_url, verify=verify)
+                # if the binding retrieval was ok
+                if authn_ret_bind_req.status_code == 200:
+                    LOGGER.info("\nSuccessfully retrieved binding {} from authn. Checking for DN update.".format(user_binding_name))
+                    binding = authn_ret_bind_req.json()
+                    # check if the dn has changed
+                    if binding["auth_identifier"] != service_dn:
+                        # update the respective binding with the new dn
+                        bind_upd_req_url = "https://{0}/v1/bindings/{1}?key={2}".format(authn_host, user_binding_name, authn_token)
+                        upd_bd_data = {
+                            "auth_identifier": service_dn
+                        }
+                        authn_bind_upd_req = requests.put(url=bind_upd_req_url, data=json.dumps(upd_bd_data), verify=verify)
+                        LOGGER.info(authn_bind_upd_req.text)
+                        if authn_bind_upd_req.status_code == 200:
+                            update_binding_count += 1
+                            update_bindings_names.append(user_binding_name)
+                else:
+                    LOGGER.critical(
+                        "\nCould not retrieve binding {} from authn."
+                        "\n Response {}".format(user_binding_name, authn_ret_bind_req.text))
+                    continue
+
             # since both the ams user was created or already existed AND the authn binding was created or already existed
             # move to topic and subscription creation
 
@@ -442,6 +469,10 @@ def create_users(config, verify):
         LOGGER.critical("Service Type: " + srv_type)
         LOGGER.critical("Missing DNS: " + str(missing_dns))
         LOGGER.critical("Total Users Created: " + str(user_count))
+        LOGGER.critical("Total Bindings Updated: " + str(update_binding_count))
+        LOGGER.critical("Updated bingings: " + str(update_bindings_names))
+
+
         LOGGER.critical("-----------------------------------------")
 
 
@@ -490,4 +521,4 @@ def main(args=None):
         "-verify", "--Verify", help="SSL verification for requests",
         action="store_true")
 
-    sys.exit(main(parser.parse_args()))
+    sys.exit(main(parser.parse_args()))