Merge pull request galaxyproject#9801 from VJalili/azure_authz

Make AuthN attribute optional for Azure and GCP.

lib/galaxy/managers/cloudauthzs.py

@@ -61,7 +61,7 @@ def add_serializers(self):
             'user_id'      : lambda i, k, **c: self.app.security.encode_id(i.user_id),
             'provider'     : lambda i, k, **c: str(i.provider),
             'config'       : lambda i, k, **c: i.config,
-            'authn_id'     : lambda i, k, **c: self.app.security.encode_id(i.authn_id),
+            'authn_id'     : lambda i, k, **c: self.app.security.encode_id(i.authn_id) if i.authn_id else None,
             'last_update'  : lambda i, k, **c: str(i.last_update),
             'last_activity': lambda i, k, **c: str(i.last_activity),
             'create_time'  : lambda i, k, **c: str(i.create_time),

lib/galaxy/model/__init__.py

@@ -5963,7 +5963,7 @@ def __init__(self, user, external_user_id, provider, access_token, id_token, ref
         self.refresh_expiration_time = refresh_expiration_time
 
 
-class CloudAuthz(RepresentById):
+class CloudAuthz(object):
     def __init__(self, user_id, provider, config, authn_id, description=""):
         self.id = None
         self.user_id = user_id
@@ -5975,17 +5975,10 @@ def __init__(self, user_id, provider, config, authn_id, description=""):
         self.last_activity = datetime.now()
         self.description = description
 
-    def __eq__(self, other):
-        if not isinstance(other, CloudAuthz):
-            return False
-        return self.equals(other.user_id, other.provider, other.authn_id, other.config)
-
-    def __ne__(self, other):
-        return not self.__eq__(other)
-
     def equals(self, user_id, provider, authn_id, config):
         return (self.user_id == user_id
                 and self.provider == provider
+                and self.authn_id
                 and self.authn_id == authn_id
                 and len({k: self.config[k] for k in self.config if k in config
                          and self.config[k] == config[k]}) == len(self.config))

lib/galaxy/webapps/galaxy/api/cloudauthz.py

@@ -104,7 +104,7 @@ def create(self, trans, payload, **kwargs):
             missing_arguments.append('config')
 
         authn_id = payload.get('authn_id', None)
-        if authn_id is None:
+        if authn_id is None and provider.lower() not in ["azure", "gcp"]:
             missing_arguments.append('authn_id')
 
         if len(missing_arguments) > 0:
@@ -118,16 +118,17 @@ def create(self, trans, payload, **kwargs):
             log.debug(msg_template.format("invalid config type `{}`, expect `dict`".format(type(config))))
             raise RequestParameterInvalidException('Invalid type for the required `config` variable; expect `dict` '
                                                    'but received `{}`.'.format(type(config)))
-        try:
-            authn_id = self.decode_id(authn_id)
-        except Exception:
-            log.debug(msg_template.format("cannot decode authn_id `" + str(authn_id) + "`"))
-            raise MalformedId('Invalid `authn_id`!')
-
-        try:
-            trans.app.authnz_manager.can_user_assume_authn(trans, authn_id)
-        except Exception as e:
-            raise e
+        if authn_id:
+            try:
+                authn_id = self.decode_id(authn_id)
+            except Exception:
+                log.debug(msg_template.format("cannot decode authn_id `" + str(authn_id) + "`"))
+                raise MalformedId('Invalid `authn_id`!')
+
+            try:
+                trans.app.authnz_manager.can_user_assume_authn(trans, authn_id)
+            except Exception as e:
+                raise e
 
         # No two authorization configuration with
         # exact same key/value should exist.
@@ -147,7 +148,6 @@ def create(self, trans, payload, **kwargs):
             )
             view = self.cloudauthz_serializer.serialize_to_view(new_cloudauthz, trans=trans, **self._parse_serialization_params(kwargs, 'summary'))
             log.debug('Created a new cloudauthz record for the user id `{}` '.format(str(trans.user.id)))
-            trans.response.status = '200'
             return view
         except Exception as e:
             log.exception(msg_template.format("exception while creating the new cloudauthz record"))

test/integration/cloudauthz/test_cloudauthz.py

@@ -0,0 +1,40 @@
+"""
+You may run this test using the following command:
+./run_tests.sh test/integration/cloudauthz/test_cloudauthz.py:DefineCloudAuthzTestCase.test_post_cloudauthz_without_authn -s
+"""
+
+import json
+
+from galaxy_test.driver import integration_util
+
+
+class DefineCloudAuthzTestCase(integration_util.IntegrationTestCase):
+    framework_tool_and_types = True
+
+    def test_post_cloudauthz_without_authn(self):
+        """
+        This test asserts if a cloudauthz object
+        can be successfully posted to the cloudauthz API
+        (i.e., api/cloud/authz).
+        """
+        provider = "azure"
+        tenant_id = "abc"
+        client_id = "def"
+        client_secret = "ghi"
+        with self._different_user("[email protected]"):
+
+            # The payload for the POST API.
+            payload = {
+                "provider": provider,
+                "config": json.dumps({
+                    "tenant_id": tenant_id,
+                    "client_id": client_id,
+                    "client_secret": client_secret
+                })
+            }
+
+            response = self._post(path="cloud/authz", data=payload)
+            response.raise_for_status()
+            cloudauthz = response.json()
+
+            assert cloudauthz["provider"] == provider