Merge pull request #379 from querti/disable-errata-http-calls

Allow Errata HTTP client to work without Kerberos credentials
release-engineering · Sep 20, 2023 · cd4f27f · cd4f27f
2 parents 7d1d847 + 83a36ad
commit cd4f27f
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 3 deletions.
diff --git a/src/pushsource/_impl/backend/errata_source/errata_http_client.py b/src/pushsource/_impl/backend/errata_source/errata_http_client.py
@@ -5,6 +5,7 @@
 import logging
 import tempfile
 from urllib.parse import urljoin
+from functools import wraps
 
 import requests
 import gssapi
@@ -13,6 +14,16 @@
 LOG = logging.getLogger("pushsource.errata_http_client")
 
 
+def return_none_if_unauthenticated(func):
+ @wraps(func)
+ def wrapper_return_none_if_unauthenticated(self, *args, **kwargs):
+ if not self.keytab_path or not self.principal:
+ return None
+ return func(self, *args, **kwargs)
+
+ return wrapper_return_none_if_unauthenticated
+
+
 class ErrataHTTPClient:
  """Class for performing HTTP API queries with Errata."""
 
@@ -123,6 +134,7 @@ def session(self) -> requests.Session:
 
  return self._thread_local.session
 
+ @return_none_if_unauthenticated
  def get_advisory_data(self, advisory: str) -> dict:
  """
  Get advisory data.

diff --git a/src/pushsource/_impl/backend/errata_source/errata_source.py b/src/pushsource/_impl/backend/errata_source/errata_source.py
@@ -239,9 +239,12 @@ def _push_items_from_container_manifests(self, erratum, docker_file_list):
 
  # Get product name from Errata. Enrich Container push items with this info
  advisory_data = self._http_client.get_advisory_data(erratum.name)
- # This dictionary key is different based on erratum type
- erratum_type = list(advisory_data["errata"].keys())[0]
- product_name = advisory_data["errata"][erratum_type]["product"]["name"]
+ if advisory_data:
+ # This dictionary key is different based on erratum type
+ erratum_type = list(advisory_data["errata"].keys())[0]
+ product_name = advisory_data["errata"][erratum_type]["product"]["name"]
+ else:
+ product_name = None
 
  # We'll be getting container metadata from these builds.
  with self._koji_source(

diff --git a/tests/baseline/test_baseline.py b/tests/baseline/test_baseline.py
@@ -86,9 +86,21 @@ def koji_test_backend(fake_koji, koji_dir):
 
 @pytest.fixture(autouse=True)
 def fake_kerberos_auth(mocker):
+ mocker.patch(
+ "pushsource._impl.backend.errata_source."
+ "errata_http_client.ErrataHTTPClient.create_kerberos_ticket"
+ )
  mocker.patch("gssapi.Name")
  mocker.patch("gssapi.Credentials.acquire")
  mocker.patch("requests_gssapi.HTTPSPNEGOAuth", return_value=None)
+ with patch.dict(
+ "os.environ",
+ {
+ "PUSHSOURCE_ERRATA_KEYTAB_PATH": "/path/to/keytab",
+ "PUSHSOURCE_ERRATA_PRINCIPAL": "[email protected]",
+ },
+ ):
+ yield
 
 
 @pytest.fixture(autouse=True)

diff --git a/tests/errata/test_errata_http_client.py b/tests/errata/test_errata_http_client.py
@@ -243,3 +243,14 @@ def test_get_advisory_data(caplog):
  "Queried Errata HTTP API for RHSA-123456789",
  "GET https://errata.example.com/api/v1/erratum/RHSA-123456789 200",
  ]
+
+
+def test_get_advisory_data_no_credentials(caplog):
+ caplog.set_level(logging.DEBUG)
+
+ client = ErrataHTTPClient("https://errata.example.com/")
+
+ data = client.get_advisory_data("RHSA-123456789")
+
+ assert data == None
+ assert caplog.messages == []