Merge pull request #31 from zalando-stups/feature/29-use-new-zign-imp…

…licit-flow-functionality #29 Perform OAuth2 Implicit Grant Flow to get access token
zalando-stups · Jan 11, 2017 · f46b229 · f46b229
2 parents 5640704 + df6b9de
commit f46b229
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 28 deletions.
diff --git a/piu/cli.py b/piu/cli.py
@@ -137,7 +137,7 @@ def tunnel_validation(ctx, param, value):
 
 
 def _request_access(even_url, cacert, username, hostname, reason, remote_host,
-                    lifetime, user, password, clip, connect, tunnel):
+                    lifetime, clip, connect, tunnel):
     data = {'username': username, 'hostname': hostname, 'reason': reason}
     host_via = hostname
     if remote_host:
@@ -146,12 +146,11 @@ def _request_access(even_url, cacert, username, hostname, reason, remote_host,
     if lifetime:
         data['lifetime_minutes'] = lifetime
     try:
-        token = zign.api.get_named_token(['uid'], 'employees', 'piu', user, password, prompt=True)
+        access_token = zign.api.get_token("piu", ['uid'])
     except zign.api.ServerError as e:
         click.secho('{}'.format(e), fg='red', bold=True)
         return 500
 
-    access_token = token.get('access_token')
     click.secho('Requesting access to host {host_via} for {username}..'.format(host_via=host_via, username=username),
                 bold=True)
     r = requests.post(even_url, headers={'Content-Type': 'application/json',
@@ -199,9 +198,6 @@ def cli(ctx, config_file):
 @click.argument('host', metavar='[USER]@HOST', required=False)
 @click.argument('reason', required=False)
 @click.argument('reason_cont', nargs=-1, metavar='[..]', required=False)
-@click.option('-U', '--user', help='Username to use for OAuth2 authentication', envvar='PIU_USER', metavar='NAME')
-@click.option('-p', '--password', help='Password to use for OAuth2 authentication',
-              envvar='PIU_PASSWORD', metavar='PWD')
 @click.option('-E', '--even-url', help='Even SSH Access Granting Service URL', envvar='EVEN_URL', metavar='URI')
 @click.option('-O', '--odd-host', help='Odd SSH bastion hostname', envvar='ODD_HOST', metavar='HOSTNAME')
 @click.option('-t', '--lifetime', help='Lifetime of the SSH access request in minutes (default: 60)',
@@ -213,7 +209,7 @@ def cli(ctx, config_file):
 @click.option('--tunnel', help='Tunnel to the host', envvar='PIU_TUNNEL',
               callback=tunnel_validation, metavar='LOCALPORT:REMOTEPORT')
 @click.pass_obj
-def request_access(obj, host, reason, reason_cont, user, password, even_url, odd_host, lifetime, interactive,
+def request_access(obj, host, reason, reason_cont, even_url, odd_host, lifetime, interactive,
                    insecure, clip, connect, tunnel):
     '''Request SSH access to a single host'''
 
@@ -227,13 +223,11 @@ def request_access(obj, host, reason, reason_cont, user, password, even_url, odd
     if connect and tunnel:
         raise click.UsageError('Cannot specify both "connect" and "tunnel"')
 
-    user = user or zign.api.get_config().get('user') or os.getenv('USER')
-
     parts = host.split('@')
     if len(parts) > 1:
         username = parts[0]
     else:
-        username = user
+        username = zign.api.get_config().get('user') or os.getenv('USER')
 
     hostname = parts[-1]
 
@@ -294,7 +288,7 @@ def request_access(obj, host, reason, reason_cont, user, password, even_url, odd
         remote_host = None
 
     return_code = _request_access(even_url, cacert, username, first_host, reason, remote_host, lifetime,
-                                  user, password, clip, connect, tunnel)
+                                  clip, connect, tunnel)
 
     if return_code != 200:
         sys.exit(return_code)
@@ -398,5 +392,6 @@ def list_access_requests(obj, user, odd_host, status, limit, offset, output):
 def main():
     handle_exceptions(cli)()
 
+
 if __name__ == '__main__':
     main()
diff --git a/requirements.txt b/requirements.txt
@@ -2,6 +2,6 @@ clickclick>=0.10
 PyYAML
 requests
 pyperclip
-stups-zign>=0.16
+stups-zign>=1.1.26
 boto3>=1.3.0
 botocore>=1.4.10
diff --git a/setup.py b/setup.py
@@ -22,6 +22,7 @@ def read_version(package):
         exec(fd.read(), data)
     return data['__version__']
 
+
 NAME = 'stups-piu'
 MAIN_PACKAGE = 'piu'
 VERSION = read_version(MAIN_PACKAGE)

diff --git a/tests/test_cli.py b/tests/test_cli.py
@@ -16,9 +16,8 @@ def test_missing_reason():
 
 def test_success(monkeypatch):
     response = MagicMock(status_code=200, text='**MAGIC-SUCCESS**')
-    monkeypatch.setattr('zign.api.get_named_token', MagicMock(return_value={'access_token': '123'}))
+    monkeypatch.setattr('zign.api.get_token', MagicMock(return_value='123'))
     monkeypatch.setattr('requests.post', MagicMock(return_value=response))
-    monkeypatch.setattr('keyring.set_password', MagicMock())
     runner = CliRunner()
 
     with runner.isolated_filesystem():
@@ -27,7 +26,6 @@ def test_success(monkeypatch):
                                 '--lifetime=15',
                                 '--even-url=https://localhost/',
                                 '--odd-host=odd.example.org',
-                                '--password=foobar',
                                 'my reason'],
                                catch_exceptions=False)
 
@@ -36,17 +34,15 @@ def test_success(monkeypatch):
 
 def test_bad_request(monkeypatch):
     response = MagicMock(status_code=400, text='**MAGIC-BAD-REQUEST**')
-    monkeypatch.setattr('zign.api.get_named_token', MagicMock(return_value={'access_token': '123'}))
+    monkeypatch.setattr('zign.api.get_token', MagicMock(return_value='123'))
     monkeypatch.setattr('requests.post', MagicMock(return_value=response))
-    monkeypatch.setattr('keyring.set_password', MagicMock())
     runner = CliRunner()
 
     with runner.isolated_filesystem():
         result = runner.invoke(cli,
                                ['req',
                                 '--lifetime=15',
                                 '--even-url=https://localhost/',
-                                '--password=foobar',
                                 'myuser@odd-host',
                                 'my reason'],
                                catch_exceptions=False)
@@ -57,16 +53,14 @@ def test_bad_request(monkeypatch):
 
 def test_auth_failure(monkeypatch):
     response = MagicMock(status_code=403, text='**MAGIC-AUTH-FAILED**')
-    monkeypatch.setattr('zign.api.get_named_token', MagicMock(return_value={'access_token': '123'}))
+    monkeypatch.setattr('zign.api.get_token', MagicMock(return_value='123'))
     monkeypatch.setattr('requests.post', MagicMock(return_value=response))
-    monkeypatch.setattr('keyring.set_password', MagicMock())
     runner = CliRunner()
 
     with runner.isolated_filesystem():
         result = runner.invoke(cli,
                                ['r',
                                 '--even-url=https://localhost/',
-                                '--password=invalid',
                                 'myuser@odd-host',
                                 'my reason'],
                                catch_exceptions=False)
@@ -77,12 +71,10 @@ def test_auth_failure(monkeypatch):
 
 def test_dialog(monkeypatch):
     response = MagicMock(status_code=200, text='**MAGIC-SUCCESS**')
-    monkeypatch.setattr('zign.api.get_named_token', MagicMock(return_value={'access_token': '123'}))
+    monkeypatch.setattr('zign.api.get_token', MagicMock(return_value='123'))
     monkeypatch.setattr('requests.post', MagicMock(return_value=response))
     monkeypatch.setattr('requests.get', MagicMock(return_value=response))
     monkeypatch.setattr('socket.getaddrinfo', MagicMock())
-    monkeypatch.setattr('keyring.set_password', MagicMock())
-    monkeypatch.setattr('keyring.get_password', MagicMock(return_value=None))
     runner = CliRunner()
 
     with runner.isolated_filesystem():
@@ -95,12 +87,10 @@ def test_dialog(monkeypatch):
 
 def test_oauth_failure(monkeypatch):
     response = MagicMock(status_code=200, text='**MAGIC-SUCCESS**')
-    monkeypatch.setattr('zign.api.get_named_token', MagicMock(side_effect=zign.api.ServerError('**MAGIC-FAIL**')))
+    monkeypatch.setattr('zign.api.get_token', MagicMock(side_effect=zign.api.ServerError('**MAGIC-FAIL**')))
     monkeypatch.setattr('requests.post', MagicMock(return_value=response))
     monkeypatch.setattr('requests.get', MagicMock(return_value=response))
     monkeypatch.setattr('socket.getaddrinfo', MagicMock())
-    monkeypatch.setattr('keyring.set_password', MagicMock())
-    monkeypatch.setattr('keyring.get_password', MagicMock(return_value=None))
     runner = CliRunner()
 
     with runner.isolated_filesystem():
@@ -305,7 +295,7 @@ def test_tunnel_success(monkeypatch):
 
     response = MagicMock(status_code=200, text='**MAGIC-SUCCESS**')
 
-    monkeypatch.setattr('zign.api.get_named_token', MagicMock(return_value={'access_token': '123'}))
+    monkeypatch.setattr('zign.api.get_token', MagicMock(return_value='123'))
     monkeypatch.setattr('requests.post', MagicMock(return_value=response))
     monkeypatch.setattr('subprocess.call', MagicMock())