Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove deprecated code in Pyramid 2.0 #5288

Merged
merged 5 commits into from
Aug 2, 2023
Merged

Remove deprecated code in Pyramid 2.0 #5288

merged 5 commits into from
Aug 2, 2023

Conversation

mattiaverga
Copy link
Contributor

This change will remove calls to deprecated methods in Pyramid 2.0. Note that will also make Bodhi require Pyramid > 2.0 as the new authentication policies method should not be available in versions before 2.0 (at least, I have not found them in Pyramid's 1.9 docs).

@mattiaverga mattiaverga added the WIP Work in progress label May 1, 2023
@mattiaverga mattiaverga force-pushed the new_auth branch 2 times, most recently from 1cde9b8 to 5f96357 Compare May 4, 2023 06:46
@mattiaverga mattiaverga changed the title [WIP] Remove deprecated code in Pyramid 2.0 Remove deprecated code in Pyramid 2.0 May 13, 2023
@mattiaverga mattiaverga removed the WIP Work in progress label May 13, 2023
@mattiaverga mattiaverga marked this pull request as ready for review May 13, 2023 12:37
@mattiaverga mattiaverga requested a review from a team as a code owner May 13, 2023 12:37
@mattiaverga mattiaverga linked an issue May 13, 2023 that may be closed by this pull request
Update code to support Pyramid 2 #5091
Closed
@mattiaverga
Copy link
Contributor Author

I can't understand why Integration tests on Rawhide and F38 are still failing. When the bodhi-client tries to perform any action which requires authentication it gets a permission denied.

I thought it was something related to Pyramid 2.0, but even with the new security policy in place it still fails. Moreover, after upgrading staging Bodhi base image to Fedora 38, so that now uses Pyramid 2.0, the bodhi-client seems to work fine there. So I think there's something wrong in our Integration tests setup, but I'm unable to find what.

@mattiaverga
Copy link
Contributor Author

Thanks @abompard for the fix of F38 Integration tests.
So, looks like the current bodhi 7.2.0 is indeed compatible with Pyramid 2.0. This change is therefore getting lower priority as we can safely upgrade prod to F38.

I'll keep this waiting until someone find time to do a full security review, as I think I've just updated the existing Pyramid security settings to the new format, but I may have missed something.
In the meantime, I've merged this PR into staging and deployed, so it can also be tested there (so far it looks good, but I'm in provenpackager group, so it's hard to get authorization tested properly).

@mattiaverga
Use JSONSerializer instead of PickleSerializer
1ef54e7 
Fix a deprecation warning with Pyramid 2.0. One small step related to fedora-infra#5091

Signed-off-by: Mattia Verga <mattia.verga@tiscali.it>
@mattiaverga
Switch to Pyramid 2.0 Security Policies
621f8b7 
Signed-off-by: Mattia Verga <mattia.verga@tiscali.it>
@mattiaverga
Build staging RPMs only for F38
640dbce 
Signed-off-by: Mattia Verga <mattia.verga@tiscali.it>
@mattiaverga
Stop running tests on f37
efb15ea 
Fedora 37 doesn't have Pyramid >= 2.0.0

Signed-off-by: Mattia Verga <mattia.verga@tiscali.it>
@mattiaverga mattiaverga added this to the 8.0 milestone Jun 25, 2023
@mattiaverga mattiaverga merged commit 52e43e7 into fedora-infra:develop Aug 2, 2023
@mattiaverga mattiaverga deleted the new_auth branch August 2, 2023 11:36
@AdamWill
Copy link
Contributor

AdamWill commented Dec 22, 2023
edited
Loading

Did this break the authtkt.timeout feature? AFAICS, before this commit, that was handled by the upstream pyramid.authentication.AuthTktAuthenticationPolicy class that the old code used; but this code replaced that with the new BodhiSecurityPolicy class, which takes max_age as an arg but never does anything with it. So AFAICS the setting does nothing, and possibly Bodhi cookies no longer ever expire?

edit: there is some behind-the-scenes stuff there, because we're implementing an upstream "security policy" API and calling upstream's set_security_policy on it, but having taken a look at the upstream code I don't see that it's doing any kind of black magic to use this max_age value. I don't see how it could anyway, since we call it on an instance of BodhiSecurityPolicy, which means I don't think the upstream code would be able to get an arg that was passed when instantiating it but not saved anywhere in the instance...

@mattiaverga
Copy link
Contributor Author

yeah, I forgot to pass the arguments to AuthTktCookieHelper...

@mattiaverga
Copy link
Contributor Author

#5572 should fix it

@AdamWill AdamWill mentioned this pull request Dec 22, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
8.0
Development

Successfully merging this pull request may close these issues.

Update code to support Pyramid 2
2 participants
@mattiaverga @AdamWill