diff options
author | James E. Blair <jim@acmegating.com> | 2022-09-24 09:25:48 -0700 |
---|---|---|
committer | James E. Blair <jim@acmegating.com> | 2022-10-06 15:38:24 -0700 |
commit | 5e6dbf2001fdb4f99f616a33a0fe2f6b44613062 (patch) | |
tree | 8b74c11f0002cfc8dc1543316b38295e36f56739 | |
parent | 3a0eaa1ffea1a32d4f11864485f2883194a99354 (diff) | |
download | zuul-5e6dbf2001fdb4f99f616a33a0fe2f6b44613062.tar.gz |
Remove unused /api/user/authorizations REST endpoint
This has not beeen used for a while and can be removed. This will
simplify the authorization code in zuul-web.
Change-Id: I0fa6c4fb87672c44d3f97db0be558737b4f102bc
-rw-r--r-- | tests/unit/test_web.py | 24 | ||||
-rwxr-xr-x | zuul/web/__init__.py | 29 |
2 files changed, 0 insertions, 53 deletions
diff --git a/tests/unit/test_web.py b/tests/unit/test_web.py index d8901fabb..96bc503ff 100644 --- a/tests/unit/test_web.py +++ b/tests/unit/test_web.py @@ -2394,10 +2394,6 @@ class TestTenantScopedWebApi(BaseTestWeb): {'action': 'authorizations', 'path': 'api/tenant/my-tenant/authorizations', 'allowed_methods': ['GET', ]}, - # TODO (mhu) deprecated, remove in next version - {'action': 'authorizations', - 'path': 'api/user/authorizations', - 'allowed_methods': ['GET', ]}, ] for endpoint in endpoints: preflight = self.options_url( @@ -2853,10 +2849,6 @@ class TestTenantScopedWebApiWithAuthRules(BaseTestWeb): 'exp': time.time() + 3600} token = jwt.encode(authz, key='NoDanaOnlyZuul', algorithm='HS256') - # TODO(mhu) deprecated, remove after next release - req = self.get_url('/api/user/authorizations', - headers={'Authorization': 'Bearer %s' % token}) - self.assertEqual(401, req.status_code, req.text) req = self.get_url('/api/tenant/tenant-one/authorizations', headers={'Authorization': 'Bearer %s' % token}) self.assertEqual(401, req.status_code, req.text) @@ -2895,19 +2887,6 @@ class TestTenantScopedWebApiWithAuthRules(BaseTestWeb): authz['exp'] = time.time() + 3600 token = jwt.encode(authz, key='NoDanaOnlyZuul', algorithm='HS256') - # TODO(mhu) deprecated, remove after next release - req = self.get_url('/api/user/authorizations', - headers={'Authorization': 'Bearer %s' % token}) - self.assertEqual(200, req.status_code, req.text) - data = req.json() - self.assertTrue('zuul' in data, - "%s got %s" % (authz['sub'], data)) - self.assertTrue('admin' in data['zuul'], - "%s got %s" % (authz['sub'], data)) - self.assertEqual(test_user['zuul.admin'], - data['zuul']['admin'], - "%s got %s" % (authz['sub'], data)) - req = self.get_url('/api/tenant/tenant-one/authorizations', headers={'Authorization': 'Bearer %s' % token}) self.assertEqual(200, req.status_code, req.text) @@ -2942,9 +2921,6 @@ class TestTenantScopedWebApiWithAuthRules(BaseTestWeb): """Test that missing Authorization header results in HTTP 401""" req = self.get_url('/api/tenant/tenant-one/authorizations') self.assertEqual(401, req.status_code, req.text) - # TODO(mhu) deprecated, remove after next release - req = self.get_url('/api/user/authorizations') - self.assertEqual(401, req.status_code, req.text) class TestTenantScopedWebApiTokenWithExpiry(BaseTestWeb): diff --git a/zuul/web/__init__.py b/zuul/web/__init__.py index b62af00e5..dfa47e431 100755 --- a/zuul/web/__init__.py +++ b/zuul/web/__init__.py @@ -811,8 +811,6 @@ class ZuulWebAPI(object): 'buildsets': '/api/tenant/{tenant}/buildsets', 'buildset': '/api/tenant/{tenant}/buildset/{uuid}', 'config_errors': '/api/tenant/{tenant}/config-errors', - # TODO(mhu) remove after next release - 'authorizations': '/api/user/authorizations', 'tenant_authorizations': ('/api/tenant/{tenant}' '/authorizations'), 'autohold': '/api/tenant/{tenant}/project/{project:.*}/autohold', @@ -889,31 +887,6 @@ class ZuulWebAPI(object): return True return False - # TODO(mhu) deprecated, remove next version - @cherrypy.expose - @cherrypy.tools.json_out(content_type='application/json; charset=utf-8') - @cherrypy.tools.handle_options(allowed_methods=['GET', ]) - def authorizations(self): - basic_error = self._basic_auth_header_check() - if basic_error is not None: - return basic_error - # AuthN/AuthZ - claims, token_error = self._auth_token_check() - if token_error is not None: - return token_error - try: - admin_tenants = self._authorizations() - except exceptions.AuthTokenException as e: - for header, contents in e.getAdditionalHeaders().items(): - cherrypy.response.headers[header] = contents - cherrypy.response.status = e.HTTPError - return {'description': e.error_description, - 'error': e.error, - 'realm': e.realm} - resp = cherrypy.response - resp.headers['Access-Control-Allow-Origin'] = '*' - return {'zuul': {'admin': admin_tenants}, } - @cherrypy.expose @cherrypy.tools.json_out(content_type='application/json; charset=utf-8') @cherrypy.tools.handle_options(allowed_methods=['GET', ]) @@ -1922,8 +1895,6 @@ class ZuulWeb(object): if self.authenticators.authenticators: # route order is important, put project actions before the more # generic tenant/{tenant}/project/{project} route - route_map.connect('api', '/api/user/authorizations', - controller=api, action='authorizations') route_map.connect('api', '/api/tenant/{tenant}/authorizations', controller=api, action='tenant_authorizations') |