This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-release.git
The following commit(s) were added to refs/heads/main by this push:
new a0b55e4 Move GitHub numeric ID resolution to the LDAP module
a0b55e4 is described below
commit a0b55e4262bbea12d81d772c8b17f7805c081c5e
Author: Sean B. Palmer <[email protected]>
AuthorDate: Thu Sep 4 15:01:19 2025 +0100
Move GitHub numeric ID resolution to the LDAP module
---
atr/blueprints/api/api.py | 14 ++------------
atr/ldap.py | 22 ++++++++++++++++++++++
2 files changed, 24 insertions(+), 12 deletions(-)
diff --git a/atr/blueprints/api/api.py b/atr/blueprints/api/api.py
index e92c7de..48dde03 100644
--- a/atr/blueprints/api/api.py
+++ b/atr/blueprints/api/api.py
@@ -18,8 +18,6 @@
import base64
import hashlib
-import json
-import os.path
import pathlib
import time
from typing import Any
@@ -39,6 +37,7 @@ import atr.config as config
import atr.db as db
import atr.db.interaction as interaction
import atr.jwtoken as jwtoken
+import atr.ldap as ldap
import atr.log as log
import atr.models as models
import atr.models.sql as sql
@@ -366,16 +365,7 @@ async def jwt_github(data: models.api.JwtGithubArgs) ->
DictResponse:
# TODO: This is a placeholder for the actual implementation
payload = await jwtoken.verify_github_oidc(data.jwt)
-
- # We need to lookup the ASF UID from the GitHub NID
- conf = config.get()
- github_nid_to_asf_uid_strpath = os.path.join(conf.STATE_DIR,
"github-nid-to-asf-uid.json")
- async with aiofiles.open(github_nid_to_asf_uid_strpath) as f:
- github_nid_to_asf_uid = json.loads(await f.read())
- if payload["actor_id"] not in github_nid_to_asf_uid:
- raise exceptions.BadRequest(f"GitHub NID {payload['actor_id']} not
registered with the ATR")
- asf_uid = github_nid_to_asf_uid[str(payload["actor_id"])]
- log.info(f"ASF UID: {asf_uid}")
+ asf_uid = await ldap.github_to_apache(payload["actor_id"])
# Debugging
log.info(f"GitHub OIDC JWT payload: {payload}")
diff --git a/atr/ldap.py b/atr/ldap.py
index b3661d6..e1e0668 100644
--- a/atr/ldap.py
+++ b/atr/ldap.py
@@ -17,8 +17,11 @@
import collections
import dataclasses
+import json
+import os.path
from typing import Any, Final, Literal
+import aiofiles
import ldap3
import ldap3.utils.conv as conv
import ldap3.utils.dn as dn
@@ -73,6 +76,10 @@ class Search:
return results
+class LookupError(Exception):
+ pass
+
+
# We use a dataclass to support ldap3.Connection objects
@dataclasses.dataclass
class SearchParameters:
@@ -89,6 +96,21 @@ class SearchParameters:
email_only: bool = False
+async def github_to_apache(github_numeric_uid: int) -> str:
+ import atr.config as config
+
+ # We need to lookup the ASF UID from the GitHub NID
+ conf = config.get()
+ # TODO: Get this information from backfilled LDAP instead
+ github_nid_to_asf_uid_strpath = os.path.join(conf.STATE_DIR,
"github-nid-to-asf-uid.json")
+ async with aiofiles.open(github_nid_to_asf_uid_strpath) as f:
+ github_nid_to_asf_uid = json.loads(await f.read())
+ if github_numeric_uid not in github_nid_to_asf_uid:
+ raise LookupError(f"GitHub NID {github_numeric_uid} not registered
with the ATR")
+ asf_uid = github_nid_to_asf_uid[str(github_numeric_uid)]
+ return asf_uid
+
+
def parse_dn(dn_string: str) -> dict[str, list[str]]:
parsed = collections.defaultdict(list)
parts = dn.parse_dn(dn_string)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
