Skip to content

feat: BI-6808 add always_deny auth method #1470

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ovsds merged 1 commit into from
Jan 26, 2026
Merged

feat: BI-6808 add always_deny auth method #1470

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions lib/dl_app_api_base/dl_app_api_base/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@
HttpServerSettings,
)
from .auth import (
NoAuthChecker,
NoAuthResult,
AlwaysAllowAuthChecker,
AlwaysAllowAuthResult,
AlwaysDenyAuthChecker,
OAuthChecker,
OAuthCheckerSettings,
OAuthResult,
Expand Down Expand Up @@ -85,8 +86,9 @@
"RequestAuthCheckerProtocol",
"OAuthChecker",
"OAuthResult",
"NoAuthChecker",
"NoAuthResult",
"AlwaysAllowAuthChecker",
"AlwaysAllowAuthResult",
"AlwaysDenyAuthChecker",
"RouteMatcher",
"OAuthCheckerSettings",
]
2 changes: 1 addition & 1 deletion lib/dl_app_api_base/dl_app_api_base/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ async def _get_request_auth_checkers(
self,
) -> list[auth.RequestAuthCheckerProtocol]:
return [
auth.NoAuthChecker(
auth.AlwaysAllowAuthChecker(
route_matchers=[
auth.RouteMatcher(
path_regex=re.compile(r"^/api/v1/health/.*$"),
Expand Down
10 changes: 6 additions & 4 deletions lib/dl_app_api_base/dl_app_api_base/auth/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
from .checkers import (
AlwaysAllowAuthChecker,
AlwaysAllowAuthResult,
AlwaysDenyAuthChecker,
BaseRequestAuthChecker,
BaseRequestAuthResult,
NoAuthChecker,
NoAuthResult,
OAuthChecker,
OAuthCheckerSettings,
OAuthResult,
Expand All @@ -25,8 +26,9 @@
"BaseRequestAuthChecker",
"RequestAuthCheckerProtocol",
"BaseRequestAuthResult",
"NoAuthChecker",
"NoAuthResult",
"AlwaysAllowAuthChecker",
"AlwaysAllowAuthResult",
"AlwaysDenyAuthChecker",
"OAuthChecker",
"OAuthCheckerSettings",
"OAuthResult",
Expand Down
14 changes: 8 additions & 6 deletions lib/dl_app_api_base/dl_app_api_base/auth/checkers/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
from .always_allow import (
AlwaysAllowAuthChecker,
AlwaysAllowAuthResult,
)
from .always_deny import AlwaysDenyAuthChecker
from .base import (
BaseRequestAuthChecker,
BaseRequestAuthResult,
RequestAuthCheckerProtocol,
)
from .no_auth import (
NoAuthChecker,
NoAuthResult,
)
from .oauth import (
OAuthChecker,
OAuthCheckerSettings,
Expand All @@ -18,9 +19,10 @@
"BaseRequestAuthChecker",
"RequestAuthCheckerProtocol",
"BaseRequestAuthResult",
"NoAuthChecker",
"NoAuthResult",
"AlwaysAllowAuthChecker",
"AlwaysAllowAuthResult",
"OAuthChecker",
"OAuthCheckerSettings",
"OAuthResult",
"AlwaysDenyAuthChecker",
]
14 changes: 14 additions & 0 deletions lib/dl_app_api_base/dl_app_api_base/auth/checkers/always_allow.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
import aiohttp.web
import attr

import dl_app_api_base.auth.checkers.base as auth_checkers_base


class AlwaysAllowAuthResult(auth_checkers_base.BaseRequestAuthResult):
...


@attr.define(frozen=True, kw_only=True)
class AlwaysAllowAuthChecker(auth_checkers_base.BaseRequestAuthChecker):
async def check(self, request: aiohttp.web.Request) -> AlwaysAllowAuthResult:
return AlwaysAllowAuthResult()
13 changes: 13 additions & 0 deletions lib/dl_app_api_base/dl_app_api_base/auth/checkers/always_deny.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
from typing import NoReturn

import aiohttp.web
import attr

import dl_app_api_base.auth.checkers.base as auth_checkers_base
import dl_app_api_base.auth.exc as auth_exc


@attr.define(frozen=True, kw_only=True)
class AlwaysDenyAuthChecker(auth_checkers_base.BaseRequestAuthChecker):
async def check(self, request: aiohttp.web.Request) -> NoReturn:
raise auth_exc.AuthFailureError("Always deny auth")
14 changes: 0 additions & 14 deletions lib/dl_app_api_base/dl_app_api_base/auth/checkers/no_auth.py
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion ...ests/unit/auth/middleware/test_no_auth.py → ...unit/auth/middleware/test_always_allow.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,6 @@ async def test_default(
app_client: aiohttp.ClientSession,
) -> None:
response = await app_client.get(
"/api/v1/no_auth/ping",
"/api/v1/always_allow/ping",
)
assert response.status == http.HTTPStatus.OK
14 changes: 14 additions & 0 deletions lib/dl_app_api_base/dl_app_api_base_tests/unit/auth/middleware/test_always_deny.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
import http

import aiohttp
import pytest


@pytest.mark.asyncio
async def test_default(
app_client: aiohttp.ClientSession,
) -> None:
response = await app_client.get(
"/api/v1/always_deny/ping",
)
assert response.status == http.HTTPStatus.UNAUTHORIZED
21 changes: 17 additions & 4 deletions lib/dl_app_api_base/dl_app_api_base_tests/unit/conftest.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ async def _get_request_auth_checkers(
base_checkers = await super()._get_request_auth_checkers()

return [
dl_app_api_base.NoAuthChecker(
dl_app_api_base.AlwaysAllowAuthChecker(
route_matchers=[
dl_app_api_base.RouteMatcher(
path_regex=re.compile(r"^/api/v1/counter"),
Expand All @@ -192,10 +192,18 @@ async def _get_request_auth_checkers(
)
],
),
dl_app_api_base.NoAuthChecker(
dl_app_api_base.AlwaysAllowAuthChecker(
route_matchers=[
dl_app_api_base.RouteMatcher(
path_regex=re.compile(r"^/api/v1/no_auth/.*"),
path_regex=re.compile(r"^/api/v1/always_allow/.*"),
methods=frozenset(["GET"]),
),
],
),
dl_app_api_base.AlwaysDenyAuthChecker(
route_matchers=[
dl_app_api_base.RouteMatcher(
path_regex=re.compile(r"^/api/v1/always_deny/.*"),
methods=frozenset(["GET"]),
),
],
Expand Down Expand Up @@ -237,7 +245,12 @@ async def _get_aiohttp_app_routes(
),
dl_app_api_base.Route(
method="GET",
path="/api/v1/no_auth/ping",
path="/api/v1/always_allow/ping",
handler=PingHandler(),
),
dl_app_api_base.Route(
method="GET",
path="/api/v1/always_deny/ping",
handler=PingHandler(),
),
]
Expand Down
52 changes: 51 additions & 1 deletion lib/dl_app_api_base/dl_app_api_base_tests/unit/handlers/docs/expected_spec.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,57 @@
}
}
},
"/api/v1/no_auth/ping": {
"/api/v1/always_allow/ping": {
"get": {
"tags": [],
"summary": "",
"parameters": [],
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"properties": {
"message": {
"title": "Message",
"type": "string"
}
},
"required": [
"message"
],
"title": "ResponseSchema",
"type": "object"
}
}
}
},
"400": {
"content": {
"application/json": {
"schema": {
"properties": {
"message": {
"default": "Bad request",
"title": "Message",
"type": "string"
},
"code": {
"default": "ERR.API.BAD_REQUEST",
"title": "Code",
"type": "string"
}
},
"title": "BadRequestResponseSchema",
"type": "object"
}
}
}
}
}
}
},
"/api/v1/always_deny/ping": {
"get": {
"tags": [],
"summary": "",
Expand Down