Skip to content

Commit ee2fe41

Browse files
mikethemanmiketheman
authored
feat: Store issuer_url with (Pending)GitLabPublishers (#18814)
1 parent b4395e1 commit ee2fe41

File tree

10 files changed

+155
-74
lines changed

10 files changed

+155
-74
lines changed

tests/common/db/oidc.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,7 @@ class Meta:
5555
namespace = factory.Faker("pystr", max_chars=12)
5656
workflow_filepath = "subfolder/example.yml"
5757
environment = "production"
58+
issuer_url = "https://gitlab.com"
5859

5960

6061
class PendingGitLabPublisherFactory(WarehouseFactory):
@@ -67,6 +68,7 @@ class Meta:
6768
namespace = factory.Faker("pystr", max_chars=12)
6869
workflow_filepath = "subfolder/example.yml"
6970
environment = "production"
71+
issuer_url = "https://gitlab.com"
7072
added_by = factory.SubFactory(UserFactory)
7173

7274

tests/unit/accounts/test_views.py

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4093,6 +4093,7 @@ def test_add_pending_oidc_publisher_user_cannot_register(
40934093
namespace="some-namespace",
40944094
workflow_filepath="some-filepath",
40954095
environment="",
4096+
issuer_url="https://gitlab.com",
40964097
added_by_id=user_id,
40974098
),
40984099
PendingGitLabPublisher,
@@ -4398,6 +4399,7 @@ def test_add_pending_oidc_publisher_invalid_form(
43984399
project="some-repository",
43994400
workflow_filepath="subfolder/some-workflow-filename.yml",
44004401
environment="some-environment",
4402+
issuer_url="https://gitlab.com",
44014403
added_by_id=user_id,
44024404
),
44034405
MultiDict(
@@ -4878,6 +4880,7 @@ def test_delete_pending_oidc_publisher_invalid_form(
48784880
project="some-repository",
48794881
workflow_filepath="subfolder/some-filename",
48804882
environment="",
4883+
issuer_url="https://gitlab.com",
48814884
added_by_id=user_id,
48824885
),
48834886
PendingGitLabPublisher,
@@ -4960,6 +4963,7 @@ def test_delete_pending_oidc_publisher_not_found(
49604963
project="some-repository",
49614964
workflow_filepath="subfolder/some-filename",
49624965
environment="",
4966+
issuer_url="https://gitlab.com",
49634967
added_by_id=user_id,
49644968
),
49654969
PendingGitLabPublisher,
@@ -5036,6 +5040,7 @@ def test_delete_pending_oidc_publisher_no_access(
50365040
project="some-owner",
50375041
workflow_filepath="subfolder/some-filename",
50385042
environment="",
5043+
issuer_url="https://gitlab.com",
50395044
added_by_id=user_id,
50405045
),
50415046
PendingGitLabPublisher,

tests/unit/manage/views/test_oidc_publishers.py

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -456,6 +456,7 @@ def test_manage_project_oidc_publishers_prefill_unknown_provider(self, monkeypat
456456
project="some-project",
457457
workflow_filepath="some-workflow-filename.yml",
458458
environment="",
459+
issuer_url="https://gitlab.com",
459460
),
460461
"fakeenv",
461462
),
@@ -948,6 +949,7 @@ def test_constrain_publisher_with_nonempty_environment(
948949
"namespace": "some-namespace",
949950
"project": "some-project",
950951
"workflow_filepath": "some-workflow-filename.yml",
952+
"issuer_url": "https://gitlab.com",
951953
},
952954
),
953955
],
@@ -1375,6 +1377,7 @@ def test_add_oidc_publisher_created(
13751377
namespace="some-owner",
13761378
workflow_filepath="subfolder/some-workflow-filename.yml",
13771379
environment="some-environment",
1380+
issuer_url="https://gitlab.com",
13781381
),
13791382
MultiDict(
13801383
{
@@ -1753,6 +1756,7 @@ def test_add_oidc_publisher_invalid_form(
17531756
namespace="some-owner",
17541757
workflow_filepath="subfolder/some-workflow-filename.yml",
17551758
environment="some-environment",
1759+
issuer_url="https://gitlab.com",
17561760
),
17571761
GooglePublisher(
17581762
email="[email protected]",
@@ -1867,6 +1871,7 @@ def test_delete_oidc_publisher_registered_to_multiple_projects(
18671871
namespace="some-owner",
18681872
workflow_filepath="subfolder/some-workflow-filename.yml",
18691873
environment="some-environment",
1874+
issuer_url="https://gitlab.com",
18701875
),
18711876
GooglePublisher(
18721877
email="[email protected]",

tests/unit/oidc/models/test_gitlab.py

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -255,11 +255,13 @@ def test_gitlab_publisher_admin_details_with_environment(self):
255255
namespace="fakeowner",
256256
workflow_filepath="subfolder/fakeworkflow.yml",
257257
environment="fakeenv",
258+
issuer_url="https://gitlab.com",
258259
)
259260

260261
assert publisher.admin_details == [
261262
("Project", "fakeowner/fakerepo"),
262263
("Workflow", "subfolder/fakeworkflow.yml"),
264+
("Issuer URL", "https://gitlab.com"),
263265
("Environment", "fakeenv"),
264266
]
265267

@@ -269,11 +271,13 @@ def test_gitlab_publisher_admin_details_without_environment(self):
269271
namespace="fakeowner",
270272
workflow_filepath="subfolder/fakeworkflow.yml",
271273
environment="",
274+
issuer_url="https://gitlab.com",
272275
)
273276

274277
assert publisher.admin_details == [
275278
("Project", "fakeowner/fakerepo"),
276279
("Workflow", "subfolder/fakeworkflow.yml"),
280+
("Issuer URL", "https://gitlab.com"),
277281
]
278282

279283
def test_gitlab_publisher_unaccounted_claims(self, monkeypatch):
@@ -668,6 +672,7 @@ def test_gitlab_publisher_duplicates_cant_be_created(self, db_request):
668672
namespace="repository_owner",
669673
workflow_filepath="subfolder/worflow_filename.yml",
670674
environment="",
675+
issuer_url="https://gitlab.com",
671676
)
672677

673678
db_request.db.add(publisher1)
@@ -678,6 +683,7 @@ def test_gitlab_publisher_duplicates_cant_be_created(self, db_request):
678683
namespace="repository_owner",
679684
workflow_filepath="subfolder/worflow_filename.yml",
680685
environment="",
686+
issuer_url="https://gitlab.com",
681687
)
682688
db_request.db.add(publisher2)
683689

@@ -827,6 +833,7 @@ def test_exists(self, db_request, exists_in_db):
827833
namespace="repository_owner",
828834
workflow_filepath="subfolder/worflow_filename.yml",
829835
environment="",
836+
issuer_url="https://gitlab.com",
830837
)
831838

832839
if exists_in_db:

warehouse/accounts/views.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,7 @@
7979
)
8080
from warehouse.oidc.interfaces import TooManyOIDCRegistrations
8181
from warehouse.oidc.models import (
82+
GITLAB_OIDC_ISSUER_URL,
8283
PendingActiveStatePublisher,
8384
PendingGitHubPublisher,
8485
PendingGitLabPublisher,
@@ -1901,6 +1902,7 @@ def add_pending_gitlab_oidc_publisher(self):
19011902
project=form.project.data,
19021903
workflow_filepath=form.workflow_filepath.data,
19031904
environment=form.normalized_environment,
1905+
issuer_url=GITLAB_OIDC_ISSUER_URL,
19041906
),
19051907
make_existence_filters=lambda form: dict(
19061908
project_name=form.project_name.data,

0 commit comments

Comments
 (0)