please review "[kerberos] drop kerberos support that was used only at Logilab"

Nicolas Chauvat nicolas.chauvat at logilab.fr
Thu Feb 27 20:28:22 CET 2020


Hi List,

While I was reviewing tha changes from Nicola I wrote
https://hg.logilab.org/review/cwclientlib/rev/284a4954d8fa

Could someone review it ?

-- 
Nicolas Chauvat

logilab.fr - services en informatique scientifique et gestion de connaissances  
-------------- next part --------------

# HG changeset patch
# User Nicolas Chauvat <nicolas.chauvat at logilab.fr>
# Date 1582827024 -3600
# Node ID 284a4954d8fa62b353fa5e0c02436fe0f38fe511
# Parent  54226dd385e4371d4ae2dbd6fe73a8a4f78ea7c0
[kerberos] drop kerberos support that was used only at Logilab

diff -r 54226dd385e4 -r 284a4954d8fa README.rst
--- a/README.rst	Thu Feb 27 17:54:45 2020 +0100
+++ b/README.rst	Thu Feb 27 19:10:24 2020 +0100
@@ -49,10 +49,6 @@
    token-id = my_elo_token
    secret = <my-secret>
 
-   [activites]
-   url = https://my.intranet/activites
-   auth-mech = kerberos
-
 makes it possible to write:
 
 .. code-block:: bash
@@ -100,13 +96,6 @@
 #. Give an identifier to the token and make it enabled
 #. Use the token identifier and the token in your source code
 
-Using Kerberos
---------------
-
-Just make sure `Python-Kerberos`_ and `Requests-Kerberos`_ are
-installed. The cubicweb server must, indeed, support kerberos-based
-authentication.
-
 
 Configuration
 -------------
@@ -126,11 +115,6 @@
    token-id = my token id
    secret = <my secret>
 
-   [intra]
-   url = https://my.intranet
-   auth-mech = kerberos
-   server-ca = /path/to/ca-bundle.pem
-
 
 Command line tools
 ------------------
@@ -244,27 +228,8 @@
    resp = client.rqlio(queries)
    data = resp.json()
 
-
-Using ``builders`` helpers, authenticating explicitely with the
-kerberos authentifier:
-
-.. code-block:: python
-
-   from cwclientlib import cwproxy, builders
-   from requests_kerberos import HTTPKerberosAuth, OPTIONAL
-
-   auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL)
-   client = cwproxy.CWProxy('https://www.cubicweb.org/', auth)
-   queries = [builders.create_entity('CWUser', login='Babar', upassword='secret'),
-              ('SET U in_group G WHERE U eid %(eid)s, G name "users"', {'eid': '__r0'}),
-	     ]
-   resp = client.rqlio(queries)
-   data = resp.json()
-
 .. _CubicWeb: http://www.cubicweb.org/
 .. _RQL: http://docs.cubicweb.org/annexes/rql/language
 .. _rqlcontroller: http://www.cubicweb.org/project/cubicweb-rqlcontroller/
 .. _signedrequest: http://www.cubicweb.org/project/cubicweb-signedrequest/
 .. _requests: http://docs.python-requests.org/en/latest/
-.. _`Python-Kerberos`: https://pypi.python.org/pypi/kerberos
-.. _`Requests-Kerberos`: https://github.com/requests/requests-kerberos.git
diff -r 54226dd385e4 -r 284a4954d8fa cwclientlib/__init__.py
--- a/cwclientlib/__init__.py	Thu Feb 27 17:54:45 2020 +0100
+++ b/cwclientlib/__init__.py	Thu Feb 27 19:10:24 2020 +0100
@@ -49,22 +49,12 @@
       token-id = my token id
       secret = <my secret>
 
-      [intra]
-      url = https://my.intranet
-      auth-mech = kerberos
-      server-ca = /path/to/ca-bundle.pem
-      kerberos-mutual-auth = disabled
-
     If the file name ends with .json, it will be read by a JSON
     parser, like:
 
       {'cwo': {'url': 'https://www.cubicweb.org/',
                'token-id': 'my token id',
                'secret': '<my secret>'},
-       'intra': {'url': 'https://my.intranet',
-                 'auth-mech': 'kerberos',
-                 'kerberos-mutual-auth': 'disabled',
-                 'server-ca': '/path/to/ca-bundle.pem',},
       }
 
     If the file name ends with .yaml, it will be read by a YAML
@@ -74,18 +64,10 @@
         url: https://www.cubicweb.org/
         token-id: my token id
         secret: <my secret>
-      intra:
-        url: https://my.intranet
-        auth-mech: kerberos
-        kerberos-mutual-auth: disabled
-        server-ca: /path/to/ca-bundle.pem
 
-    Supported authentications are 'signedrequest' and 'kerberos'. The
+    Supported authentications are 'signedrequest'. The
     default authentication mechanism is 'signedrequest'
 
-    When using kerberos authentication, the 'kerberos-mutual-auth' config
-    option may be set to 'disabled', 'optional' or 'required'.
-
     """
     cfg = get_config()
     # if instance is not the id of a cw endpoint, loop in config
@@ -112,17 +94,6 @@
                              'option for signedrequest')
         auth = SignedRequestAuth(tokenid, secret)
 
-    elif auth_mech == 'kerberos':
-        from requests_kerberos import (HTTPKerberosAuth,
-                                       DISABLED, OPTIONAL, REQUIRED)
-        mmap = {'disabled': DISABLED,
-                'optional': OPTIONAL,
-                'required': REQUIRED}
-        mutual = mmap.get(cfg.get('kerberos-mutual-auth', 'optional'))
-        if mutual is None:
-            raise ValueError('Unknown kerberos-mutual-auth config option: '
-                             '%r' % cfg.get('kerberos-mutual-auth'))
-        auth = HTTPKerberosAuth(mutual_authentication=mutual)
     else:
         raise ValueError('Unknown authentication mechanism (auth-mech): '
                          '%r' % auth_mech)
diff -r 54226dd385e4 -r 284a4954d8fa cwclientlib/__pkginfo__.py
--- a/cwclientlib/__pkginfo__.py	Thu Feb 27 17:54:45 2020 +0100
+++ b/cwclientlib/__pkginfo__.py	Thu Feb 27 19:10:24 2020 +0100
@@ -42,8 +42,7 @@
                    ]
 
 install_requires = ['requests >= 2', 'six']
-extras_require = {'kerberos': ['requests-kerberos'],
-                  'yaml': ['PyYAML'],
+extras_require = {'yaml': ['PyYAML'],
                   }
 test_suite = 'cwclientlib.test'
 tests_require = ['cubicweb >= 3.23',
@@ -51,7 +50,7 @@
                  'cubicweb-rqlcontroller',
                  'cubicweb-file',
                  'twisted', 'pyramid', 'PyYAML',
-                 'requests', 'requests-kerberos',
+                 'requests',
                  ]
 
 classifiers = [
diff -r 54226dd385e4 -r 284a4954d8fa cwclientlib/test/test_cwproxy_for.py
--- a/cwclientlib/test/test_cwproxy_for.py	Thu Feb 27 17:54:45 2020 +0100
+++ b/cwclientlib/test/test_cwproxy_for.py	Thu Feb 27 19:10:24 2020 +0100
@@ -49,10 +49,6 @@
        {'url': 'http://www.cubicweb.org',
         'token-id': 'toto',
         },
-       'kerb ok':
-       {'url': 'http://www.cubicweb.org',
-        'auth-mech': 'kerberos',
-        },
        'auth-mech err':
        {'url': 'http://www.cubicweb.org',
         'auth-mech': 'other mech',
diff -r 54226dd385e4 -r 284a4954d8fa debian/control
--- a/debian/control	Thu Feb 27 17:54:45 2020 +0100
+++ b/debian/control	Thu Feb 27 19:10:24 2020 +0100
@@ -17,8 +17,6 @@
   python3-six,
   python-requests (>= 2),
   python3-requests (>= 2),
-  python-requests-kerberos,
-  python3-requests-kerberos,
   python-tz,
   python3-tz,
 Standards-Version: 3.9.6
@@ -52,7 +50,6 @@
   ${misc:Depends},
 Suggests:
   python3-yaml,
-  python3-requests-kerberos,
   python3-argcomplete,
 Description: Python 3 library to easily build CubicWeb clients
  .
diff -r 54226dd385e4 -r 284a4954d8fa requirements-test.txt
--- a/requirements-test.txt	Thu Feb 27 17:54:45 2020 +0100
+++ b/requirements-test.txt	Thu Feb 27 19:10:24 2020 +0100
@@ -3,7 +3,6 @@
 cubicweb-signedrequest
 cubicweb-rqlcontroller
 cubicweb-file
-requests-kerberos
 webtest
 pytz
 pytest



More information about the cubicweb-devel mailing list