From 621e13fb514ffe2bce1a5880f4c0fedf2147921d Mon Sep 17 00:00:00 2001 From: jasquat Date: Tue, 21 Feb 2023 16:42:11 -0500 Subject: [PATCH] disable strict host checking for git commands w/ burnettk --- .../services/git_service.py | 14 ++- .../scripts/test_get_all_permissions.py | 6 +- .../unit/test_authorization_service.py | 118 +++++++++++------- 3 files changed, 86 insertions(+), 52 deletions(-) diff --git a/src/spiffworkflow_backend/services/git_service.py b/src/spiffworkflow_backend/services/git_service.py index d885e4b6..ba4755f2 100644 --- a/src/spiffworkflow_backend/services/git_service.py +++ b/src/spiffworkflow_backend/services/git_service.py @@ -155,15 +155,23 @@ class GitService: ) -> Union[subprocess.CompletedProcess[bytes], bool]: """Run_shell_command.""" git_env_options = { - "GIT_COMMITTER_NAME": current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USERNAME") or 'unknown', - "GIT_COMMITTER_EMAIL": current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL") or "unknown@example.org", + "GIT_COMMITTER_NAME": ( + current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USERNAME") + or "unknown" + ), + "GIT_COMMITTER_EMAIL": ( + current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL") + or "unknown@example.org" + ), } # SSH authentication can be also provided via gitconfig. ssh_key_path = current_app.config.get( "SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY_PATH" ) if ssh_key_path is not None: - git_env_options["GIT_SSH_COMMAND"] = "ssh -F /dev/null -i %s" % ssh_key_path + git_env_options["GIT_SSH_COMMAND"] = ( + "ssh -F /dev/null -o StrictHostKeyChecking=no -i %s" % ssh_key_path + ) # this is fine since we pass the commands directly result = subprocess.run( # noqa diff --git a/tests/spiffworkflow_backend/scripts/test_get_all_permissions.py b/tests/spiffworkflow_backend/scripts/test_get_all_permissions.py index 928299d4..9dd416fc 100644 --- a/tests/spiffworkflow_backend/scripts/test_get_all_permissions.py +++ b/tests/spiffworkflow_backend/scripts/test_get_all_permissions.py @@ -61,7 +61,11 @@ class TestGetAllPermissions(BaseTest): "uri": "/tasks", "permissions": ["create", "read", "update", "delete"], }, - {'group_identifier': 'my_test_group', 'uri': '/process-data-file-download/hey:group:*', 'permissions': ['read']} + { + "group_identifier": "my_test_group", + "uri": "/process-data-file-download/hey:group:*", + "permissions": ["read"], + }, ] permissions = GetAllPermissions().run(script_attributes_context) diff --git a/tests/spiffworkflow_backend/unit/test_authorization_service.py b/tests/spiffworkflow_backend/unit/test_authorization_service.py index ea1978ef..01b1cc3f 100644 --- a/tests/spiffworkflow_backend/unit/test_authorization_service.py +++ b/tests/spiffworkflow_backend/unit/test_authorization_service.py @@ -156,32 +156,43 @@ class TestAuthorizationService(BaseTest): with_db_and_bpmn_file_cleanup: None, ) -> None: """Test_explode_permissions_all_on_process_group.""" - expected_permissions = sorted([ - ("/logs/some-process-group:some-process-model:*", "read"), - ("/process-data/some-process-group:some-process-model:*", "read"), - ("/process-data-file-download/some-process-group:some-process-model:*", "read"), - ("/process-groups/some-process-group:some-process-model:*", "create"), - ("/process-groups/some-process-group:some-process-model:*", "delete"), - ("/process-groups/some-process-group:some-process-model:*", "read"), - ("/process-groups/some-process-group:some-process-model:*", "update"), - ( - "/process-instance-suspend/some-process-group:some-process-model:*", - "create", - ), - ( - "/process-instance-terminate/some-process-group:some-process-model:*", - "create", - ), - ("/process-instances/some-process-group:some-process-model:*", "create"), - ("/process-instances/some-process-group:some-process-model:*", "delete"), - ("/process-instances/some-process-group:some-process-model:*", "read"), - ("/process-models/some-process-group:some-process-model:*", "create"), - ("/process-models/some-process-group:some-process-model:*", "delete"), - ("/process-models/some-process-group:some-process-model:*", "read"), - ("/process-models/some-process-group:some-process-model:*", "update"), - ("/task-data/some-process-group:some-process-model:*", "read"), - ("/task-data/some-process-group:some-process-model:*", "update"), - ]) + expected_permissions = sorted( + [ + ("/logs/some-process-group:some-process-model:*", "read"), + ("/process-data/some-process-group:some-process-model:*", "read"), + ( + "/process-data-file-download/some-process-group:some-process-model:*", + "read", + ), + ("/process-groups/some-process-group:some-process-model:*", "create"), + ("/process-groups/some-process-group:some-process-model:*", "delete"), + ("/process-groups/some-process-group:some-process-model:*", "read"), + ("/process-groups/some-process-group:some-process-model:*", "update"), + ( + "/process-instance-suspend/some-process-group:some-process-model:*", + "create", + ), + ( + "/process-instance-terminate/some-process-group:some-process-model:*", + "create", + ), + ( + "/process-instances/some-process-group:some-process-model:*", + "create", + ), + ( + "/process-instances/some-process-group:some-process-model:*", + "delete", + ), + ("/process-instances/some-process-group:some-process-model:*", "read"), + ("/process-models/some-process-group:some-process-model:*", "create"), + ("/process-models/some-process-group:some-process-model:*", "delete"), + ("/process-models/some-process-group:some-process-model:*", "read"), + ("/process-models/some-process-group:some-process-model:*", "update"), + ("/task-data/some-process-group:some-process-model:*", "read"), + ("/task-data/some-process-group:some-process-model:*", "update"), + ] + ) permissions_to_assign = AuthorizationService.explode_permissions( "all", "PG:/some-process-group/some-process-model" ) @@ -227,28 +238,39 @@ class TestAuthorizationService(BaseTest): with_db_and_bpmn_file_cleanup: None, ) -> None: """Test_explode_permissions_all_on_process_model.""" - expected_permissions = sorted([ - ("/logs/some-process-group:some-process-model/*", "read"), - ("/process-data-file-download/some-process-group:some-process-model/*", "read"), - ("/process-data/some-process-group:some-process-model/*", "read"), - ( - "/process-instance-suspend/some-process-group:some-process-model/*", - "create", - ), - ( - "/process-instance-terminate/some-process-group:some-process-model/*", - "create", - ), - ("/process-instances/some-process-group:some-process-model/*", "create"), - ("/process-instances/some-process-group:some-process-model/*", "delete"), - ("/process-instances/some-process-group:some-process-model/*", "read"), - ("/process-models/some-process-group:some-process-model/*", "create"), - ("/process-models/some-process-group:some-process-model/*", "delete"), - ("/process-models/some-process-group:some-process-model/*", "read"), - ("/process-models/some-process-group:some-process-model/*", "update"), - ("/task-data/some-process-group:some-process-model/*", "read"), - ("/task-data/some-process-group:some-process-model/*", "update"), - ]) + expected_permissions = sorted( + [ + ("/logs/some-process-group:some-process-model/*", "read"), + ( + "/process-data-file-download/some-process-group:some-process-model/*", + "read", + ), + ("/process-data/some-process-group:some-process-model/*", "read"), + ( + "/process-instance-suspend/some-process-group:some-process-model/*", + "create", + ), + ( + "/process-instance-terminate/some-process-group:some-process-model/*", + "create", + ), + ( + "/process-instances/some-process-group:some-process-model/*", + "create", + ), + ( + "/process-instances/some-process-group:some-process-model/*", + "delete", + ), + ("/process-instances/some-process-group:some-process-model/*", "read"), + ("/process-models/some-process-group:some-process-model/*", "create"), + ("/process-models/some-process-group:some-process-model/*", "delete"), + ("/process-models/some-process-group:some-process-model/*", "read"), + ("/process-models/some-process-group:some-process-model/*", "update"), + ("/task-data/some-process-group:some-process-model/*", "read"), + ("/task-data/some-process-group:some-process-model/*", "update"), + ] + ) permissions_to_assign = AuthorizationService.explode_permissions( "all", "PM:/some-process-group/some-process-model" )