status-im
/
spiff-arena
mirror of https://github.com/status-im/spiff-arena.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

disable strict host checking for git commands w/ burnettk

This commit is contained in:
jasquat 2023-02-21 16:42:11 -05:00
parent b8b4734aea
commit df3b713ce4
No known key found for this signature in database
3 changed files with 86 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
spiffworkflow-backend/src/spiffworkflow_backend/services/git_service.py
View File

@ -155,15 +155,23 @@ class GitService:
) -> Union[subprocess.CompletedProcess[bytes], bool]: ) -> Union[subprocess.CompletedProcess[bytes], bool]:
"""Run_shell_command.""" """Run_shell_command."""
git_env_options = { git_env_options = {
"GIT_COMMITTER_NAME": current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USERNAME") or 'unknown', "GIT_COMMITTER_NAME": (
"GIT_COMMITTER_EMAIL": current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL") or "unknown@example.org", current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USERNAME")
or "unknown"
),
"GIT_COMMITTER_EMAIL": (
current_app.config.get("SPIFFWORKFLOW_BACKEND_GIT_USER_EMAIL")
or "unknown@example.org"
),
} }
# SSH authentication can be also provided via gitconfig. # SSH authentication can be also provided via gitconfig.
ssh_key_path = current_app.config.get( ssh_key_path = current_app.config.get(
"SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY_PATH" "SPIFFWORKFLOW_BACKEND_GIT_SSH_PRIVATE_KEY_PATH"
) )
if ssh_key_path is not None: if ssh_key_path is not None:
git_env_options["GIT_SSH_COMMAND"] = "ssh -F /dev/null -i %s" % ssh_key_path git_env_options["GIT_SSH_COMMAND"] = (
"ssh -F /dev/null -o StrictHostKeyChecking=no -i %s" % ssh_key_path
)
# this is fine since we pass the commands directly # this is fine since we pass the commands directly
result = subprocess.run( # noqa result = subprocess.run( # noqa

6
spiffworkflow-backend/tests/spiffworkflow_backend/scripts/test_get_all_permissions.py
View File

@ -61,7 +61,11 @@ class TestGetAllPermissions(BaseTest):
"uri": "/tasks", "uri": "/tasks",
"permissions": ["create", "read", "update", "delete"], "permissions": ["create", "read", "update", "delete"],
}, },
{'group_identifier': 'my_test_group', 'uri': '/process-data-file-download/hey:group:*', 'permissions': ['read']} {
"group_identifier": "my_test_group",
"uri": "/process-data-file-download/hey:group:*",
"permissions": ["read"],
},
] ]
permissions = GetAllPermissions().run(script_attributes_context) permissions = GetAllPermissions().run(script_attributes_context)

118
spiffworkflow-backend/tests/spiffworkflow_backend/unit/test_authorization_service.py
View File

@ -156,32 +156,43 @@ class TestAuthorizationService(BaseTest):
with_db_and_bpmn_file_cleanup: None, with_db_and_bpmn_file_cleanup: None,
) -> None: ) -> None:
"""Test_explode_permissions_all_on_process_group.""" """Test_explode_permissions_all_on_process_group."""
expected_permissions = sorted([ expected_permissions = sorted(
("/logs/some-process-group:some-process-model:*", "read"), [
("/process-data/some-process-group:some-process-model:*", "read"), ("/logs/some-process-group:some-process-model:*", "read"),
("/process-data-file-download/some-process-group:some-process-model:*", "read"), ("/process-data/some-process-group:some-process-model:*", "read"),
("/process-groups/some-process-group:some-process-model:*", "create"), (
("/process-groups/some-process-group:some-process-model:*", "delete"), "/process-data-file-download/some-process-group:some-process-model:*",
("/process-groups/some-process-group:some-process-model:*", "read"), "read",
("/process-groups/some-process-group:some-process-model:*", "update"), ),
( ("/process-groups/some-process-group:some-process-model:*", "create"),
"/process-instance-suspend/some-process-group:some-process-model:*", ("/process-groups/some-process-group:some-process-model:*", "delete"),
"create", ("/process-groups/some-process-group:some-process-model:*", "read"),
), ("/process-groups/some-process-group:some-process-model:*", "update"),
( (
"/process-instance-terminate/some-process-group:some-process-model:*", "/process-instance-suspend/some-process-group:some-process-model:*",
"create", "create",
), ),
("/process-instances/some-process-group:some-process-model:*", "create"), (
("/process-instances/some-process-group:some-process-model:*", "delete"), "/process-instance-terminate/some-process-group:some-process-model:*",
("/process-instances/some-process-group:some-process-model:*", "read"), "create",
("/process-models/some-process-group:some-process-model:*", "create"), ),
("/process-models/some-process-group:some-process-model:*", "delete"), (
("/process-models/some-process-group:some-process-model:*", "read"), "/process-instances/some-process-group:some-process-model:*",
("/process-models/some-process-group:some-process-model:*", "update"), "create",
("/task-data/some-process-group:some-process-model:*", "read"), ),
("/task-data/some-process-group:some-process-model:*", "update"), (
]) "/process-instances/some-process-group:some-process-model:*",
"delete",
),
("/process-instances/some-process-group:some-process-model:*", "read"),
("/process-models/some-process-group:some-process-model:*", "create"),
("/process-models/some-process-group:some-process-model:*", "delete"),
("/process-models/some-process-group:some-process-model:*", "read"),
("/process-models/some-process-group:some-process-model:*", "update"),
("/task-data/some-process-group:some-process-model:*", "read"),
("/task-data/some-process-group:some-process-model:*", "update"),
]
)
permissions_to_assign = AuthorizationService.explode_permissions( permissions_to_assign = AuthorizationService.explode_permissions(
"all", "PG:/some-process-group/some-process-model" "all", "PG:/some-process-group/some-process-model"
) )
@ -227,28 +238,39 @@ class TestAuthorizationService(BaseTest):
with_db_and_bpmn_file_cleanup: None, with_db_and_bpmn_file_cleanup: None,
) -> None: ) -> None:
"""Test_explode_permissions_all_on_process_model.""" """Test_explode_permissions_all_on_process_model."""
expected_permissions = sorted([ expected_permissions = sorted(
("/logs/some-process-group:some-process-model/*", "read"), [
("/process-data-file-download/some-process-group:some-process-model/*", "read"), ("/logs/some-process-group:some-process-model/*", "read"),
("/process-data/some-process-group:some-process-model/*", "read"), (
( "/process-data-file-download/some-process-group:some-process-model/*",
"/process-instance-suspend/some-process-group:some-process-model/*", "read",
"create", ),
), ("/process-data/some-process-group:some-process-model/*", "read"),
( (
"/process-instance-terminate/some-process-group:some-process-model/*", "/process-instance-suspend/some-process-group:some-process-model/*",
"create", "create",
), ),
("/process-instances/some-process-group:some-process-model/*", "create"), (
("/process-instances/some-process-group:some-process-model/*", "delete"), "/process-instance-terminate/some-process-group:some-process-model/*",
("/process-instances/some-process-group:some-process-model/*", "read"), "create",
("/process-models/some-process-group:some-process-model/*", "create"), ),
("/process-models/some-process-group:some-process-model/*", "delete"), (
("/process-models/some-process-group:some-process-model/*", "read"), "/process-instances/some-process-group:some-process-model/*",
("/process-models/some-process-group:some-process-model/*", "update"), "create",
("/task-data/some-process-group:some-process-model/*", "read"), ),
("/task-data/some-process-group:some-process-model/*", "update"), (
]) "/process-instances/some-process-group:some-process-model/*",
"delete",
),
("/process-instances/some-process-group:some-process-model/*", "read"),
("/process-models/some-process-group:some-process-model/*", "create"),
("/process-models/some-process-group:some-process-model/*", "delete"),
("/process-models/some-process-group:some-process-model/*", "read"),
("/process-models/some-process-group:some-process-model/*", "update"),
("/task-data/some-process-group:some-process-model/*", "read"),
("/task-data/some-process-group:some-process-model/*", "update"),
]
)
permissions_to_assign = AuthorizationService.explode_permissions( permissions_to_assign = AuthorizationService.explode_permissions(
"all", "PM:/some-process-group/some-process-model" "all", "PM:/some-process-group/some-process-model"
) )