Setting up different auth Metadata providers for test/development/production

5 views
Skip to first unread message

Luke Tunmer

unread,
Apr 13, 2016, 11:00:41 AM4/13/16
to turbo...@googlegroups.com

I've been trying to work out the best way of making the auth metadata providers be configurable in my app. (Turbogears 2.3.7, Windows, Python 2.7.11)

I have a metadata provider which has the same methods that the ApplicationAuthMetadata class in the file app_cfg.py file has, but they go off and do LDAP stuff in the authenticate, get_user, get_groups, and get_permission methods.

And that all works fine.

However, the existing nosetests fail because they are assuming the manager and editor users that a quick-started app sets up. It's quite useful to maintain this, so I can have a small, repeatable world for these tests.

Is there a way to define the two metadata providers (the regular ApplicationMetadata instance, and my LDAP one) in my app_cfg.py and then select which one of these should be used in the test.ini or development.ini files?

Regards,

Luke

 

Alessandro Molina

unread,
Apr 13, 2016, 12:10:27 PM4/13/16
to TurboGears
I suppose you should be able to do that on after_init_config changing conf accordingly at least on 2.3.8 but I actually didn't try it

--
You received this message because you are subscribed to the Google Groups "TurboGears" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turbogears+...@googlegroups.com.
To post to this group, send email to turbo...@googlegroups.com.
Visit this group at https://groups.google.com/group/turbogears.
For more options, visit https://groups.google.com/d/optout.

Luke Tunmer

unread,
Apr 13, 2016, 5:39:51 PM4/13/16
to turbo...@googlegroups.com
Hi Alessandro,

Thanks for that tip. Yep, I can get it to work by adding this class to my app_cfg.py:

class MyAppConfig(AppConfig):
    def after_init_config(self, conf):
        if self.sa_auth.authmetadata is None:
            provider_name = conf.get('auth_metadata_provider', 'sql')
            for name, provider in self.sa_auth.metadata_providers:
                if name == provider_name:
                    self.sa_auth.authmetadata = provider
            if self.sa_auth.authmetadata is None:
                raise KeyError('Auth metadata provider %s not found' % name)
            del self.sa_auth.metadata_providers

base_config = MyAppConfig()

and then later in that file:

base_config.sa_auth.metadata_providers = [
    ('ldap', _ldap_auth_provider),
    ('sql_auth', ApplicationAuthMetadata(base_config.sa_auth)),
]

where the _ldap_auth_provider is my LDAP metadata provider.

Then in the .ini files I can set:

auth_metadata_provider = ldap

or

auth_metadata_provider = sql

to change the source of authorization and authentication.

Thanks again for your suggestion.

Regards,
Luke


From: turbo...@googlegroups.com [mailto:turbo...@googlegroups.com] On Behalf Of Alessandro Molina

Sent: 13 April 2016 17:10
To: TurboGears
Subject: Re: [TurboGears] Setting up different auth Metadata providers for test/development/production

Alessandro Molina

unread,
Apr 14, 2016, 6:11:30 AM4/14/16
to TurboGears
Just note that you should be changing `conf['sa_auth']['auth_metadata_provider']` instead of `self.sa_auth.authmetadata`.
The one actually used is `conf`, self is just a template from which `conf` is created, but as `after_init_config` runs when conf was already created changing `self` usually won't lead to changes in the behaviour.

In this case it works as conf is a mutable container so mutating it in self also mutates it in conf, but it's a lucky case :D
Reply all
Reply to author
Forward
0 new messages