diff --git a/conf/config.py b/conf/config.py index a4c691ef..c0c90571 100644 --- a/conf/config.py +++ b/conf/config.py @@ -86,6 +86,9 @@ class BaseConfiguration(object): AMQ_PRIVATE_KEY_FILE = '/etc/module_build_service/msg-m8y-client.key' AMQ_TRUSTED_CERT_FILE = '/etc/module_build_service/Root-CA.crt' + # Disable Client Authorization + NO_AUTH = False + class DevConfiguration(BaseConfiguration): DEBUG = True diff --git a/module_build_service/auth.py b/module_build_service/auth.py index 2fb2ee35..5066b760 100644 --- a/module_build_service/auth.py +++ b/module_build_service/auth.py @@ -92,6 +92,10 @@ def get_user(request): Returns the client's username and groups based on the OIDC token provided. """ + if app.config['NO_AUTH']: + log.debug("Authorization is disabled.") + return + _load_secrets() if not "oidc_token" in request.cookies: diff --git a/module_build_service/config.py b/module_build_service/config.py index 3b906618..33bd2fc2 100644 --- a/module_build_service/config.py +++ b/module_build_service/config.py @@ -280,6 +280,10 @@ class Config(object): 'type': int, 'default': 30, 'desc': 'Global network retry interval for read/write operations, in seconds.'}, + 'no_auth': { + 'type': bool, + 'default': False, + 'desc': 'Disable client authentication.'}, } def __init__(self, conf_section_obj): diff --git a/tests/test_auth.py b/tests/test_auth.py index 6869c8ce..e8652d7c 100644 --- a/tests/test_auth.py +++ b/tests/test_auth.py @@ -62,3 +62,8 @@ class TestAuthModule(unittest.TestCase): request.cookies.return_value = {"oidc_token", "1234"} result = module_build_service.auth.get_user(request) eq_(result, name) + + def test_disable_authentication(self): + with patch.dict('module_build_service.app.config', {'NO_AUTH': True}, clear=True): + request = mock.MagicMock() + eq_(module_build_service.auth.get_user(request), None)