diff --git a/conf/config.py b/conf/config.py index 89f7d262..e5212c57 100644 --- a/conf/config.py +++ b/conf/config.py @@ -29,7 +29,6 @@ class BaseConfiguration(object): KOJI_CONFIG = '/etc/module-build-service/koji.conf' KOJI_PROFILE = 'koji' KOJI_ARCHES = ['i686', 'armv7hl', 'x86_64'] - KOJI_PROXYUSER = True KOJI_REPOSITORY_URL = 'https://kojipkgs.fedoraproject.org/repos' KOJI_TAG_PREFIXES = ['module'] KOJI_ENABLE_CONTENT_GENERATOR = True diff --git a/module_build_service/builder/KojiModuleBuilder.py b/module_build_service/builder/KojiModuleBuilder.py index ab1ef12b..5ef3a26d 100644 --- a/module_build_service/builder/KojiModuleBuilder.py +++ b/module_build_service/builder/KojiModuleBuilder.py @@ -353,16 +353,9 @@ chmod 644 %buildroot/%_sysconfdir/rpm/macros.zz-modules # Timeout after 10 minutes. The default is 12 hours. koji_config["timeout"] = 60 * 10 - # In "production" scenarios, our service principal may be blessed to - # allow us to authenticate as the owner of this request. But, in local - # development that is unreasonable so just submit the job as the - # module_build_service developer. - proxyuser = owner if config.koji_proxyuser else None - address = koji_config.server authtype = koji_config.authtype - log.info("Connecting to koji %r with %r. (proxyuser %r)" % ( - address, authtype, proxyuser)) + log.info("Connecting to koji %r with %r." % (address, authtype)) koji_session = koji.ClientSession(address, opts=koji_config) if authtype == "kerberos": ccache = getattr(config, "krb_ccache", None) @@ -374,8 +367,7 @@ chmod 644 %buildroot/%_sysconfdir/rpm/macros.zz-modules koji_session.krb_login( principal=principal, keytab=keytab, - ccache=ccache, - proxyuser=proxyuser, + ccache=ccache ) else: koji_session.krb_login(ccache=ccache) @@ -383,8 +375,7 @@ chmod 644 %buildroot/%_sysconfdir/rpm/macros.zz-modules koji_session.ssl_login( os.path.expanduser(koji_config.cert), None, - os.path.expanduser(koji_config.serverca), - proxyuser=proxyuser, + os.path.expanduser(koji_config.serverca) ) else: raise ValueError("Unrecognized koji authtype %r" % authtype) diff --git a/module_build_service/builder/base.py b/module_build_service/builder/base.py index 68a68a52..8aef9445 100644 --- a/module_build_service/builder/base.py +++ b/module_build_service/builder/base.py @@ -132,7 +132,7 @@ class GenericBuilder(six.with_metaclass(ABCMeta)): raise ValueError("Builder backend='%s' not recognized" % backend) @classmethod - def create_from_module(cls, session, module, config, proxy_user=True, buildroot_connect=True): + def create_from_module(cls, session, module, config, buildroot_connect=True): """ Creates new GenericBuilder instance based on the data from module and config and connects it to buildroot. @@ -140,18 +140,13 @@ class GenericBuilder(six.with_metaclass(ABCMeta)): :param session: SQLAlchemy databa session. :param module: module_build_service.models.ModuleBuild instance. :param config: module_build_service.config.Config instance. - :kwarg proxy_user: a boolean that determines if the builder should use the module owner as - a proxy user. :kwarg buildroot_connect: a boolean that determines if the builder should run buildroot_connect on instantiation. - owner as a proxy user. """ - owner = None - if proxy_user is True: - owner = module.owner components = [c.package for c in module.component_builds] builder = GenericBuilder.create( - owner, module, config.system, config, tag_name=module.koji_tag, components=components) + module.owner, module, config.system, config, tag_name=module.koji_tag, + components=components) groups = GenericBuilder.default_buildroot_groups(session, module) if buildroot_connect is True: builder.buildroot_connect(groups) diff --git a/module_build_service/config.py b/module_build_service/config.py index d21ace63..81aa06d9 100644 --- a/module_build_service/config.py +++ b/module_build_service/config.py @@ -180,10 +180,6 @@ class Config(object): 'type': list, 'default': [], 'desc': 'Koji architectures.'}, - 'koji_proxyuser': { - 'type': bool, - 'default': None, - 'desc': 'Koji proxyuser flag.'}, 'koji_build_priority': { 'type': int, 'default': 10, diff --git a/module_build_service/scheduler/producer.py b/module_build_service/scheduler/producer.py index 28b33e12..43a01791 100644 --- a/module_build_service/scheduler/producer.py +++ b/module_build_service/scheduler/producer.py @@ -160,10 +160,9 @@ class MBSProducer(PollingProducer): if c.state == koji.BUILD_STATES['COMPLETE']] # If there are no completed artifacts, then there is nothing to tag if artifacts: - # Set proxy_user=False to not authenticate as the module owner for these tasks # Set buildroot_connect=False so it doesn't recreate the Koji target and etc. builder = GenericBuilder.create_from_module( - session, module, conf, proxy_user=False, buildroot_connect=False) + session, module, conf, buildroot_connect=False) builder.untag_artifacts([c.nvr for c in artifacts]) # Mark the artifacts as untagged in the database for c in artifacts: diff --git a/tests/test_builder/test_koji.py b/tests/test_builder/test_koji.py index 159e4795..1b2a60a7 100644 --- a/tests/test_builder/test_koji.py +++ b/tests/test_builder/test_koji.py @@ -359,24 +359,3 @@ class TestKojiBuilder(unittest.TestCase): def test_get_build_weights_getLoggedInUser_failed(self, get_session): weights = KojiModuleBuilder.get_build_weights(["httpd", "apr"]) self.assertEqual(weights, {"httpd": 1.5, "apr": 1.5}) - - -class TestGetKojiClientSession(unittest.TestCase): - - def setUp(self): - init_data() - self.config = mock.Mock() - self.config.koji_profile = conf.koji_profile - self.config.koji_config = conf.koji_config - self.module = module_build_service.models.ModuleBuild.query.filter_by(id=1).one() - self.tag_name = 'module-fool-1.2' - - @patch.object(koji.ClientSession, 'krb_login') - def test_proxyuser(self, mocked_krb_login): - KojiModuleBuilder(owner=self.module.owner, - module=self.module, - config=self.config, - tag_name=self.tag_name, - components=[]) - args, kwargs = mocked_krb_login.call_args - self.assertTrue(set([('proxyuser', self.module.owner)]).issubset(set(kwargs.items())))