Make our use of proxyuser configurable.

config.py

@@ -17,6 +17,7 @@ class BaseConfiguration(object):
     KOJI_CONFIG = '/etc/module_build_service/koji.conf'
     KOJI_PROFILE = 'koji'
     KOJI_ARCHES = ['i686', 'armv7hl', 'x86_64']
+    KOJI_PROXYUSER = True
     COPR_CONFIG = '/etc/rida/copr.conf'
     PDC_URL = 'http://modularity.fedorainfracloud.org:8080/rest_api/v1'
     PDC_INSECURE = True
@@ -70,6 +71,10 @@ class DevConfiguration(BaseConfiguration):
     LOG_BACKEND = 'console'
     LOG_LEVEL = 'debug'
     HOST = '0.0.0.0'
+
+    # This requires that your principal be listed server side in ProxyPrincipals.
+    KOJI_PROXYUSER = False
+
     REQUIRE_PACKAGER = False
     # You only need these FAS options if you turn on authorization
     # with REQUIRE_PACKAGER=True

module_build_service/builder.py

@@ -411,6 +411,12 @@ chmod 644 %buildroot/%_rpmconfigdir/macros.d/macros.modules
             user_config=config.koji_config,
         ))
 
+        # In "production" scenarios, our service principal may be blessed to
+        # allow us to authenticate as the owner of this request.  But, in local
+        # development that is unreasonable so just submit the job as the
+        # module_build_service developer.
+        proxyuser = owner if config.koji_proxyuser else None
+
         address = koji_config.server
         log.info("Connecting to koji %r" % address)
         koji_session = koji.ClientSession(address, opts=koji_config)
@@ -425,12 +431,7 @@ chmod 644 %buildroot/%_rpmconfigdir/macros.d/macros.modules
                     principal=principal,
                     keytab=keytab,
                     ccache=ccache,
-                    # Unfortunately, the proxyuser method requires that we add all
-                    # of the modularity developers to the ProxyDNs entry in the
-                    # staging koji-hub config, and that's just not going to happen.
-                    # We get to re-work this in this ticket anyways,
-                    # https://pagure.io/fm-orchestrator/issue/112
-                    #proxyuser=owner,
+                    proxyuser=owner,
                 )
             else:
                 koji_session.krb_login(ccache=ccache)
@@ -439,12 +440,7 @@ chmod 644 %buildroot/%_rpmconfigdir/macros.d/macros.modules
                 os.path.expanduser(koji_config.cert),
                 None,
                 os.path.expanduser(koji_config.serverca),
-                # Unfortunately, the proxyuser method requires that we add all
-                # of the modularity developers to the ProxyDNs entry in the
-                # staging koji-hub config, and that's just not going to happen.
-                # We get to re-work this in this ticket anyways,
-                # https://pagure.io/fm-orchestrator/issue/112
-                #proxyuser=owner,
+                proxyuser=owner,
             )
         else:
             raise ValueError("Unrecognized koji authtype %r" % authtype)

module_build_service/config.py

@@ -54,6 +54,7 @@ class Config(object):
         self._koji_config = None
         self._koji_profile = None
         self._koji_arches = None
+        self._koji_proxyuser = None
         self._koji_build_priority = 10
         self._koji_repository_url = None
         self._rpms_default_repository = ""
@@ -229,6 +230,15 @@ class Config(object):
     def koji_arches(self, s):
         self._koji_arches = list(s)
 
+    @property
+    def koji_proxyuser(self):
+        """Koji proxyuser flag."""
+        return self._koji_proxyuser
+
+    @koji_proxyuser.setter
+    def koji_proxyuser(self, s):
+        self._koji_proxyuser = bool(s)
+
     @property
     def koji_repository_url(self):
         return self._koji_repository_url