700b671e02
With new S3 support, we can use JWT-only server interaction via the
removal of `role-session` and `minio-host` arguments from PIGLIT_ARGS in
YAML.
This parameter change will come in a later commit.
Solved Conflicts:
.gitlab-ci/container/build-piglit.sh
.gitlab-ci.yml
Signed-off-by: Guilherme Gallo <guilherme.gallo@collabora.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
(cherry picked from commit 70ce1dcacc)
Signed-off-by: Guilherme Gallo <guilherme.gallo@collabora.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/19928>
84 lines
3.3 KiB
Diff
84 lines
3.3 KiB
Diff
diff --git a/framework/replay/download_utils.py b/framework/replay/download_utils.py
|
|
index bc0225c6c..c9c6b5096 100644
|
|
--- a/framework/replay/download_utils.py
|
|
+++ b/framework/replay/download_utils.py
|
|
@@ -1,6 +1,6 @@
|
|
# coding=utf-8
|
|
#
|
|
-# Copyright (c) 2020 Collabora Ltd
|
|
+# Copyright © 2020, 2022 Collabora Ltd
|
|
# Copyright © 2020 Valve Corporation.
|
|
#
|
|
# Permission is hereby granted, free of charge, to any person obtaining a
|
|
@@ -33,11 +33,11 @@ from os import path
|
|
from time import time
|
|
from email.utils import formatdate
|
|
from requests.utils import requote_uri
|
|
+from urllib.parse import urlparse
|
|
|
|
from framework import core, exceptions
|
|
from framework.replay.options import OPTIONS
|
|
|
|
-
|
|
__all__ = ['ensure_file']
|
|
|
|
minio_credentials = None
|
|
@@ -87,7 +87,6 @@ def get_minio_credentials(url):
|
|
def get_authorization_headers(url, resource):
|
|
minio_key, minio_secret, minio_token = get_minio_credentials(url)
|
|
|
|
- content_type = 'application/octet-stream'
|
|
date = formatdate(timeval=None, localtime=False, usegmt=True)
|
|
to_sign = "GET\n\n\n%s\nx-amz-security-token:%s\n/%s/%s" % (date,
|
|
minio_token,
|
|
@@ -101,6 +100,16 @@ def get_authorization_headers(url, resource):
|
|
'x-amz-security-token': minio_token}
|
|
return headers
|
|
|
|
+def get_jwt_authorization_headers(url, resource):
|
|
+ date = formatdate(timeval=None, localtime=False, usegmt=True)
|
|
+ jwt = OPTIONS.download['jwt']
|
|
+ host = urlparse(url).netloc
|
|
+
|
|
+ headers = {'Host': host,
|
|
+ 'Date': date,
|
|
+ 'Authorization': 'Bearer %s' % (jwt)}
|
|
+ return headers
|
|
+
|
|
def ensure_file(file_path):
|
|
destination_file_path = path.join(OPTIONS.db_path, file_path)
|
|
if OPTIONS.download['url'] is None:
|
|
@@ -123,7 +132,9 @@ def ensure_file(file_path):
|
|
assert OPTIONS.download['minio_bucket']
|
|
assert OPTIONS.download['role_session_name']
|
|
assert OPTIONS.download['jwt']
|
|
- headers = get_authorization_headers(url, file_path)
|
|
+ headers = get_minio_authorization_headers(url, file_path)
|
|
+ elif OPTIONS.download['jwt']:
|
|
+ headers = get_jwt_authorization_headers(url, file_path)
|
|
else:
|
|
headers = None
|
|
|
|
diff --git a/unittests/framework/replay/test_download_utils.py b/unittests/framework/replay/test_download_utils.py
|
|
index 0f1102722..abd438c20 100644
|
|
--- a/unittests/framework/replay/test_download_utils.py
|
|
+++ b/unittests/framework/replay/test_download_utils.py
|
|
@@ -141,3 +141,17 @@ class TestDownloadUtils(object):
|
|
get_request = requests_mock.request_history[1]
|
|
assert(get_request.method == 'GET')
|
|
assert(requests_mock.request_history[1].headers['Authorization'].startswith('AWS Key'))
|
|
+
|
|
+ def test_jwt_authorization(self, requests_mock):
|
|
+ """download_utils.ensure_file: Check we send the authentication headers to the server"""
|
|
+ # reset minio_host from previous tests
|
|
+ OPTIONS.download['minio_host'] = ''
|
|
+ OPTIONS.download['jwt'] = 'jwt'
|
|
+
|
|
+ assert not self.trace_file.check()
|
|
+ download_utils.ensure_file(self.trace_path)
|
|
+ TestDownloadUtils.check_same_file(self.trace_file, "remote")
|
|
+
|
|
+ get_request = requests_mock.request_history[0]
|
|
+ assert(get_request.method == 'GET')
|
|
+ assert(requests_mock.request_history[0].headers['Authorization'].startswith('Bearer'))
|