linaro-license-protection

lp://staging/~linaro-infrastructure/linaro-license-protection/master

Created by Milo Casagrande and last modified
Get this branch:
bzr branch lp://staging/~linaro-infrastructure/linaro-license-protection/master

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Linaro Infrastructure
Project:
linaro-license-protection
Status:
Development

Import details

Import Status: Suspended

This branch is an import of the HEAD branch of the Git repository at http://git.linaro.org/git/infrastructure/linaro-license-protection.git.

Last successful import was .

Import started on juju-98ee42-prod-launchpad-codeimport-4 and finished taking 5 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-4 and finished taking 2 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-3 and finished taking 4 seconds — see the log
Import started on juju-98ee42-prod-launchpad-codeimport-2 and finished taking 10 seconds — see the log

Recent revisions

522. By Kelley Spoon <email address hidden>

group_auth_ldap.py: change default linaro group

In ldap, the 'linaro' group was deprecated and
replaced by the 'everybody-flat' group.

Since it was hardcoded here, we need to update
the group name in order to allow linaro
employees access to protected urls.

Change-Id: I6b340728ff26faa64a29fd2384d9ebe321dcff36
Signed-off-by: Kelley Spoon <email address hidden>
Reviewed-on: https://review.linaro.org/c/infrastructure/linaro-license-protection/+/44724

521. By Kelley Spoon <email address hidden>

LLP: fix templating problem for login page

Since the login page is using the view created
by django.contrib.auth, we need to ensure that
the "site_name" context variable is set.

Change-Id: I5e5160ffd54383718b9942d06871611cb038e818
Signed-off-by: Kelley Spoon <email address hidden>
Reviewed-on: https://review.linaro.org/c/infrastructure/linaro-license-protection/+/40739

520. By Kelley Spoon <email address hidden>

llp: prevent error if a request group doesn't exist

When we check for group membership in LDAP, we should
log the fact it doesn't exist, but proceed on without
an missing key error.

Change-Id: I2bbee729f8cf144624c8c01af7b76f49f2b8be35
Signed-off-by: Kelley Spoon <email address hidden>
Reviewed-on: https://review.linaro.org/c/infrastructure/linaro-license-protection/+/40740

519. By Kelley Spoon <email address hidden>

llp: install build reqs for python-ldap

We're using python-ldap=3.3.1 now, which must
be build from source since the latest supported
version is 2.2.4.

Let's apt-get the build requirements in the
unit-test.sh script so Jenkins can be useful
instead of always erroring on the ldap build failure.

Change-Id: I582d2d1480e185b705153f50367ea51e4b61d953
Signed-off-by: Kelley Spoon <email address hidden>
Reviewed-on: https://review.linaro.org/c/infrastructure/linaro-license-protection/+/40741

518. By Marcin Juszkiewicz

template: use CSS for table cells

<td valign="top"> is obsolete. Same with <td align="center">

Change-Id: I35c0f57585a5550e40b1c4ae52e0fc561a2bc9b5
Reviewed-on: https://review.linaro.org/c/infrastructure/linaro-license-protection/+/40533
Reviewed-by: Benjamin Copeland <email address hidden>

517. By Marcin Juszkiewicz

template: generate more valid HTML

- DOCTYPE is mandatory for HTML 5
- type/language parameters for <script> <style> are obsolete

Change-Id: I7a01b650eb723b3fb5437826decdbf5cf2ac55b4
Reviewed-on: https://review.linaro.org/c/infrastructure/linaro-license-protection/+/40534
Reviewed-by: Benjamin Copeland <email address hidden>

516. By Kelley Spoon <email address hidden>

group_auth_ldap: fix an error with user group authorization

There is a bug in the ldap group authorization code
where we use the full django username for authentication
(which is the full email), but only the UID (first.lastname)
is stored in the group membership table.

We should also take this time to just try to look up
the UID in the groups table instead of trying to build
a list of group memberships for the user and compare
that to the required groups.

Change-Id: I41209fb8745a6225f3e7344910dc89c19d336a76
Signed-off-by: Kelley Spoon <email address hidden>
Reviewed-on: https://review.linaro.org/c/infrastructure/linaro-license-protection/+/40448

515. By Kelley Spoon <email address hidden>

settings_production: add in LDAP settings

This change adds in the requires AUTH_LDAP settings to
allow llp to use auth_ldap_backend. The LDAP bind password
is set in the host's secrets.

Change-Id: Ifcf8ef6d79ae8ba7d5e904a696b60a8bb9dd9eae
Signed-off-by: Kelley Spoon <email address hidden>
Reviewed-on: https://review.linaro.org/c/infrastructure/linaro-license-protection/+/40443

514. By Kelley Spoon <email address hidden>

llp: remove crowd and openid support in favor of ldap auth

In order to remove the final piece of Crowd usage in our
infrastructure, let's migrate LLP to using ldap for both
authentication and group look ups.

We also need to update the views, urls, and tests to
no longer rely upon crowd/openid and instead mock up
the LDAP lookups.

Change-Id: I254d7bbffff97ffa8ebe5f5be72e763e77a6c45d
Signed-off-by: Kelley Spoon <email address hidden>
Reviewed-on: https://review.linaro.org/c/infrastructure/linaro-license-protection/+/40275

513. By Kelley Spoon <email address hidden>

llp: add s3 lambda to tag files for expiry

This change adds in a lambda function and the
terraform to upload and enable it that will check
if an uploaded (created) file is in a protected
path. If not, the S3 object will be tagged for
eventual deletion via a lifecycle rule when it's
lifespan expires.

Signed-off-by: Kelley Spoon <email address hidden>
Change-Id: I34ade1f38311a269c479d6373495a789de96ab15
Reviewed-on: https://review.linaro.org/c/infrastructure/linaro-license-protection/+/40186

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.