Support metadata reload (plus minor fixes) #809
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Align the docstrings with what the functions actually implement.
MetadataStore.dumps(format="md") was failing with
TypeError: Object of type dict_items is not JSON serializable
... because self.items() returns dictitems() - while only a dict would be serializable into JSON.
Convert the dictitems back into a dict.
The exception handler in InMemoryMetaData.parse was failing for subclasses
other then `MetaDataFile` with:
AttributeError: 'MetaDataExtern' object has no attribute 'filename'
- because `self.filename` is only defined for MetaDataFile but not MetaDataExtern
The handler was essentially expecting it would only be invoked for MetaDataFile
and not other subclasses of InMemoryMetaData.
Provide useful descriptive messages for MetaDataFile and MetaDataExtern
subclassses - and fall back to a generic (but safe) message otherwise.
In certain circumstances, such as an Saml2IdP receiving a request from an SP where the SP metadata has a RequestedAttribute with specific values, `_filter_values` may be called with vals=None when processing the AuthnRequest. Safeguard against this by returning early, returning the None value unfiltered. (It will get later replaced with an [] in `_apply_attr_value_restrictions`).
Support reloading metadata by adding a reload_metadata method to saml2.Entity. This method gets the metadata configuration in the same format as the 'metadata' entry in the configuration passed to saml2.Config. To keep metadata refreshed, this method needs to be periodically explicitly called. For a metadata refresh with the same configuration, the calling application should keep a copy of the original configuration to pass to this method. Resolves IdentityPython#808
vladimir-mencl-eresearch
added a commit
to REANNZ/SATOSA
that referenced
this pull request
Jun 11, 2021
Using the reload_metadata method added into pysaml2 in IdentityPython/pysaml2#809, support reloading metadata when triggered via an externally exposed URL (as `/<module_name>/reload-metadata`) This is off by default (URL not exposed) and needs to be explicitly enabled by setting the newly introduced config option `enable_metadata_reload` for the SAML modules to `true` (or `yes`). The loaded config is already preserved in the modules, so can be easily used to provide a reference copy of the metadata configuration to the `reload_metadata` method. This is implemented separately for the SAML2 Backend and SAML2 Frontend (applying to all three SAML2 Frontend classes). This will complete the missing functionality identified in IdentityPython/pysaml2#808
This was referenced Jun 11, 2021
Co-authored-by: Ivan Kanakarakis <[email protected]>
Co-authored-by: Ivan Kanakarakis <[email protected]>
…erating over all types As per review suggestion in IdentityPython#809
|
Hi @c00kiemon5ter , Thanks for the review - all changes incorporated. Please let me know if there's anything else that needs addressing before this can be merged. Cheers, |
c00kiemon5ter
pushed a commit
to IdentityPython/SATOSA
that referenced
this pull request
Jul 26, 2021
Using the reload_metadata method added into pysaml2 in IdentityPython/pysaml2#809, support reloading metadata when triggered via an externally exposed URL (as `/<module_name>/reload-metadata`) This is off by default (URL not exposed) and needs to be explicitly enabled by setting the newly introduced config option `enable_metadata_reload` for the SAML modules to `true` (or `yes`). The loaded config is already preserved in the modules, so can be easily used to provide a reference copy of the metadata configuration to the `reload_metadata` method. This is implemented separately for the SAML2 Backend and SAML2 Frontend (applying to all three SAML2 Frontend classes). This will complete the missing functionality identified in IdentityPython/pysaml2#808
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
All Submissions:
Hi,
As discussed in #808 , this adds support for metadata refresh by adding a
metadata_reloadmethod intosaml2.Entity.This method is to be externally invoked, and to receive the same metadata configuration as what was passed under the
metadatakey tosaml2.Config. The method loads a new metadata configuration and swaps it in (replacing the references across several objects that hold a metadata reference).There will be an accompanying Pull Request for SATOSA using this functionality.
Cheers,
Vlad
PS: This PR also includes a few minor fixes done along the way...