Remove unused db field for ActiveState Trusted Publisher

ActiveState · Mar 13, 2024 · e4fde16 · e4fde16
1 parent dc1d954
commit e4fde16
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 19 deletions.
diff --git a/tests/common/db/oidc.py b/tests/common/db/oidc.py
@@ -106,7 +106,6 @@ class Meta:
     activestate_project_name = factory.Faker("pystr", max_chars=12)
     actor = factory.Faker("pystr", max_chars=12)
     actor_id = factory.Faker("uuid4")
-    ingredient = factory.Faker("pystr", max_chars=12)
 
 
 class PendingActiveStatePublisherFactory(WarehouseFactory):
@@ -120,4 +119,3 @@ class Meta:
     actor = factory.Faker("pystr", max_chars=12)
     actor_id = factory.Faker("uuid4")
     added_by = factory.SubFactory(UserFactory)
-    ingredient = factory.Faker("pystr", max_chars=12)
diff --git a/tests/unit/oidc/models/test_activestate.py b/tests/unit/oidc/models/test_activestate.py
@@ -144,7 +144,6 @@ def test_activestate_publisher_unaccounted_claims(self, monkeypatch):
             organization=ORG_URL_NAME,
             activestate_project_name=PROJECT_NAME,
             actor_id=ACTOR_ID,
-            ingredient=INGREDIENT,
         )
 
         scope = pretend.stub()
@@ -180,7 +179,6 @@ def test_activestate_publisher_unaccounted_claims(self, monkeypatch):
             ("actor_id", False, "Missing claim 'actor_id'"),
             ("actor", True, None),
             ("builder", False, "Missing claim 'builder'"),
-            ("ingredient", True, None),
             ("organization_id", True, None),
             ("project_id", True, None),
             ("project_visibility", True, None),
@@ -195,7 +193,6 @@ def test_activestate_publisher_missing_claims(
             activestate_project_name=PROJECT_NAME,
             actor_id=ACTOR_ID,
             actor=ACTOR,
-            ingredient=INGREDIENT,
         )
 
         scope = pretend.stub()
@@ -241,7 +238,6 @@ def test_activestate_publisher_org_id_verified(
             activestate_project_name=PROJECT_NAME,
             actor_id=ACTOR_ID,
             actor=ACTOR,
-            ingredient=INGREDIENT,
         )
 
         signed_claims = new_signed_claims(organization=expect)
@@ -263,7 +259,6 @@ def test_activestate_publisher_project_id_verified(
             activestate_project_name=actual,
             actor_id=ACTOR_ID,
             actor=ACTOR,
-            ingredient=INGREDIENT,
         )
 
         signed_claims = new_signed_claims(project=expect)
@@ -285,7 +280,6 @@ def test_activestate_publisher_user_id_verified(
             activestate_project_name=PROJECT_NAME,
             actor_id=actual,
             actor=ACTOR,
-            ingredient=INGREDIENT,
         )
         signed_claims = new_signed_claims(actor_id=expect)
         check = publisher.__required_verifiable_claims__["actor_id"]

diff --git a/tests/unit/oidc/test_utils.py b/tests/unit/oidc/test_utils.py
@@ -202,23 +202,20 @@ def test_find_publisher_by_issuer_activestate(
         activestate_project_name="fakeproject1",
         actor_id="00000000-1000-8000-0000-000000000003",
         actor="fakeuser1",
-        ingredient="fakeingredient1",
     )
     ActiveStatePublisherFactory(
         id="bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb",
         organization="fakeorg2",
         activestate_project_name="fakeproject2",
         actor_id="00000000-1000-8000-0000-000000000006",
         actor="fakeuser2",
-        ingredient="fakeingredient2",
     )
     ActiveStatePublisherFactory(
         id="cccccccc-cccc-cccc-cccc-cccccccccccc",
         organization="fakeorg3",
         activestate_project_name="fakeproject3",
         actor_id="00000000-1000-8000-0000-000000000009",
         actor="fakeuser3",
-        ingredient="fakeingredient3",
     )
 
     signed_claims = {
@@ -227,7 +224,6 @@ def test_find_publisher_by_issuer_activestate(
         "project": project,
         "actor_id": actor_id,
         "actor": actor,
-        "ingredient_name": ingredient_name,
     }
 
     assert (

diff --git a/warehouse/migrations/versions/93a1ca43e356_remove_ingredient_from_activestate_.py b/warehouse/migrations/versions/93a1ca43e356_remove_ingredient_from_activestate_.py
@@ -0,0 +1,45 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""
+Remove 'ingredient' from ActiveState Publishing
+
+Revision ID: 93a1ca43e356
+Revises: 778f1c01a019
+Create Date: 2024-03-13 16:13:44.417966
+"""
+
+import sqlalchemy as sa
+
+from alembic import op
+
+revision = "93a1ca43e356"
+down_revision = "778f1c01a019"
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column("activestate_oidc_publishers", "ingredient")
+    op.drop_column("pending_activestate_oidc_publishers", "ingredient")
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column(
+        "pending_activestate_oidc_publishers",
+        sa.Column("ingredient", sa.VARCHAR(), autoincrement=False, nullable=True),
+    )
+    op.add_column(
+        "activestate_oidc_publishers",
+        sa.Column("ingredient", sa.VARCHAR(), autoincrement=False, nullable=True),
+    )
+    # ### end Alembic commands ###
diff --git a/warehouse/oidc/models/_core.py b/warehouse/oidc/models/_core.py
@@ -185,7 +185,7 @@ def verify_claims(self, signed_claims: SignedClaims):
                 )
 
         # Finally, perform the actual claim verification. First, verify that
-        # all requred claims are present.
+        # all required claims are present.
         for claim_name in (
             self.__required_verifiable_claims__.keys()
             | self.__required_unverifiable_claims__

diff --git a/warehouse/oidc/models/activestate.py b/warehouse/oidc/models/activestate.py
@@ -65,11 +65,10 @@ class ActiveStatePublisherMixin:
     organization = mapped_column(String, nullable=False)
     activestate_project_name = mapped_column(String, nullable=False)
     actor = mapped_column(String, nullable=False)
-    # 'actor' (The ActiveState platform username) is obstained from the user
+    # 'actor' (The ActiveState platform username) is obtained from the user
     # while configuring the publisher We'll make an api call to ActiveState to
     # get the 'actor_id'
     actor_id = mapped_column(String, nullable=False)
-    ingredient = mapped_column(String, nullable=True)
 
     __required_verifiable_claims__: dict[str, CheckClaimCallable[Any]] = {
         "sub": _check_sub,
@@ -81,13 +80,10 @@ class ActiveStatePublisherMixin:
         "builder": oidccore.check_claim_invariant("pypi-publisher"),
     }
 
-    __optional_verifiable_claims__: dict[str, CheckClaimCallable[Any]] = {
-        "ingredient": oidccore.check_claim_binary(str.__eq__),
-    }
-
     __unchecked_claims__ = {
         "actor",
         "artifact_id",
+        "ingredient",
         "organization_id",
         "project_id",
         "project_path",