Interfaces and services for JWK management (pypi#10628)

* python-version: bump to 3.8.9 * ci, Dockerfile: bump Python versions * requirements, warehouse: dependencies, skeleton for JWKs * warehouse/oidc: format * config, oidc, utils: fill in more groundwork * warehouse: add a basic `warehouse oidc` CLI, redis caching * tasks: remove the separate OIDC queue These should be very fast, and thus don't need a separate queue. * warehouse: decompose OIDC urls a bit It makes more sense to have the OIDC_PROVIDERS map be a map of names to issuer FQDNs, so that we don't have to store that information elsewhere. * warehouse/utils: docs * warehouse: refactor JWKs to fetch on first use * tests/unit: fix config test * Update requirements/main.txt Co-authored-by: Dustin Ingram <di@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Dustin Ingram <di@users.noreply.github.com> * warehouse: refactor JWKService Adds a service factory for creating per-provider services. * oidc/services: appease flake8 * warehouse: add metrics to JWKService, rewrite CLI * warehouse/cli: remove oidc subcommand This is no longer useful. * warehouse: rename JWKService to OIDCProviderService, refactor * warehouse/oidc: fix init * warehouse: remove oidc.utils, refactor * warehouse/oidc: re-add provider attribute * tests: unit tests for warehouse.oidc.services Fixes small bugs in the process. Co-authored-by: Dustin Ingram <di@users.noreply.github.com>
domdfcoding · Jun 7, 2022 · 6f68ecf · 6f68ecf
1 parent 536fb91
commit 6f68ecf
Show file tree

Hide file tree

Showing 8 changed files with 663 additions and 1 deletion.
diff --git a/requirements/main.in b/requirements/main.in
@@ -43,6 +43,7 @@ pyramid_rpc>=0.7
 pyramid_services>=2.1
 pyramid_tm>=0.12
 python-slugify
+PyJWT[crypto]>=2.3.0
 readme-renderer[md]>=0.7.0
 requests
 requests-aws4auth

diff --git a/requirements/main.txt b/requirements/main.txt
@@ -283,7 +283,8 @@ cryptography==36.0.1 \
     --hash=sha256:ebc15b1c22e55c4d5566e3ca4db8689470a0ca2babef8e3a9ee057a8b82ce4b1 \
     --hash=sha256:ec63da4e7e4a5f924b90af42eddf20b698a70e58d86a72d943857c4c6045b3ee
     # via
-    #   -r requirements/main.in
+    #   -r main.in
+    #   pyjwt
     #   pyopenssl
     #   webauthn
 cssselect==1.1.0 \
@@ -883,6 +884,10 @@ pygments==2.10.0 \
     --hash=sha256:b8e67fe6af78f492b3c4b3e2970c0624cbf08beb1e493b2c99b9fa1b67a20380 \
     --hash=sha256:f398865f7eb6874156579fdf36bc840a03cab64d1cde9e93d68f46a425ec52c6
     # via readme-renderer
+pyjwt[crypto]==2.3.0 \
+    --hash=sha256:b888b4d56f06f6dcd777210c334e69c737be74755d3e5e9ee3fe67dc18a0ee41 \
+    --hash=sha256:e0c4bb8d9f0af0c7f5b1ec4c5036309617d03d56932877f2f7a0beeb5318322f
+    # via -r main.in
 pymacaroons==0.13.0 \
     --hash=sha256:1e6bba42a5f66c245adf38a5a4006a99dcc06a0703786ea636098667d42903b8 \
     --hash=sha256:3e14dff6a262fdbf1a15e769ce635a8aea72e6f8f91e408f9a97166c53b91907