Update dependencies and fix test for topaz 0.32+

Author: Ronen Hilewicz

.github/workflows/ci.yaml

@@ -15,15 +15,15 @@ on:
 
 env:
   VAULT_ADDR: https://vault.eng.aserto.com/
-
+  GO_VERSION: "1.22"
 
 jobs:
   test:
     name: Run test
     runs-on: ubuntu-latest
     steps:
       - name: Read Configuration
-        uses: hashicorp/vault-action@v2.7.3
+        uses: hashicorp/vault-action@v3
         id: vault
         with:
           url: ${{ env.VAULT_ADDR }}
@@ -39,7 +39,7 @@ jobs:
           git config --global url."git@github.com:".insteadOf https://github.com/
 
       - name: Checkout Repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Set up Homebrew
         uses: Homebrew/actions/setup-homebrew@master
@@ -48,9 +48,9 @@ jobs:
         run: brew tap aserto-dev/tap && brew install aserto-dev/tap/topaz && topaz install
 
       - name: Use python 3.9
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
-          python-version: '3.9'
+          python-version: '3.12'
 
       - name: Install and configure Poetry
         uses: snok/install-poetry@v1
@@ -61,7 +61,7 @@ jobs:
         run: |
           poetry install
           poetry run pyright .
-      
+
       - name: Run tests
         run: |
           poetry run pytest -vv
@@ -73,7 +73,7 @@ jobs:
     name: Release to pypi
     steps:
       - name: Read Configuration
-        uses: hashicorp/vault-action@v2.4.1
+        uses: hashicorp/vault-action@v3
         id: vault
         with:
           url: ${{ env.VAULT_ADDR }}
@@ -83,17 +83,17 @@ jobs:
             kv/data/pypi "API_TOKEN" | POETRY_HTTP_BASIC_PYPI_PASSWORD;
 
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Setup Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GO_VERSION }}
 
       - name: Setup caching
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: |
             ~/.cache/go-build
@@ -119,9 +119,9 @@ jobs:
             go run mage.go deps
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
-          python-version: '3.10'
+          python-version: '3.12'
 
       - name: Install Poetry
         uses: snok/install-poetry@v1

go.mod

@@ -1,5 +1,5 @@
 module github.com/aserto-dev/python-authorizer
 
-go 1.19
+go 1.22
 
 require github.com/magefile/mage v1.14.0

poetry.lock

@@ -29,16 +29,16 @@ packages = [
 
 [tool.poetry.dependencies]
 python = "^3.8"
-aiohttp = "^3.8.0"
-grpcio = "^1.49.0"
-protobuf = "^4.21.0"
-aserto-authorizer = "^0.20.2"
-aserto-directory = "^0.31.3"
+aiohttp = "^3.9.5"
+grpcio = "^1.64.1"
+protobuf = "^5.27.2"
+aserto-authorizer = "^0.20.3"
+aserto-directory = "^0.31.4"
 
 [tool.poetry.dev-dependencies]
 black = "^23.0"
 isort= "^5.9.0"
-pytest-asyncio = "^0.15.0"
+pytest-asyncio = "^0.23"
 pyright = "^1.1.0"
 requests = "^2.31.0"
 

pyproject.toml

@@ -1,19 +1,20 @@
 from typing import Literal, Tuple
+
 from aserto.client.directory.channels import Channels
 
 __all__ = ["Channels"]
 
+
 class NotFoundError(Exception):
     pass
 
+
 class ConfigError(Exception):
     pass
 
-Header = Literal["authorization", "aserto-tenant-id", "if-match", "if-none-match"]
-
 
-def get_metadata(api_key, tenant_id) -> Tuple[Tuple[Header, str], ...]:
-    md: Tuple[Tuple[Header, str], ...] = ()
+def get_metadata(api_key, tenant_id) -> Tuple[Tuple[str, str], ...]:
+    md: Tuple[Tuple[str, str], ...] = ()
     if api_key:
         md += (("authorization", f"basic {api_key}"),)
     if tenant_id:

src/aserto/client/directory/__init__.py

@@ -45,21 +45,27 @@ def stop() -> None:
     @staticmethod
     def import_data(path: str) -> None:
         subprocess.run(
-            f"topaz import -i -d {path}",
+            f"topaz ds import -i -d {path}",
             shell=True,
             capture_output=True,
             check=True,
         )
 
-    def set_manifest(self, manifest_path: str) -> None:
-        with open(manifest_path, "r") as f:
-            manifest = f.read()
-        resp = requests.post(
-            f"https://{self.directory_gw.address}/api/v3/directory/manifest",
-            data=manifest,
-            verify=self.directory_gw.ca_cert_path,
+    @staticmethod
+    def set_manifest(manifest_path: str) -> None:
+        subprocess.run(
+            f"topaz ds delete manifest --force",
+            shell=True,
+            capture_output=True,
+            check=True,
+        )
+
+        subprocess.run(
+            f"topaz ds set manifest {manifest_path}",
+            shell=True,
+            capture_output=True,
+            check=True,
         )
-        resp.raise_for_status()
 
     def wait_for_ready(self) -> None:
         t0 = datetime.now()
@@ -93,27 +99,21 @@ def topaz():
 
     time.sleep(1)
 
-    subprocess.run(
-        "rm ~/.config/topaz/db/directory.db",
-        shell=True,
-        capture_output=True,
-        check=True,
-    )
-
     if os.path.exists(f"{topaz_db_dir}/directory.bak"):
         os.rename(f"{topaz_db_dir}/directory.bak", f"{topaz_db_dir}/directory.db")
 
 
 def topaz_configure() -> Topaz:
     subprocess.run(
-        "topaz configure -r ghcr.io/aserto-policies/policy-todo:3 -n todo -d -f --enable-v2",
+        "topaz config new -r ghcr.io/aserto-policies/policy-todo:3 -n todo -d -f",
         shell=True,
         capture_output=True,
         check=True,
     )
 
-    ca_cert_path_grpc = os.path.expanduser("~/.config/topaz/certs/grpc-ca.crt")
-    ca_cert_path_gw = os.path.expanduser("~/.config/topaz/certs/gateway-ca.crt")
+    cert_path = topaz_cert_path()
+    ca_cert_path_grpc = os.path.join(cert_path, "grpc-ca.crt")
+    ca_cert_path_gw = os.path.join(cert_path, "gateway-ca.crt")
 
     return Topaz(
         authorizer=Service("localhost:8282", ca_cert_path=ca_cert_path_grpc),
@@ -122,6 +122,16 @@ def topaz_configure() -> Topaz:
     )
 
 
+def topaz_cert_path() -> str:
+    proc = subprocess.run(
+        "topaz config info | jq .config.topaz_certs_dir -r",
+        shell=True,
+        check=True,
+        capture_output=True,
+    )
+    return proc.stdout.decode().strip()
+
+
 def connect(svc: Service) -> grpc.Channel:
     return grpc.secure_channel(
         target=svc.address, credentials=grpc.ssl_channel_credentials(read_cert(svc.ca_cert_path))

test/conftest.py

@@ -39,7 +39,6 @@ def make_decision_request(client: AuthorizerClient) -> Dict[str, bool]:
 
 
 def test_decision_tree_grpc(authorizer) -> None:
-    print("foobar")
     expected = {
         "todoApp.DELETE.todos.__id": {"allowed": False},
         "todoApp.GET.todos": {"allowed": True},

test/test_authorizer.py

@@ -1,22 +1,13 @@
-import asyncio
 from typing import Dict
 
 import pytest
+import pytest_asyncio
 
 from aserto.client import AuthorizerOptions, Identity
 from aserto.client.authorizer.aio import AuthorizerClient, DecisionTree, IdentityType
 
 
-@pytest.fixture(scope="session")
-def event_loop():
-    """Overrides pytest default function scoped event loop"""
-    policy = asyncio.get_event_loop_policy()
-    loop = policy.new_event_loop()
-    yield loop
-    loop.close()
-
-
-@pytest.fixture(scope="module")
+@pytest_asyncio.fixture(scope="module")
 async def authorizer(topaz):
     client = AuthorizerClient(
         identity=Identity(type=IdentityType.IDENTITY_TYPE_NONE),
@@ -48,7 +39,7 @@ async def make_decision_request(client: AuthorizerClient) -> Dict[str, bool]:
     )
 
 
-@pytest.mark.asyncio
+@pytest.mark.asyncio(scope="module")
 async def test_decision_tree_grpc(authorizer: AuthorizerClient) -> None:
     expected = {
         "todoApp.DELETE.todos.__id": {"allowed": False},
@@ -63,7 +54,7 @@ async def test_decision_tree_grpc(authorizer: AuthorizerClient) -> None:
     assert result == expected
 
 
-@pytest.mark.asyncio
+@pytest.mark.asyncio(scope="module")
 async def test_decision_grpc(authorizer: AuthorizerClient) -> None:
     result = await make_decision_request(authorizer)