This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/main by this push:
new 5c24673 Move sensitive data reads to the storage interface
5c24673 is described below
commit 5c2467323443964754f01412c8ac285b73b3d85e
Author: Sean B. Palmer <[email protected]>
AuthorDate: Mon Oct 13 16:38:34 2025 +0100
Move sensitive data reads to the storage interface
---
atr/routes/tokens.py | 13 +------------
atr/ssh.py | 1 +
atr/storage/readers/tokens.py | 17 +++++++++++++++--
3 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/atr/routes/tokens.py b/atr/routes/tokens.py
index 3926bd9..7250828 100644
--- a/atr/routes/tokens.py
+++ b/atr/routes/tokens.py
@@ -97,8 +97,8 @@ async def tokens(session: route.CommitterSession) -> str |
response.Response:
issue_form = await IssueJWTForm.create_form(data=request_form if is_post
else None)
start = time.perf_counter_ns()
- tokens_list = await _fetch_tokens(session.uid)
async with storage.read_as_foundation_committer() as rafc:
+ tokens_list = await rafc.tokens.own_personal_access_tokens()
most_recent_pat = await rafc.tokens.most_recent_jwt_pat()
end = time.perf_counter_ns()
log.info("Tokens list fetched in %dms", (end - start) / 1_000_000)
@@ -253,17 +253,6 @@ async def _delete_token(data: db.Session, uid: str,
token_id: int) -> None:
await data.delete(pat)
[email protected]_function
-async def _fetch_tokens(data: db.Session, uid: str) ->
list[sql.PersonalAccessToken]:
- via = sql.validate_instrumented_attribute
- stmt = (
- sqlmodel.select(sql.PersonalAccessToken)
- .where(sql.PersonalAccessToken.asfuid == uid)
- .order_by(via(sql.PersonalAccessToken.created))
- )
- return await data.query_all(stmt)
-
-
async def _handle_post(
session: route.CommitterSession, request_form: datastructures.MultiDict
) -> response.Response | None:
diff --git a/atr/ssh.py b/atr/ssh.py
index 4073fda..862d8b5 100644
--- a/atr/ssh.py
+++ b/atr/ssh.py
@@ -74,6 +74,7 @@ class SSHServer(asyncssh.SSHServer):
# Load SSH keys for this user from the database
async with db.session() as data:
user_keys = await data.ssh_key(asf_uid=username).all()
+ # TODO: This should potentially be migrated to the storage
interface
workflow_keys = await
data.workflow_ssh_key(asf_uid=username).all()
now = int(time.time())
valid_workflow_keys = []
diff --git a/atr/storage/readers/tokens.py b/atr/storage/readers/tokens.py
index a7fcba2..5bff63d 100644
--- a/atr/storage/readers/tokens.py
+++ b/atr/storage/readers/tokens.py
@@ -39,9 +39,22 @@ class FoundationCommitter(GeneralPublic):
self.__read_as = read_as
self.__data = data
- async def most_recent_jwt_pat(self, asf_uid: str | None = None) ->
sql.PersonalAccessToken | None:
+ async def own_personal_access_tokens(self) ->
list[sql.PersonalAccessToken]:
+ asf_uid = self.__read.authorisation.asf_uid
if asf_uid is None:
- asf_uid = self.__read.authorisation.asf_uid
+ raise ValueError("An ASF UID is required")
+ via = sql.validate_instrumented_attribute
+ stmt = (
+ sqlmodel.select(sql.PersonalAccessToken)
+ .where(sql.PersonalAccessToken.asfuid == asf_uid)
+ .order_by(via(sql.PersonalAccessToken.created))
+ )
+ return await self.__data.query_all(stmt)
+
+ async def most_recent_jwt_pat(self) -> sql.PersonalAccessToken | None:
+ # , asf_uid: str | None = None
+ # if asf_uid is None:
+ asf_uid = self.__read.authorisation.asf_uid
if asf_uid is None:
raise ValueError("An ASF UID is required")
via = sql.validate_instrumented_attribute
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
