squashme: fix linting

Author: olevski

components/renku_data_services/data_connectors/blueprints.py

@@ -9,7 +9,7 @@
 from sanic_ext import validate
 from ulid import ULID
 
-from renku_data_services import base_models, errors
+from renku_data_services import base_models
 from renku_data_services.base_api.auth import (
     authenticate,
     only_authenticated,
@@ -471,7 +471,7 @@ async def openbis_transform_session_token_to_pat() -> (
                                     openbis_pat[1],
                                 )
                             except Exception as e:
-                                raise errors.ProgrammingError(message=str(e))
+                                raise errors.ProgrammingError(message=str(e)) from e
                         raise errors.ValidationError(message="The openBIS session token must be a string value.")
 
                     raise errors.ValidationError(message="The openBIS storage has only one secret: session_token")

components/renku_data_services/project/db.py

@@ -840,7 +840,9 @@ async def patch_session_secrets(
                 )
                 if session_launcher_secret_orm := existing_secrets_as_dict.get(slot_id):
                     session_launcher_secret_orm.secret.update(
-                        encrypted_value=encrypted_value, encrypted_key=encrypted_key
+                        encrypted_value=encrypted_value,
+                        encrypted_key=encrypted_key,
+                        expiration_timestamp=session_launcher_secret_orm.secret.expiration_timestamp,
                     )
                 else:
                     name = secret_slot.name

components/renku_data_services/secrets/db.py

@@ -3,7 +3,7 @@
 import random
 import string
 from collections.abc import AsyncGenerator, Callable, Sequence
-from datetime import UTC, datetime, timedelta
+from datetime import UTC, datetime
 from typing import cast
 
 from cryptography.hazmat.primitives.asymmetric import rsa
@@ -200,7 +200,11 @@ async def update_secret(self, requested_by: APIUser, secret_id: ULID, patch: Sec
                     secret_service_public_key=self.secret_service_public_key,
                     secret_value=patch.secret_value,
                 )
-                secret.update(encrypted_value=encrypted_value, encrypted_key=encrypted_key)
+                secret.update(
+                    encrypted_value=encrypted_value,
+                    encrypted_key=encrypted_key,
+                    expiration_timestamp=patch.expiration_timestamp,
+                )
 
             return secret.dump()
 

components/renku_data_services/secrets/models.py

@@ -90,3 +90,4 @@ class SecretPatch:
     name: str | None
     default_filename: str | None
     secret_value: str | None = field(repr=False)
+    expiration_timestamp: datetime | None

components/renku_data_services/storage/rclone_patches.py

@@ -255,3 +255,63 @@ def apply_patches(spec: list[dict[str, Any]]) -> None:
 
     for patch in patches:
         patch(spec)
+
+
+def __patch_schema_add_openbis_type(spec: list[dict[str, Any]]) -> None:
+    """Adds a fake type to help with setting up openBIS storage."""
+    spec.append(
+        {
+            "Name": "openbis",
+            "Description": "openBIS",
+            "Prefix": "openbis",
+            "Options": [
+                {
+                    "Name": "host",
+                    "Help": 'openBIS host to connect to.\n\nE.g. "openbis-eln-lims.ethz.ch".',
+                    "Provider": "",
+                    "Default": "",
+                    "Value": None,
+                    "Examples": [
+                        {
+                            "Value": "openbis-eln-lims.ethz.ch",
+                            "Help": "Public openBIS demo instance",
+                            "Provider": "",
+                        },
+                    ],
+                    "ShortOpt": "",
+                    "Hide": 0,
+                    "Required": True,
+                    "IsPassword": False,
+                    "NoPrefix": False,
+                    "Advanced": False,
+                    "Exclusive": False,
+                    "Sensitive": False,
+                    "DefaultStr": "",
+                    "ValueStr": "",
+                    "Type": "string",
+                },
+                {
+                    "Name": "session_token",
+                    "Help": "openBIS session token",
+                    "Provider": "",
+                    "Default": "",
+                    "Value": None,
+                    "ShortOpt": "",
+                    "Hide": 0,
+                    "Required": True,
+                    "IsPassword": True,
+                    "NoPrefix": False,
+                    "Advanced": False,
+                    "Exclusive": False,
+                    "Sensitive": True,
+                    "DefaultStr": "",
+                    "ValueStr": "",
+                    "Type": "string",
+                },
+            ],
+            "CommandHelp": None,
+            "Aliases": None,
+            "Hide": False,
+            "MetadataInfo": None,
+        }
+    )

components/renku_data_services/users/core.py

@@ -21,4 +21,5 @@ def validate_secret_patch(patch: apispec.SecretPatch) -> SecretPatch:
         name=patch.name,
         default_filename=patch.default_filename,
         secret_value=patch.value,
+        expiration_timestamp=patch.expiration_timestamp,
     )

test/bases/renku_data_services/data_api/test_secret.py

@@ -27,14 +27,17 @@
 @pytest.fixture
 def create_secret(sanic_client: SanicASGITestClient, user_headers):
     async def create_secret_helper(
-        name: str, value: str, kind: str = "general", default_filename: str | None = None, expiration_timestamp: str | None = None
+        name: str,
+        value: str,
+        kind: str = "general",
+        default_filename: str | None = None,
+        expiration_timestamp: str | None = None,
     ) -> dict[str, Any]:
         payload = {"name": name, "value": value, "kind": kind}
         if default_filename:
             payload["default_filename"] = default_filename
         if expiration_timestamp:
             payload["expiration_timestamp"] = expiration_timestamp
-        
 
         _, response = await sanic_client.post("/api/data/user/secrets", headers=user_headers, json=payload)
 
@@ -101,7 +104,7 @@ async def test_get_one_secret(sanic_client: SanicASGITestClient, user_headers, c
     secret = await create_secret("secret-2", "value-2")
     await create_secret("secret-3", "value-3")
 
-    _, response = await sanic_client.get(f"/api/data/user/secrets/{secret["id"]}", headers=user_headers)
+    _, response = await sanic_client.get(f"/api/data/user/secrets/{secret['id']}", headers=user_headers)
     assert response.status_code == 200, response.text
     assert response.json is not None
     assert response.json["name"] == secret["name"]
@@ -115,21 +118,21 @@ async def test_get_one_secret_not_expired(sanic_client: SanicASGITestClient, use
     secret_1 = await create_secret("secret-1", "value-1", expiration_timestamp=expiration_timestamp)
     secret_2 = await create_secret("secret-2", "value-2", expiration_timestamp="2029-12-31")
 
-    _, response = await sanic_client.get(f"/api/data/user/secrets/{secret_1["id"]}", headers=user_headers)
+    _, response = await sanic_client.get(f"/api/data/user/secrets/{secret_1['id']}", headers=user_headers)
     assert response.status_code == 200, response.text
     assert response.json is not None
     assert response.json["name"] == "secret-1"
     assert response.json["id"] == secret_1["id"]
 
-    _, response = await sanic_client.get(f"/api/data/user/secrets/{secret_2["id"]}", headers=user_headers)
+    _, response = await sanic_client.get(f"/api/data/user/secrets/{secret_2['id']}", headers=user_headers)
     assert response.status_code == 200, response.text
     assert response.json is not None
     assert response.json["name"] == "secret-2"
     assert response.json["id"] == secret_2["id"]
 
     time.sleep(20)
 
-    _, response = await sanic_client.get(f"/api/data/user/secrets/{secret_1["id"]}", headers=user_headers)
+    _, response = await sanic_client.get(f"/api/data/user/secrets/{secret_1['id']}", headers=user_headers)
     assert response.status_code == 404
 
 
@@ -193,7 +196,7 @@ async def test_get_delete_a_secret(sanic_client: SanicASGITestClient, user_heade
     secret = await create_secret("secret-2", "value-2")
     await create_secret("secret-3", "value-3")
 
-    _, response = await sanic_client.delete(f"/api/data/user/secrets/{secret["id"]}", headers=user_headers)
+    _, response = await sanic_client.delete(f"/api/data/user/secrets/{secret['id']}", headers=user_headers)
     assert response.status_code == 204, response.text
 
     _, response = await sanic_client.get("/api/data/user/secrets", headers=user_headers)
@@ -209,12 +212,12 @@ async def test_get_update_a_secret(sanic_client: SanicASGITestClient, user_heade
     await create_secret("secret-3", "value-3")
 
     _, response = await sanic_client.patch(
-        f"/api/data/user/secrets/{secret["id"]}", headers=user_headers, json={"name": "new-name", "value": "new-value"}
+        f"/api/data/user/secrets/{secret['id']}", headers=user_headers, json={"name": "new-name", "value": "new-value"}
     )
     assert response.status_code == 422
 
     _, response = await sanic_client.patch(
-        f"/api/data/user/secrets/{secret["id"]}", headers=user_headers, json={"value": "new-value"}
+        f"/api/data/user/secrets/{secret['id']}", headers=user_headers, json={"value": "new-value"}
     )
     assert response.status_code == 200, response.text
     assert response.json is not None
@@ -223,7 +226,7 @@ async def test_get_update_a_secret(sanic_client: SanicASGITestClient, user_heade
     assert response.json["expiration_timestamp"] is None
     assert "value" not in response.json
 
-    _, response = await sanic_client.get(f"/api/data/user/secrets/{secret["id"]}", headers=user_headers)
+    _, response = await sanic_client.get(f"/api/data/user/secrets/{secret['id']}", headers=user_headers)
     assert response.status_code == 200, response.text
     assert response.json is not None
     assert response.json["id"] == secret["id"]
@@ -232,13 +235,13 @@ async def test_get_update_a_secret(sanic_client: SanicASGITestClient, user_heade
     assert "value" not in response.json
 
     _, response = await sanic_client.patch(
-        f"/api/data/user/secrets/{secret["id"]}",
+        f"/api/data/user/secrets/{secret['id']}",
         headers=user_headers,
         json={"value": "newest-value", "expiration_timestamp": "2029-12-31"},
     )
     assert response.status_code == 200, response.text
 
-    _, response = await sanic_client.get(f"/api/data/user/secrets/{secret["id"]}", headers=user_headers)
+    _, response = await sanic_client.get(f"/api/data/user/secrets/{secret['id']}", headers=user_headers)
     assert response.status_code == 200, response.text
     assert response.json is not None
     assert response.json["id"] == secret["id"]
@@ -255,7 +258,7 @@ async def test_cannot_get_another_user_secret(
     secret = await create_secret("secret-2", "value-2")
     await create_secret("secret-3", "value-3")
 
-    _, response = await sanic_client.get(f"/api/data/user/secrets/{secret["id"]}", headers=admin_headers)
+    _, response = await sanic_client.get(f"/api/data/user/secrets/{secret['id']}", headers=admin_headers)
     assert response.status_code == 404, response.text
     assert "cannot be found" in response.json["error"]["message"]
 

test/bases/renku_data_services/data_api/test_storage.py

@@ -12,8 +12,8 @@
 from renku_data_services.data_api.dependencies import DependencyManager
 from renku_data_services.migrations.core import run_migrations_for_app
 from renku_data_services.storage.rclone import RCloneValidator
-from renku_data_services.utils.core import get_openbis_session_token
 from renku_data_services.storage.rclone_patches import BANNED_STORAGE, OAUTH_PROVIDERS
+from renku_data_services.utils.core import get_openbis_session_token
 from test.utils import SanicReusableASGITestClient
 
 _valid_storage: dict[str, Any] = {