bkpaas-auth: bump to 3.1.3 & fix linter issues & upgrade to poetry v2 (#245)

Author: piglei

.github/workflows/bkpaas-auth.yml

@@ -20,35 +20,25 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Set up Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: 3.11
-      - name: Format with isort
-        working-directory: sdks/bkpaas-auth
-        run: |
-          pip install isort==5.12.0
-          isort . --settings-path=pyproject.toml
-      - name: Format with black
-        working-directory: sdks/bkpaas-auth
-        run: |
-          pip install black==23.7.0 click==8.1.6
-          black . --config=pyproject.toml
-      - name: Lint with flake8
-        working-directory: sdks/bkpaas-auth
-        run: |
-          pip install flake8==4.0.1 pyproject-flake8==0.0.1a5
-          pflake8 . --config=pyproject.toml
+      - name: Setup uv
+        uses: astral-sh/setup-uv@v5
+      - name: Install Poetry system-wide
+        # Use uv install to install poetry directly instead github action for simplicity
+        run: uv pip install --system poetry==2.1.3
+      - name: Ruff check
+        run: poetry install && poetry run ruff check ./sdks/bkpaas-auth --config ./pyproject.toml
       - name: Lint with mypy
         working-directory: sdks/bkpaas-auth
-        run: |
-          pip install mypy==1.12.0 types-mock==4.0.15.2 types-requests==2.32.0.20241016 types-six==1.16.21.20241009
-          mypy . --config-file=pyproject.toml
+        run: poetry install && poetry run mypy . --config-file=./pyproject.toml
 
   test:
     strategy:
       fail-fast: false
       matrix:
-        python-version: ["3.8", "3.9", "3.10", "3.11"]
+        python-version: ["3.9", "3.10", "3.11"]
         os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
@@ -57,40 +47,36 @@ jobs:
         uses: actions/setup-python@v2
         with:
           python-version: ${{ matrix.python-version }}
-      - name: Set up Poetry
-        uses: abatilo/actions-poetry@v2.3.0
-        with:
-          poetry-version: 1.5.1
-      - name: Install dependencies
+      - name: Setup uv
+        uses: astral-sh/setup-uv@v5
+      - name: Install Nox
+        run:  uv pip install --system nox==2025.11.12
+      - name: Show nox version
         working-directory: sdks/bkpaas-auth
-        run: |
-          poetry export --without-hashes --dev -o requirements-dev.txt
-          python -m pip install --upgrade pip
-          python -m pip install -r requirements-dev.txt
-          python -m pip install tox-gh-actions==2.8.1
-      - name: Run test with tox targets for ${{ matrix.python-version }}
+        run: nox --version
+      - name: Run tests on ${{ matrix.os }}
         working-directory: sdks/bkpaas-auth
-        run: tox
+        run: nox --non-interactive --error-on-missing-interpreters --session "tests(python='${{ matrix.python-version }}')" -- --full-trace
 
   build:
     runs-on: macos-latest
     if: github.event.release && contains(github.event.release.tag_name, 'bkpaas-auth')
     steps:
       - uses: actions/checkout@v2
       - name: Set up Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
-          python-version: 3.8
+          python-version: 3.11
       - name: Set up Poetry
         uses: abatilo/actions-poetry@v2.3.0
         with:
-          poetry-version: 1.5.1
+          poetry-version: 2.1.1
       - name: Build bkpaas-auth
         run: |
           cd sdks/bkpaas-auth
           poetry install
           poetry build
-          echo "${{ github.event.relesae.tag_name }} ${{ github.sha }}" > Release.txt
+          echo "${{ github.event.release.tag_name }} ${{ github.sha }}" > Release.txt
           cat Release.txt
       - name: Release
         uses: softprops/action-gh-release@v1

.github/workflows/blue-krill.yml

@@ -57,10 +57,10 @@ jobs:
       - name: Setup uv
         uses: astral-sh/setup-uv@v5
       - name: Install Nox
-        run:  uv pip install --system nox
+        run:  uv pip install --system nox==2025.11.12
       - name: Run tests on ${{ matrix.os }}
         working-directory: sdks/blue-krill
-        run: nox --non-interactive --error-on-missing-interpreter --session "tests(python='${{ matrix.python-version }}')" -- --full-trace
+        run: nox --non-interactive --error-on-missing-interpreters --session "tests(python='${{ matrix.python-version }}')" -- --full-trace
   build:
     runs-on: macos-latest
     if: github.event.release && contains(github.event.release.tag_name, 'blue-krill')

sdks/bkpaas-auth/.flake8

@@ -1,5 +1,8 @@
 # 版本历史
 
+## 3.1.3
+- feat: 用户模型增加时区支持，新增 time_zone 属性，由认证服务返回时区
+
 ## 3.1.2
 - fix: 修复通过 APIGatewayAuthBackend 认证无法获取 tenant_id 的问题
 

sdks/bkpaas-auth/CHANGES.md

@@ -11,20 +11,10 @@
 ### 发布包
 
 - 在 `bkpaas_auth/__init__.py`  文件中更新 `__version__`
-- 在 `setup.py` 文件中更新 `version`
 - 在 `pyproject.toml` 中更新 `version`
 - 在 `CHANGES.md` 中添加对应的版本日志
 - 执行 `poetry build` 命令在 dist 目录下生成当前版本的包。然后执行 `twine upload dist/* --repository-url {pypi_address} --username {your_name} --password {your_token}` 将其上传到 pypi 服务器上。
 
-### 关于 setup.py
-
-虽然在 [PEP 517](https://python-poetry.org/docs/pyproject/#poetry-and-pep-517) 规范里，Python 包不再需要 `setup.py` 文件。但真正少了 `setup.py` 文件后，会发现有些功能就没法正常使用，比如 pip 的可编辑安装模式、tox 等（[相关文档](https://github.com/python-poetry/poetry/issues/761)）。所以我们仍然需要它。
-
-为了避免维护重复的 `pyproject.toml` 和 `setup.py` 文件，我们使用了 [dephell](https://github.com/dephell/dephell) 工具来自动生成 `setup.py` 文件。
-
-- 安装 dephell
-- 在根目录执行 `dephell deps convert --from pyproject.toml --to setup.py`
-
 ## 使用指南
 1. 更新 settings：
 ```python

sdks/bkpaas-auth/README.md

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-__version__ = "3.1.2"
+__version__ = "3.1.3"
 
 
 def get_user_by_user_id(user_id: str, username_only: bool = True):

sdks/bkpaas-auth/bkpaas_auth/__init__.py

@@ -210,7 +210,7 @@ class APIGatewayAuthBackend:
     _TOKEN_EXPIRE_TIME = 86400  # 24 hours in seconds
 
     def _create_authenticated_user(
-        self, username: str, provider_type: ProviderType, tenant_id: str | None = None
+        self, username: str, provider_type: ProviderType, tenant_id: Optional[str] = None
     ) -> User:
         """Create a user object for authenticated requests."""
         return User(
@@ -221,7 +221,7 @@ def _create_authenticated_user(
         )
 
     def _authenticate_common(
-        self, verified: bool, username: str | None = None, tenant_id: str | None = None
+        self, verified: bool, username: Optional[str] = None, tenant_id: Optional[str] = None
     ) -> Union[User, AnonymousUser]:
         """Common authentication logic for all versions."""
         if not verified or not username:
@@ -236,7 +236,7 @@ def authenticate_with_signature_v3(
         request: HttpRequest,
         gateway_name: str,
         bk_username: str,
-        tenant_id: str | None = None,
+        tenant_id: Optional[str] = None,
         verified: bool = False,
         **credentials: Dict,
     ) -> Union[User, AnonymousUser]:

sdks/bkpaas-auth/bkpaas_auth/backends.py

@@ -20,22 +20,18 @@ def validate_login_token(self, login_token):
 
         if login_token.expired():
             return False
-
-        if (now() - login_token.issued_at).total_seconds() > bkauth_settings.SESSION_TIMEOUT:
-            return False
-
-        return True
+        return (now() - login_token.issued_at).total_seconds() <= bkauth_settings.SESSION_TIMEOUT
 
 
 class BkTicketPlugin(BasePlugin):
     """Auth backend for bk_ticket"""
 
     def get_credentials(self, request):
-        bk_ticket = request.COOKIES.get('bk_ticket')
+        bk_ticket = request.COOKIES.get("bk_ticket")
 
         if bk_ticket:
             return {
-                'bk_ticket': bk_ticket,
+                "bk_ticket": bk_ticket,
             }
 
         return None
@@ -45,9 +41,9 @@ class BkTokenPlugin(BasePlugin):
     """Auth backend for bk_token"""
 
     def get_credentials(self, request):
-        bk_token = request.COOKIES.get('bk_token')
+        bk_token = request.COOKIES.get("bk_token")
 
         if bk_token:
-            return {'bk_token': bk_token}
+            return {"bk_token": bk_token}
 
         return None

sdks/bkpaas-auth/bkpaas_auth/core/plugins.py

@@ -18,7 +18,7 @@
 def get_app_credentials() -> Dict[str, str]:
     """Get app credentials to verify app, which is required for requesting user info API"""
     if conf.TOKEN_APP_CODE and conf.TOKEN_SECRET_KEY:
-        return {'bk_app_code': conf.TOKEN_APP_CODE, 'bk_app_secret': conf.TOKEN_SECRET_KEY}
+        return {"bk_app_code": conf.TOKEN_APP_CODE, "bk_app_secret": conf.TOKEN_SECRET_KEY}
     raise ImproperlyConfigured("BKAUTH_TOKEN_APP_CODE and BKAUTH_TOKEN_SECRET_KEY not set")
 
 
@@ -48,19 +48,19 @@ def _get_and_cache_user_info(cache_key, user_params, response_ok_checker):
             params=user_params,
         )
     except HttpRequestError:
-        raise ServiceError('Unable to get user info')
+        raise ServiceError("Unable to get user info")
 
     result = resp_to_json(resp)
 
     if not isinstance(result, dict):
-        raise ValueError(f'response type expect dict, got: {result}')
+        raise ValueError(f"response type expect dict, got: {result}")  # noqa: TRY004
 
     if not response_ok_checker(result):
         logger.error(
-            f'Get user info fail, url: {conf.TOKEN_USER_INFO_ENDPOINT}, params: {scrub_data(user_params)}'
-            f', response: {result}',
+            f"Get user info fail, url: {conf.TOKEN_USER_INFO_ENDPOINT}, params: {scrub_data(user_params)}"
+            f", response: {result}",
         )
-        return
+        return None
 
     # 获取用户信息成后才缓存数据
     cache.set(cache_key, result, timeout=86400)
@@ -76,13 +76,13 @@ def get_rtx_user_info(username):
     """
 
     def response_ok_checker(result):
-        return result['result']
+        return result["result"]
 
-    cache_key = f'bkauth::rests::get_rtx_user_info::{username}'
-    result = _get_and_cache_user_info(cache_key, {'login_name': username}, response_ok_checker)
+    cache_key = f"bkauth::rests::get_rtx_user_info::{username}"
+    result = _get_and_cache_user_info(cache_key, {"login_name": username}, response_ok_checker)
 
     if result and response_ok_checker(result):
-        return RtxUserInfo(**result['data'])
+        return RtxUserInfo(**result["data"])
 
     return None
 
@@ -95,12 +95,12 @@ def get_bk_user_info(username):
     """
 
     def response_ok_checker(result):
-        return result['code'] == 0
+        return result["code"] == 0
 
-    cache_key = f'bkauth::rests::get_bk_user_info::{username}'
-    result = _get_and_cache_user_info(cache_key, {'bk_username': username}, response_ok_checker)
+    cache_key = f"bkauth::rests::get_bk_user_info::{username}"
+    result = _get_and_cache_user_info(cache_key, {"bk_username": username}, response_ok_checker)
 
     if result and response_ok_checker(result):
-        return BkUserInfo(**result['data'])
+        return BkUserInfo(**result["data"])
 
     return None