Aerie 1.14.0 Auth Changes

.env

@@ -1,4 +1,4 @@
-DOCKER_TAG=v1.13.0
+DOCKER_TAG=v1.14.0
 REPOSITORY_DOCKER_URL=ghcr.io/nasa-ammos
 
 AERIE_USERNAME=aerie

.github/workflows/test.yml

@@ -47,7 +47,7 @@ jobs:
     strategy:
       matrix:
         python-version: [ "3.6.15", "3.11" ]
-        aerie-version: ["1.13.0"]
+        aerie-version: ["1.13.0", "1.14.0"]
     steps:
       - uses: actions/checkout@v3
       - name: Set up Python ${{ matrix.python-version }}

src/aerie_cli/aerie_host.py

@@ -40,10 +40,10 @@ def __init__(self, encoded_jwt: str) -> None:
         encoded_jwt_payload = b64decode(jwt_components[1] + "==", validate=False)
         try:
             payload = json.loads(encoded_jwt_payload)
-            self.active_role = payload["activeRole"]
             self.allowed_roles = payload["https://hasura.io/jwt/claims"][
                 "x-hasura-allowed-roles"
             ]
+            self.default_role = payload["https://hasura.io/jwt/claims"]["x-hasura-default-role"]
             self.username = payload["username"]
 
         except KeyError:
@@ -83,6 +83,7 @@ def __init__(
         self.gateway_url = gateway_url
         self.configuration_name = configuration_name
         self.aerie_jwt = None
+        self.active_role = None
 
     def post_to_graphql(self, query: str, **kwargs) -> Dict:
         """Issue a post request to the Aerie instance GraphQL API
@@ -201,17 +202,7 @@ def change_role(self, new_role: str) -> None:
                 f"Cannot set role {new_role}. Must be one of: {', '.join(self.aerie_jwt.allowed_roles)}"
             )
 
-        resp = self.session.post(
-            self.gateway_url + "/auth/changeRole",
-            json={"role": new_role},
-            headers=self.get_auth_headers(),
-        )
-
-        try:
-            resp_json = process_gateway_response(resp)
-            self.aerie_jwt = AerieJWT(resp_json["token"])
-        except (RuntimeError, KeyError):
-            raise RuntimeError(f"Failed to select new role")
+        self.active_role = new_role
 
     def check_auth(self) -> bool:
         """Checks if session is correctly authenticated with Aerie host
@@ -237,9 +228,12 @@ def check_auth(self) -> bool:
             return False
 
     def get_auth_headers(self):
+        if self.aerie_jwt is None:
+            return {}
+
         return {
             "Authorization": f"Bearer {self.aerie_jwt.encoded_jwt}",
-            "x-hasura-role": self.aerie_jwt.active_role,
+            "x-hasura-role": self.active_role,
         }
 
     def is_auth_enabled(self) -> bool:
@@ -248,7 +242,7 @@ def is_auth_enabled(self) -> bool:
         Returns:
             bool: False if authentication is disabled, otherwise True
         """
-        resp = self.session.get(self.gateway_url + "/auth/user")
+        resp = self.session.get(self.gateway_url + "/auth/session")
         if resp.ok:
             try:
                 resp_json = resp.json()
@@ -275,6 +269,7 @@ def authenticate(self, username: str, password: str = None):
             raise RuntimeError("Failed to authenticate")
 
         self.aerie_jwt = AerieJWT(resp_json["token"])
+        self.active_role = self.aerie_jwt.default_role
 
         if not self.check_auth():
             raise RuntimeError(f"Failed to open session")

src/aerie_cli/app.py

@@ -137,14 +137,14 @@ def change_role(
     client = get_active_session_client()
 
     if role is None:
-        typer.echo(f"Active Role: {client.aerie_host.aerie_jwt.active_role}")
+        typer.echo(f"Active Role: {client.aerie_host.active_role}")
         role = select_from_list(client.aerie_host.aerie_jwt.allowed_roles)
 
     client.aerie_host.change_role(role)
 
     PersistentSessionManager.set_active_session(client.aerie_host)
 
-    typer.echo(f"Changed role to: {client.aerie_host.aerie_jwt.active_role}")
+    typer.echo(f"Changed role to: {client.aerie_host.active_role}")
 
 
 @app.command("status")
@@ -158,4 +158,4 @@ def print_status():
     if client.aerie_host.configuration_name:
         typer.echo(f"Active configuration: {client.aerie_host.configuration_name}")
 
-    typer.echo(f"Active role: {client.aerie_host.aerie_jwt.active_role}")
+    typer.echo(f"Active role: {client.aerie_host.active_role}")

tests/integration_tests/conftest.py

@@ -41,7 +41,7 @@
 CONFIGURATIONS_PATH = os.path.join(FILES_PATH, "configuration")
 CONFIGURATION_PATH = os.path.join(CONFIGURATIONS_PATH, "localhost_config.json")
 MODELS_PATH = os.path.join(FILES_PATH, "models")
-MODEL_VERSION = os.environ.get("AERIE_VERSION", "1.13.0")
+MODEL_VERSION = os.environ.get("AERIE_VERSION", "1.14.0")
 MODEL_JAR = os.path.join(MODELS_PATH, f"banananation-{MODEL_VERSION}.jar")
 MODEL_NAME = "banananation"
 MODEL_VERSION = "0.0.1"