Skip to content

feat: cloud abstraction layer, OIDC auth, and comprehensive tests#28

Open
wdvr wants to merge 6 commits into
devfrom
feat/cloud-abstraction-tests
Open

feat: cloud abstraction layer, OIDC auth, and comprehensive tests#28
wdvr wants to merge 6 commits into
devfrom
feat/cloud-abstraction-tests

Conversation

@wdvr
Copy link
Copy Markdown
Owner

@wdvr wdvr commented Feb 4, 2026

Summary

This PR adds the foundation for making ODC cloud-agnostic, along with comprehensive tests.

Cloud Provider Abstraction (Phase 1 of migration)

  • providers/base.py: Abstract interfaces for CloudProvider, AuthProvider, RegistryProvider
  • providers/aws.py: Full AWS implementation wrapping existing boto3 code
  • providers/gcp.py: GCP stub with NotImplementedError (ready for implementation)
  • providers/custom.py: Documented template for custom cloud providers

OIDC Authentication Module

  • shared/auth/oidc.py: JWT verification supporting multiple issuers (GitHub, Google, Okta)
  • shared/auth/api_keys.py: API key creation and validation with scopes
  • shared/auth/audit.py: Full audit logging for traceability (user → action → resource)

Test Suite (25 test files)

  • Unit tests for CLI commands (reserve, edit, cancel, availability, connect, show)
  • Service tests for API endpoints and job processor
  • E2E test stubs for real cluster testing (AWS us-west-1)
  • Test fixtures and factories for mocking AWS/K8s

Architecture Documentation

  • progress.md: Comprehensive migration plan with 6 phases
    • Phase 1: Abstraction layer ✅ (this PR)
    • Phase 2: Refactor storage code
    • Phase 3: K8s-native storage (PVC/VolumeSnapshot)
    • Phase 4: GCP provider
    • Phase 5: OIDC authentication
    • Phase 6: DNS/LB abstraction

Files Changed

  • 37 new files
  • 10,734 lines added

Test plan

  • Run unit tests: pytest tests/unit/ -v
  • Review provider interfaces match existing boto3 usage
  • Review OIDC module for security best practices
  • Verify test coverage of USER_GUIDE use cases

Next Steps

After merge:

  1. Run tests against dev branch to find gaps (Task 3)
  2. Implement remaining phases per progress.md (Task 4)

🤖 Generated with Claude Code

wdvr and others added 6 commits February 4, 2026 13:43
@wdvr @claude
feat: add cloud abstraction layer, OIDC auth, and comprehensive tests
44187e0 
## Cloud Provider Abstraction (Phase 1)
- Add `providers/` module with pluggable interface for AWS/GCP/custom
- `providers/base.py`: Abstract CloudProvider, AuthProvider, RegistryProvider
- `providers/aws.py`: Full AWS implementation wrapping boto3
- `providers/gcp.py`: GCP stub with NotImplementedError placeholders
- `providers/custom.py`: Documented template for custom providers

## OIDC Authentication Module
- `shared/auth/oidc.py`: JWT verification with multi-issuer support
- `shared/auth/api_keys.py`: API key creation and validation
- `shared/auth/audit.py`: Audit logging for traceability

## Test Suite
- 25 test files covering CLI, services, and E2E flows
- Unit tests for reserve, edit, cancel, availability, connect commands
- Service tests for API endpoints and job processor
- E2E test stubs for AWS us-west-1 test cluster

## Architecture Documentation
- `progress.md`: Migration plan with 6 phases
- Identifies all AWS-specific dependencies
- Defines provider interface for storage, snapshots, auth

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@wdvr @claude
feat: add OIDC auth database migration
5fa075f 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@wdvr @claude
feat: add comprehensive service unit tests
19ec108 
- test_api_endpoints.py: FastAPI endpoint tests (auth, jobs, availability)
- test_job_processor.py: PGMQ polling and job management tests
- test_disk_reconciler.py: Volume discovery, orphan detection, cross-AZ migration
- conftest.py: Mock fixtures for PostgreSQL, K8s, AWS

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@wdvr @claude
docs: improve provider abstraction documentation
38dc74b 
- Enhanced docstrings with usage examples
- Added LVM/Ceph/iSCSI integration patterns for custom providers
- Added LDAP/OIDC/SAML auth examples

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@wdvr @claude
fix: remove queue_name test - dev branch uses PGMQ not SQS
b67daf1 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@wdvr @claude
fix: improve test assertions and flexibility
b25c479 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wdvr