Backport changes to jazzy#1088
Open
aaronchongth wants to merge 13 commits into
Open
Conversation
* Remove activity discovery endpoint Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * Update api-client Signed-off-by: Aaron Chong <aaronchongth@gmail.com> --------- Signed-off-by: Aaron Chong <aaronchongth@gmail.com> (cherry picked from commit 21b7a63) Signed-off-by: Aaron Chong <aaronchongth@gmail.com>
Signed-off-by: Xiyu Oh <xiyuoh@intrinsic.ai> (cherry picked from commit a3cf2d4) Signed-off-by: Aaron Chong <aaronchongth@gmail.com>
Signed-off-by: Aaron Chong <aaronchongth@gmail.com> (cherry picked from commit 88916c7) Signed-off-by: Aaron Chong <aaronchongth@gmail.com>
…hs too (#1072) * refactor to create scene bounding box taking into account of nav graphs too Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * Push alert when a scene bounding box is invalid Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * fallback to a generic scale, and changing to better worded warning Signed-off-by: Aaron Chong <aaronchongth@gmail.com> --------- Signed-off-by: Aaron Chong <aaronchongth@gmail.com> (cherry picked from commit f33e755) Signed-off-by: Aaron Chong <aaronchongth@gmail.com>
Signed-off-by: Aaron Chong <aaronchongth@gmail.com> (cherry picked from commit bf339a3) Signed-off-by: Aaron Chong <aaronchongth@gmail.com>
* fix Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * trigger api-server run Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * remove build step to test Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * revert Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * remove if-present Signed-off-by: Aaron Chong <aaronchongth@gmail.com> --------- Signed-off-by: Aaron Chong <aaronchongth@gmail.com> (cherry picked from commit 776c3fb) Signed-off-by: Aaron Chong <aaronchongth@gmail.com>
* test with parsing string logic Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * remove build step to test Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * run when action changes Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * run with basic checkout Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * revert action step, fix test_tasks Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * Run tests on checked out commits only, switch matrix to nightly Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * api-client Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * checkout to default branch if distro is rolling Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * checkout to temp fix branch for non-rolling distro Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * ros-translator Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * use pushd popd Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * check path Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * use out directly without path Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * add dev deps and lint Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * use workspace Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * revert devdeps, add build command before lint and test Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * revert changes in nightly Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * test against jazzy Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * revert test Signed-off-by: Aaron Chong <aaronchongth@gmail.com> --------- Signed-off-by: Aaron Chong <aaronchongth@gmail.com> (cherry picked from commit ad9f32b) Signed-off-by: Aaron Chong <aaronchongth@gmail.com>
* use generated pydantic model, fix function calls Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * test lines Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * revert test lines Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * update workflow for build Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * use skip-build instead Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * revert workflow fix Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * fix usage of build flag Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * properly evaluate boolean Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * use string for input Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * lint Signed-off-by: Aaron Chong <aaronchongth@gmail.com> --------- Signed-off-by: Aaron Chong <aaronchongth@gmail.com> (cherry picked from commit 8d0c68a) Signed-off-by: Aaron Chong <aaronchongth@gmail.com>
Signed-off-by: Aaron Chong <aaronchongth@gmail.com> (cherry picked from commit c048f18) Signed-off-by: Aaron Chong <aaronchongth@gmail.com>
* cleared vulnerability audit, local dev working, built dashboard not working Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * bump vite down to 7 for mui compatibility Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * fixed linting workflow, and had to fix all the linting errors Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * fix tests for ros-translator Signed-off-by: Aaron Chong <aaronchongth@gmail.com> * fix custom tab Signed-off-by: Aaron Chong <aaronchongth@gmail.com> --------- Signed-off-by: Aaron Chong <aaronchongth@gmail.com> (cherry picked from commit 4ceb7d9) Signed-off-by: Aaron Chong <aaronchongth@gmail.com>
…#1084) * feat(api-server): accept namespaced preferred_username claim fallback The current authenticator requires a non-namespaced `preferred_username` claim in access tokens. This is impossible to inject on access tokens issued via the OAuth 2.0 `client_credentials` (M2M) flow on several RFC 9068-conformant identity providers — Auth0, Okta, and AWS Cognito all silently filter non-namespaced standard OIDC claims from access tokens, in line with RFC 9068 §2.2's "namespaced naming scheme" guidance for private claims [1]. Add an optional `preferred_username_claim_namespace` config field. When set, the authenticator falls back to looking up `f"{namespace}preferred_username"` if the bare `preferred_username` claim is absent. The bare claim remains the first preference, so this change is fully backwards compatible — existing deployments require no configuration changes. [1] https://www.rfc-editor.org/rfc/rfc9068.html#section-2.2 Generated-by: Anthropic Claude Code (Claude Opus 4.7) Signed-off-by: 刁忍 <ren.diao@quikbot.ai> * docs: tighten RFC citations + narrow verified-provider claim Reviewer feedback (#1084) flagged that the original README + docstrings: 1. Cited the wrong RFC 9068 section number (§2.2 instead of §2.2.2) and quoted text that does not appear verbatim in the RFC. 2. Asserted that Auth0, Okta, and AWS Cognito all apply the same filtering policy on M2M access tokens, without first-party documentation backing the Okta + Cognito claims. This patch corrects both: - Cites RFC 9068 §2.2.2 (Identity Claims) for the "collision resistant" requirement on JWT-access-token attribute names, plus RFC 7519 §4.2 (Public Claim Names) for the underlying definition. - Narrows the verified-provider claim to Auth0 (the only provider with publicly documented filtering policy on access tokens with a custom API audience). Other providers with comparable policies may also benefit but are no longer named as verified cases. - Keeps the link to Auth0's "Create Namespaced Custom Claims" documentation as the concrete reference operators can consult. No behavior change; comments and docstrings only. Generated-by: Anthropic Claude Code (Claude Opus 4.7) Signed-off-by: 刁忍 <ren.diao@quikbot.ai> * test(authenticator): exercise verify_token instead of protected _get_user Reviewer feedback (#1084): the original test suite called the protected `_get_user(claims)` helper directly. Tests should go through the public `verify_token(token)` surface so they exercise the real auth path including JWT decode + `aud` / `iss` validation, not just the post-decode claim-lookup helper. This commit: - Replaces the direct `_get_user(...)` calls with `verify_token(token)` calls. Tests now encode an HS256 token with the test secret using `jwt.encode`, then pass the token string through `verify_token`, matching how FastAPI invokes the authenticator at runtime. - Renames the test class to `TestVerifyToken` to reflect the surface under test. - Adds a small `_make_token(extra_claims)` helper that injects the standard `aud` + `iss` claims (so individual tests only declare what they care about — `preferred_username`, namespaced variant, etc.). All five scenarios remain covered: bare claim accepted; missing claim raises; namespaced fallback used when configured; namespaced claim ignored when not configured; bare claim takes precedence over namespaced when both are present. No production code change. Generated-by: Anthropic Claude Code (Claude Opus 4.7) Signed-off-by: 刁忍 <ren.diao@quikbot.ai> --------- Signed-off-by: 刁忍 <ren.diao@quikbot.ai> (cherry picked from commit 4104c0f) Signed-off-by: Aaron Chong <aaronchongth@gmail.com>
aaronchongth
force-pushed
the
update-jazzy
branch
from
695d390 to
c2f794a
Compare
Signed-off-by: Aaron Chong <aaronchongth@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport
Backporting a series of PRs back to jazzy that resolves CI issues and vulnerabilities.
Then the
jazzybranch can be used for matrix strategy CI from #1087 onwards.The failure is in the uploading to codecov, which can be ignored.
GenAI Use
We follow OSRA's policy on GenAI tools
Generated-by: