Commit 439f2613 authored by Joao Pedro Lopes's avatar Joao Pedro Lopes
Browse files

FTS-1731: Finalize migration of FTS-REST v3.10.0

The following commits have been migrated with this contribution:

  - fts-rest@c9222934
  - fts-rest@738d4040
  - fts-rest@20beb590
  - fts-rest@0be2ec1e
parent d613143e
Pipeline #3096548 passed with stages
in 19 minutes and 38 seconds
......@@ -46,7 +46,7 @@ def validate_type(Type, key, value):
"""
Validate that value is of a suitable type of the attribute key of the type Type
"""
column = Type.__table__.columns.get(key, None)
column = Type.__mapper__.columns.get(key, None)
if column is None:
raise BadRequest("Field %s unknown" % key)
......
......@@ -20,7 +20,7 @@ from flask import request, Response
from werkzeug.exceptions import BadRequest, NotFound
from fts3rest.model import *
from fts3rest.controllers.config import audit_configuration
from fts3rest.controllers.config import audit_configuration, validate_type
from fts3rest.lib.helpers.accept import accept
from fts3rest.lib.helpers.jsonify import jsonify
from fts3rest.lib.helpers.misc import get_input_as_dict
......@@ -83,6 +83,7 @@ def set_link_config():
)
for key, value in input_dict.items():
value = validate_type(LinkConfig, key, value)
setattr(link_cfg, key, value)
audit_configuration("link", json.dumps(input_dict))
......
......@@ -272,18 +272,16 @@ class FTS3OAuth2ResourceProvider(ResourceProvider):
return Session.query(Credential).filter(Credential.dlg_id == dlg_id).first()
def _generate_voms_attrs(self, credential):
if "email" in credential:
if "username" in credential:
# 'username' is never there whether offline or online
return credential["email"] + " " + credential["username"]
else:
# 'user_id' is there only online
return credential["email"] + " " + credential["user_id"]
else:
if "username" in credential:
return credential["username"] + " "
else:
return credential["user_id"] + " "
attrs = [
credential.get("email"),
credential.get("username")
or credential.get("user_id")
or credential.get("client_id"),
]
voms_attrs = " ".join(filter(None, attrs))
log.debug("voms_attrs::: {}".format(voms_attrs))
return voms_attrs
def _validate_token_offline(self, access_token):
"""
......
......@@ -33,17 +33,21 @@ class OIDCmanager:
def _configure_clients(self, providers_config):
# log.debug('provider_info::: {}'.format(client.provider_info))
for provider in providers_config:
client = Client(client_authn_method=CLIENT_AUTHN_METHOD)
# Retrieve well-known configuration
client.provider_config(provider)
# Register
client_reg = RegistrationResponse(
client_id=providers_config[provider]["client_id"],
client_secret=providers_config[provider]["client_secret"],
)
client.store_registration_info(client_reg)
issuer = client.provider_info["issuer"]
self.clients[issuer] = client
try:
client = Client(client_authn_method=CLIENT_AUTHN_METHOD)
# Retrieve well-known configuration
client.provider_config(provider)
# Register
client_reg = RegistrationResponse(
client_id=providers_config[provider]["client_id"],
client_secret=providers_config[provider]["client_secret"],
)
client.store_registration_info(client_reg)
issuer = client.provider_info["issuer"]
self.clients[issuer] = client
except Exception as ex:
log.warning("Exception registering provider: {}".format(provider))
log.warning(ex)
def _retrieve_clients_keys(self):
for provider in self.clients:
......@@ -122,11 +126,10 @@ class OIDCmanager:
method="POST",
authn_method="client_secret_basic",
)
log.debug("after do any")
response = response.json()
log.debug("response: {}".format(response))
refresh_token = response["refresh_token"]
log.debug("REFRESH TOKEN IS {}".format(refresh_token))
log.debug("refresh_token_response::: {}".format(refresh_token))
except Exception as ex:
log.warning("Exception raised when requesting refresh token")
log.warning(ex)
......
......@@ -8,20 +8,22 @@
However, the way of configuring differs.
</p>
<h4>S3</h4>
<p>
Can only be configured from this tab. For being able to configure an S3 endpoint, you need to:
</p>
<dl>
<dt>Register the S3 storage</dt>
<dd>The name should have the form S3:hostname (i.e. S3:s3.example.com). App key and secret are not used.</dd>
<dt>Grant access to a set of VO roles and/or users</dt>
<dd>Empty user with a value in VO roles grant access to all members from that VO.
Access token = access key, access secret = secret key. Leave request fields empty.
</dd>
</dl>
<h4>Configuring S3 endpoint</h4>
<ol>
<li>Register the S3 storage</li>
<ul>
<li>The name should have the form S3:hostname (i.e. S3:s3.example.com)</li>
<li>Access token = &lt;access key&gt;, access secret = &lt;secret key&gt;</li>
<li>Leave request fields empty. App key and secret are not used</li>
</ul>
<li>Grant access to a set of VO roles and/or users</li>
<ul>
<li>Empty user with a value in VO roles grant access to all members from that VO</li>
</ul>
</ol>
<h4>Dropbox</h4>
<h4>Configuring Dropbox</h4>
<p>
Dropbox is normally not supposed to be used without user interaction. For supporting Dropbox (for instance,
for an FTS3 that run WebFTS as well), you will need first to register a new application at
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment