- added authentication to Openstack Keystone for Swift. There are two ways for setting credentials (OS tokens) for Swift:
- Manually set OS tokens through CLI
- FTS fetch OS tokens from the Keystone server using OIDC access tokens
- added command-line options
--os-project-id(MANDATORY) for submitting Swift transfers.
fts_swift_token_refresh_daemonfor refreshing OS tokens.
CSSwift.pyfor handling possible requests from WebFTS, e.g., list contents and set OS tokens for Swift.
- added column
- added column
- new table
t_cloudCredentialCachehas no DB relation with
t_cloudStorageUser, extra checks on the user are performed before setting cloud credentials. Although logically there should be a one-to-many relationship between
t_cloudCredentialCache, it doesn't make sense to me to add
t_cloudCredentialCacheto form a composite foreign key with
vohas no use for the table.
- Any cloud storage user would be able to indirectly alter
t_cloudCredentialCachebecause this is linked to transfers. However, this exposes risks that users might add an arbitrary number of rows in the table, so I added an extra check before adding/setting the row to see if the added credentials are valid.
- Please add the required python packages (keystoneauth1 and python-keystoneclient) to the docker image so that the pipeline can work.
- At the time being, you can submit Swift transfer with:
fts-rest-transfer-submit -s https://<fts> --access-token $tok swifts://<source> swifts://<dest> --os-project-id "<source_project_id>:<dest_project_id>" --os-token "<project_id>:<corresponding_os_token>"
After we have FENIX AAI properly set up, you can submit the transfer without specifying