philloooo / github-tests Goto Github PK
View Code? Open in Web Editor NEWjust for testing various github features/bugs
License: Apache License 2.0
just for testing various github features/bugs
License: Apache License 2.0
local_settings is not installed as a module under fence in prod
AS an Actor I want to do this so that this business value is acheieved
error
and error_description
)NOTE:
resolves fencePXD-28
Hi,
I'm trying to set up Fence to use with my project, and I'm having trouble understanding some of the process. The installation instructions simply tell you to fill out local_settings.py
. Some of them are obvious e.g. database credentials, google oauth, but others are not, for example:
STORAGE_CREDENTIALS = {
"cleversafe-server-a": {
'backend': 'cleversafe',
'aws_access_key_id': '',
'aws_secret_access_key': '',
'host': 'somemanager.osdc.io',
'public_host': 'someobjstore.datacommons.io',
'port': 443,
'is_secure': True,
'username': 'someone',
'password': 'somepass',
"calling_format": OrdinaryCallingFormat(),
"is_mocked": True
}
}
I'm not sure what a "cleversafe-server" is, or how I would go about setting one up if it is required. I would appreciate any help you can render in settings this up.
Allow redirect query param on data download endpoint
Resolves PXD-112.
Hard-code attempt to load /var/www/local_settings.py
if the module was not found in the first attempts. This way the script in the kubernetes pod is always able to locate the settings (since the file is mounted to that location by the deployment settings).
Creating of Google Buckets for STaging. Alex - Please feel free to delete this if its duplicate.
Resolves PXD-66.
Notable changes:
get_current_user()
usage; instead, uses current_user
proxy which will do at most 1 lookup for user per request and store the user info from the database as a dictionaryrequire_auth
(instead of login_required
) and use the current_token
proxy where possible to get necessary information from the token instead of databaseMOCK_AUTH
to be an entire fake token instead of a boolean, to support "stateless" mocked authChanges left:
To resolve PXD-165.
AS an Actor I want to do this so that this business value is acheieved
no role hierachy, just allow CRUD roles and attach/detach roles to users
we need to support generating presigned url for buckets that's owned by another aws account. This third-party aws account will create a role that has read access to data, and allow our aws account to assume the role.
test description
/.well-known/jwks
endpoint was returning n
and e
as base64url-encoded, not base64urlUInt-encoded. This changes Keypair
to use python-jose
for creating the required fields in the JWK response, which fixes the problem.
Changes:
OAuth2TestClient
class to consolidate auth asserts (notably the POST -> 200
, GET -> 302
for authorization endpoint) and and redid tests using thisprompt=login
will now clear cookies and redirect to the authorization endpoint again to redo authentication.test_prompt_login_no_authn
; now redundant since prompt=login
redirects to authorization endpoint so the normal tests for auth cover this.Add all TTL settings into local_setting
r [~rudyardrichter] @philloooo
WIP
feature request from SBG:
Regarding the dbGap data we need `email, dbGap userId, first name, last name, phone, role
These fields are included in dbgap csvs from their ftp site but we aren't parsing them before
Alex to create more issues, if required based on ISB Phased implementation doc.
NOTE: this contains changes from uc-cdis/fence#158 as well, hoping that gets merged first
…d endpoint, change POST to GET
AS an Actor I want to do this so that this business value is acheieved
acl
field AND when acl is in metadata["acls"]
fieldDetails on implementation can be found here: https://docs.google.com/presentation/d/1lZjKcKqxsjXAceOzM-vj0rPs2dm3fT4V2EaApXjMb_M/edit?usp=sharing
Details on expiration times for various resources in fence here:
https://docs.google.com/spreadsheets/d/1fyOos1WFjddjPVVBA-i6wrCmUjAB4NipaKq4Re9rgCY/edit?usp=sharing
Depends on uc-cdis/cirrus#11
https://github.com/lepture/authlib/releases
Now supports OIDC server, some breaking change in 0.6 (follow guides/info to update our code)
coupled with
uc-cdis/indexd#109
The Form submission that happens when a user clicks 'yes' to confirm to grant the oauth2 client access to their resources, send csrftoken via form data.
Right now our reverse proxy only does csrf verification check by making sure the csrftoken in headers matches what's in cookie. so it doesn't look for the csrftoken in the body.
We wouldn't want the reverse proxy to look into the request body because it then needs to cache the whole body in memory or disk(body can be huge).
And you can't modify the header for submiting form, unless you make POST via ajax call.
Making ajax call doesn't trigger browser reload, but browser also doesn't follow redirect to another domain via ajax call. So our oauth2 flow breaks here(fail to redirect to client with a code)
one way to fix:
make /oauth2/authorize endpoint for POST confirm return 200 instead of 302, and have the location in the body instead of header. Then browser javascript handles redirect
Newest version, breaking changes: https://github.com/OAI/OpenAPI-Specification
A converter that may be useful to check out:
https://github.com/Mermade/swagger2openapi
Blog post about differences
https://dev.to/mikeralphson/comparing-openapiswagger-20-and-300-rc1
pyca/bcrypt#105
happens in current master fence
but works if I uninstall and install the same version of bcrypt==3.1.4
it's hardcoded to key-01 now
we should generate random kid like: gen3-<randomid>
during the fence setup process in cloud-automation and use that in fence
bump for uc-cdis/userdatamodel#36
resolve PXD-146
For uc-cdis/authutilsPXD-4.
Use the authutils text fixtures from uc-cdis/authutilsPXD-8 (instead of loading keys from files), so the tests/resources/keys
files are no longer necessary for testing.
Depends on uc-cdis/authutilsPXD-16.
Needs to use InCommons, which uses eduGAIN (eduGAIN for GenoMEL)
Allow login Shibboleth endpoint to pass an alternative IdP URL as a URL parameter
Create a new endpoint that returns shibboleth endpoint (would be BASE_URL + "Shibboleth.sso/DiscoFeed")
/link/google
/link/google
/google/service_accounts
and /google/service_account/{id
}P.S. I've been using https://editor.swagger.io/ to visualize
Resolves PXD-178
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.