From c9ef36dab23a9bfd0ea3bd31dd9679029cf6a04d Mon Sep 17 00:00:00 2001 From: jdorsch Date: Mon, 13 Nov 2023 12:05:48 +0100 Subject: [PATCH 1/2] Added version also for tds images --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 921095b3..fc2948ad 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -205,7 +205,7 @@ tag_release: if [ "$is_master" == "true" ]; then if [[ $CI_COMMIT_TAG =~ "dev" ]]; then - env_tags="tds" + env_tags="$CI_COMMIT_TAG tds" code_tag="tds" echo "This is a TDS release" else From a5306c0bad122c6a0b0935cf57fa37ac9f2f2b94 Mon Sep 17 00:00:00 2001 From: jdorsch Date: Mon, 13 Nov 2023 12:06:49 +0100 Subject: [PATCH 2/2] Added check for F7T_AUTH_HEADER_NAME env var in src code --- deploy/demo/common/common.env | 2 +- deploy/k8s/config/templates/cm.common.yaml | 1 + deploy/k8s/values-dev.yaml | 1 + src/certificator/certificator.py | 2 +- src/common/common.env.template | 2 +- src/common/cscs_api_common.py | 2 +- src/compute/compute.py | 2 +- src/reservations/reservations.py | 2 +- src/status/status.py | 2 +- src/storage/storage.py | 2 +- src/tasks/tasks.py | 4 +--- src/utilities/utilities.py | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/deploy/demo/common/common.env b/deploy/demo/common/common.env index 0de4bfd8..8e069430 100644 --- a/deploy/demo/common/common.env +++ b/deploy/demo/common/common.env @@ -3,7 +3,7 @@ # name of header key used to get authentication: # possible values: "Authorization" ("X-Userinfo" was disabled) # Authorization: JWT token as generated by Keycloak: {"Authorization:", "Bearer fjfk..."} -# F7T_AUTH_HEADER_NAME=Authorization +F7T_AUTH_HEADER_NAME=Authorization # If F7T_AUTH_HEADER_NAME = Authorization, it can also check REALM_RSA_PUBLIC_KEY: RSA key from KeyCloak Realm which signs token. # F7T_REALM_RSA_PUBLIC_KEY="MII....QAB" # use 1 line without headers ("-----BEGIN PUBLIC KEY-----", "-----END PUBLIC KEY-----") diff --git a/deploy/k8s/config/templates/cm.common.yaml b/deploy/k8s/config/templates/cm.common.yaml index bc624dff..3642a284 100644 --- a/deploy/k8s/config/templates/cm.common.yaml +++ b/deploy/k8s/config/templates/cm.common.yaml @@ -1,6 +1,7 @@ apiVersion: v1 data: F7T_DEBUG_MODE: "{{ .Values.global.F7T_DEBUG_MODE }}" + F7T_AUTH_HEADER_NAME: "{{ .Values.F7T_AUTH_HEADER_NAME }}" F7T_AUTH_REQUIRED_SCOPE: "{{ .Values.F7T_AUTH_REQUIRED_SCOPE }}" F7T_AUTH_ROLE: "{{ .Values.F7T_AUTH_ROLE }}" F7T_AUTH_TOKEN_AUD: "{{ .Values.F7T_AUTH_TOKEN_AUD }}" diff --git a/deploy/k8s/values-dev.yaml b/deploy/k8s/values-dev.yaml index 363d902d..d3da1984 100644 --- a/deploy/k8s/values-dev.yaml +++ b/deploy/k8s/values-dev.yaml @@ -7,6 +7,7 @@ F7T_POLICY_PATH: v1/data/f7t/authz F7T_CA_KEY_PATH: /ca-key F7T_PUB_USER_KEY_PATH: /user-key.pub # common +F7T_AUTH_HEADER_NAME: Authorization F7T_AUTH_REQUIRED_SCOPE: firecrest F7T_AUTH_ROLE: firecrest-sa F7T_AUTH_TOKEN_AUD: "" diff --git a/src/certificator/certificator.py b/src/certificator/certificator.py index ae9a2534..15dda85b 100644 --- a/src/certificator/certificator.py +++ b/src/certificator/certificator.py @@ -29,7 +29,7 @@ def get_boolean_var(var): # 1 return var.upper() == "TRUE" or var.upper() == "YES" or var == "1" -AUTH_HEADER_NAME = 'Authorization' +AUTH_HEADER_NAME = os.environ.get("F7T_AUTH_HEADER_NAME","Authorization") AUTH_AUDIENCE = os.environ.get("F7T_AUTH_TOKEN_AUD", '').strip('\'"') ALLOWED_USERS = os.environ.get("F7T_AUTH_ALLOWED_USERS", '').strip('\'"').split(";") diff --git a/src/common/common.env.template b/src/common/common.env.template index 8575d5e9..ca2ffa50 100644 --- a/src/common/common.env.template +++ b/src/common/common.env.template @@ -3,7 +3,7 @@ # name of header key used to get authentication: # possible values: "Authorization" ("X-Userinfo" was disabled) # Authorization: JWT token as generated by Keycloak: {"Authorization:", "Bearer fjfk..."} -# F7T_AUTH_HEADER_NAME=Authorization +F7T_AUTH_HEADER_NAME=Authorization # If F7T_AUTH_HEADER_NAME = Authorization, it can also check REALM_RSA_PUBLIC_KEY: RSA key from KeyCloak Realm which signs token. # F7T_REALM_RSA_PUBLIC_KEY="MII....QAB" # use 1 line without headers ("-----BEGIN PUBLIC KEY-----", "-----END PUBLIC KEY-----") diff --git a/src/common/cscs_api_common.py b/src/common/cscs_api_common.py index 9b2b0917..f0c3c88c 100644 --- a/src/common/cscs_api_common.py +++ b/src/common/cscs_api_common.py @@ -39,7 +39,7 @@ def get_boolean_var(var): DEBUG_MODE = get_boolean_var(os.environ.get("F7T_DEBUG_MODE", False)) -AUTH_HEADER_NAME = 'Authorization' +AUTH_HEADER_NAME = os.environ.get("F7T_AUTH_HEADER_NAME","Authorization") REALM_RSA_PUBLIC_KEYS=os.environ.get("F7T_REALM_RSA_PUBLIC_KEY", '').strip('\'"').split(";") diff --git a/src/compute/compute.py b/src/compute/compute.py index 2cfc307a..9b223162 100644 --- a/src/compute/compute.py +++ b/src/compute/compute.py @@ -26,7 +26,7 @@ from schedulers import Job -AUTH_HEADER_NAME = 'Authorization' +AUTH_HEADER_NAME = os.environ.get("F7T_AUTH_HEADER_NAME","Authorization") CERTIFICATOR_URL= os.environ.get("F7T_CERTIFICATOR_URL") TASKS_URL = os.environ.get("F7T_TASKS_URL") diff --git a/src/reservations/reservations.py b/src/reservations/reservations.py index 8aecd5bf..3ccbda17 100644 --- a/src/reservations/reservations.py +++ b/src/reservations/reservations.py @@ -19,7 +19,7 @@ from jaeger_client import Config import opentracing -AUTH_HEADER_NAME = 'Authorization' +AUTH_HEADER_NAME = os.environ.get("F7T_AUTH_HEADER_NAME","Authorization") RESERVATIONS_PORT = os.environ.get("F7T_RESERVATIONS_PORT", 5050) diff --git a/src/status/status.py b/src/status/status.py index eadddef8..6d9a17f0 100644 --- a/src/status/status.py +++ b/src/status/status.py @@ -20,7 +20,7 @@ import opentracing -AUTH_HEADER_NAME = 'Authorization' +AUTH_HEADER_NAME = os.environ.get("F7T_AUTH_HEADER_NAME","Authorization") SYSTEMS_PUBLIC = os.environ.get("F7T_SYSTEMS_PUBLIC").strip('\'"').split(";") # ; separated for system (related with SYSTEMS_PUBLIC length, and for each filesystem mounted inside each system, separated with ":") diff --git a/src/storage/storage.py b/src/storage/storage.py index 78bbd4d7..e0706421 100644 --- a/src/storage/storage.py +++ b/src/storage/storage.py @@ -39,7 +39,7 @@ STORAGE_PORT = os.environ.get("F7T_STORAGE_PORT", 5000) -AUTH_HEADER_NAME = 'Authorization' +AUTH_HEADER_NAME = os.environ.get("F7T_AUTH_HEADER_NAME","Authorization") # SYSTEMS_PUBLIC: list of allowed systems # remove quotes and split into array diff --git a/src/tasks/tasks.py b/src/tasks/tasks.py index 1fe4c1b6..a814e98f 100644 --- a/src/tasks/tasks.py +++ b/src/tasks/tasks.py @@ -17,9 +17,7 @@ get_boolean_var, setup_logging, validate_input import tasks_persistence as persistence - - -AUTH_HEADER_NAME = 'Authorization' +AUTH_HEADER_NAME = os.environ.get("F7T_AUTH_HEADER_NAME","Authorization") KONG_URL = os.environ.get("F7T_KONG_URL") diff --git a/src/utilities/utilities.py b/src/utilities/utilities.py index 7c8e75c0..5374b684 100644 --- a/src/utilities/utilities.py +++ b/src/utilities/utilities.py @@ -23,7 +23,7 @@ CERTIFICATOR_URL = os.environ.get("F7T_CERTIFICATOR_URL") UTILITIES_PORT = os.environ.get("F7T_UTILITIES_PORT", 5000) -AUTH_HEADER_NAME = 'Authorization' +AUTH_HEADER_NAME = os.environ.get("F7T_AUTH_HEADER_NAME","Authorization") UTILITIES_TIMEOUT = int(os.environ.get("F7T_UTILITIES_TIMEOUT", "5"))