Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Do not assume admin privileges on keystone #123

Closed
wants to merge 2 commits into from
Closed

Do not assume admin privileges on keystone #123

wants to merge 2 commits into from

Conversation

enolfc
Copy link

@enolfc enolfc commented Jul 28, 2023
edited
Loading

Description

Avoid issues when running cASO with a low privileges account that cannot
list all projects and scope the tokens to the projects that are to be
accounted. This allows to run cASO and generate records for non-admin
users.

Fixes #124

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide
instructions so we can reproduce. Please also list any relevant details for
your test configuration

  • Test caso-extract using v3oidcaccesstoken authentication with an EGI Check-in access token in 2 projects at IFCA-LCG2. Configuration: 
    [DEFAULT]
spooldir = var/spool/caso
site_name = IFCA-LCG2
projects = 999f045cb1ff4684a15ebb338af69460, 5eb8959a799240a98f4f303f5fbd80be
[accelerator]
[benchmark]
[keystone_auth]
auth_type = v3oidcaccesstoken
auth_url = https://api.cloud.ifca.es:5000/v3
project_id = 999f045cb1ff4684a15ebb338af69460
identity_provider = egi.eu
protocol = openid
access_token = XXX-redacted
[logstash]
[sample_remote_file_source]
[ssm]

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

@enolfc
Copy link
Author

enolfc commented Jul 28, 2023

Tests seems broken but not due to this code :(

@enolfc enolfc marked this pull request as ready for review July 28, 2023 11:14
@enolfc
Do not assume admin privileges on keystone
1838e91 
Avoid issues when running cASO with a low privileges account that cannot
list all projects and scope the tokens to the projects that are to be
accounted. This allows to run cASO and generate records for non-admin
users.
@enolfc
Fix pydantic tests
d1f008a
@alvarolopez
Copy link
Member

@enolfc this is due to the Pydantic version, can you rebase on top of https://github.com/IFCA-Advanced-Computing/caso/tree/pydantic2 ?

@alvarolopez alvarolopez self-assigned this Sep 28, 2023
@alvarolopez alvarolopez self-requested a review September 28, 2023 16:06
@alvarolopez alvarolopez changed the base branch from master to fix_rtd_build September 28, 2023 16:33
@alvarolopez alvarolopez deleted the branch IFCA-Advanced-Computing:fix_rtd_build September 28, 2023 16:42
@alvarolopez alvarolopez mentioned this pull request Sep 28, 2023
Closed
9 tasks
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@alvarolopez alvarolopez alvarolopez approved these changes

Assignees

@alvarolopez alvarolopez

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

cASO 4.x cannot be run by non-admins
2 participants
@enolfc @alvarolopez