if "TOPOLOGY_CONFIG" in os.environ: app.config.from_envvar("TOPOLOGY_CONFIG", silent=False) if "LOGLEVEL" in app.config: app.logger.setLevel(app.config["LOGLEVEL"]) global_data = GlobalData(app.config) src_dir = os.path.abspath(os.path.dirname(__file__)) (_required_repo_owner, _required_repo_name ) = global_data.webhook_data_repo.split(':')[-1].split('/')[-2:] _required_base_ref = global_data.webhook_data_branch _required_base_label = "%s:%s" % (_required_repo_owner, _required_base_ref) webhook_secret = readfile(global_data.webhook_secret_key, app.logger) if not webhook_secret: app.logger.warning("Note, no WEBHOOK_SECRET_KEY configured; " "GitHub payloads will not be validated.") gh_api_user = global_data.webhook_gh_api_user gh_api_token = readfile(global_data.webhook_gh_api_token, app.logger).decode() if gh_api_user and gh_api_token: ghauth = GitHubAuth(gh_api_user, gh_api_token, app.logger) ghrepo = ghauth.target_repo(_required_repo_owner, _required_repo_name) publish_pr_review = ghrepo.publish_pr_review publish_issue_comment = ghrepo.publish_issue_comment hit_merge_button = ghrepo.hit_merge_button else: publish_pr_review = \ publish_issue_comment = \
def generate_cache_authfile(global_data: GlobalData, fqdn=None, legacy=True, suppress_errors=True) -> str: """ Generate the Xrootd authfile needed by a StashCache cache server. """ authfile = "" id_to_dir = defaultdict(set) resource = None if fqdn: resource_groups = global_data.get_topology().get_resource_group_list() resource = _get_cache_resource(fqdn, resource_groups, suppress_errors) if not resource: return "" vo_data = global_data.get_vos_data() for vo_name, vo_details in vo_data.vos.items(): stashcache_data = vo_details.get('DataFederations', {}).get('StashCache') if not stashcache_data: continue namespaces = stashcache_data.get("Namespaces") if not namespaces: if suppress_errors: continue else: raise DataError("VO {} in StashCache does not provide a Namespaces list.".format(vo_name)) needs_authz = False for namespace, authz_list in namespaces.items(): if not authz_list: if suppress_errors: continue else: raise DataError("Namespace {} (VO {}) does not provide any authorizations.".format(namespace, vo_name)) if authz_list != ["PUBLIC"]: needs_authz = True break if not needs_authz: continue if resource and not _cache_is_allowed(resource, vo_name, stashcache_data, False, suppress_errors): continue for namespace, authz_list in namespaces.items(): for authz in authz_list: if not isinstance(authz, str): continue if authz.startswith("FQAN:"): id_to_dir["g {}".format(authz[5:])].add(namespace) elif authz.startswith("DN:"): hash = _generate_dn_hash(authz[3:]) id_to_dir["u {}".format(hash)].add(namespace) if legacy: ldappass = readfile(global_data.ligo_ldap_passfile, log) for dn in _generate_ligo_dns(global_data.ligo_ldap_url, global_data.ligo_ldap_user, ldappass): hash = _generate_dn_hash(dn) id_to_dir["u {}".format(hash)].add("/user/ligo") for id, dir_list in id_to_dir.items(): if dir_list: authfile += "{} {}\n".format(id, " ".join([i + " rl" for i in sorted(dir_list)])) return authfile
else: print("ignoring AUTH option when FLASK_ENV != development", file=sys.stderr) if not app.config.get("SECRET_KEY"): app.config["SECRET_KEY"] = "this is not very secret" ### Replace previous with this when we want to add CSRF protection # if app.debug: # app.config["SECRET_KEY"] = "this is not very secret" # else: # raise Exception("SECRET_KEY required when FLASK_ENV != development") if "LOGLEVEL" in app.config: app.logger.setLevel(app.config["LOGLEVEL"]) global_data = GlobalData(app.config, strict=app.config.get("STRICT", app.debug)) cilogon_pass = readfile(global_data.cilogon_ldap_passfile, app.logger) if not cilogon_pass: app.logger.warning("Note, no CILOGON_LDAP_PASSFILE configured; " "OASIS Manager ssh key lookups will be unavailable.") def _fix_unicode(text): """Convert a partial unicode string to full unicode""" return text.encode('utf-8', 'surrogateescape').decode('utf-8') @app.route('/') def homepage(): return render_template('homepage.html.j2') @app.route('/map/iframe')
def get_cilogon_ldap_id_map(self): url = self.cilogon_ldap_url user = self.cilogon_ldap_user ldappass = readfile(self.cilogon_ldap_passfile, log) return cilogon_ldap.get_cilogon_ldap_id_map(url, user, ldappass)