def test_download_service_dev_specs():
t = Tapis(base_url=BASE_URL,
username=USERNAME,
password=PASSWORD,
resource_set="dev")
t.get_tokens()
return t
def client():
base_url = getattr(conf, 'base_url', 'https://dev.develop.tapis.io')
username = getattr(conf, 'username', 'pysdk')
account_type = getattr(conf, 'account_type', 'service')
tenant_id = getattr(conf, 'tenant_id', 'master')
service_password = getattr(conf, 'service_password', None)
t = Tapis(base_url=base_url,
username=username,
account_type=account_type,
tenant_id=tenant_id,
service_password=service_password)
t.get_tokens()
return t
def get_tenants(self):
"""
Retrieve the set of tenants and associated data that this service instance is serving requests for.
:return:
"""
logger.debug("top of get_tenants()")
# if this is the first time we are calling get_tenants, set the service_running_at_primary_site attribute.
if not hasattr(self, "service_running_at_primary_site"):
self.service_running_at_primary_site = False
# the tenants service is a special case, as it must be a) configured to serve all tenants and b) actually
# maintains the list of tenants in its own DB. in this case, we call a special method to use the tenants service
# code that makes direct db access to get necessary data.
if conf.service_name == 'tenants':
self.service_running_at_primary_site = True
return self.get_tenants_for_tenants_api()
else:
logger.debug(
"this is not the tenants service; calling tenants API to get sites and tenants..."
)
# if this case, this is not the tenants service, so we will try to get
# the list of tenants by making API calls to the tenants service.
# NOTE: we intentionally create a new Tapis client with *no authentication* so that we can call the Tenants
# API even _before_ the SK is started up. If we pass a JWT, the Tenants will try to validate it as part of
# handling our request, and this validation will fail if SK is not available.
t = Tapis(
base_url=conf.primary_site_admin_tenant_base_url,
resource_set='local') # TODO -- remove resource_set='local'
try:
tenants = t.tenants.list_tenants()
sites = t.tenants.list_sites()
except Exception as e:
msg = f"Got an exception trying to get the list of sites and tenants. Exception: {e}"
logger.error(msg)
raise errors.BaseTapisError(
"Unable to retrieve sites and tenants from the Tenants API."
)
for t in tenants:
self.extend_tenant(t)
for s in sites:
if hasattr(s, "primary") and s.primary:
self.primary_site = s
if s.site_id == conf.service_site_id:
logger.debug(
f"this service is running at the primary site: {s.site_id}"
)
self.service_running_at_primary_site = True
if s.site_id == t.site_id:
t.site = s
return tenants
def get_service_tapis_client(
tenant_id=None,
base_url=None,
jwt=None,
resource_set='tapipy', #todo -- change back to resource_set='tapipy'
custom_spec_dict=None,
download_latest_specs=False,
tenants=None):
"""
Returns a Tapis client for the service using the service's configuration. If tenant_id is not passed, uses the first
tenant in the service's tenants configuration.
:param tenant_id: (str) The tenant_id associated with the tenant to configure the client with.
:param base_url: (str) The base URL for the tenant to configure the client with.
:return: (tapipy.tapis.Tapis) A Tapipy client object.
"""
# if there is no base_url the primary_site_admin_tenant_base_url configured for the service:
if not base_url:
base_url = conf.primary_site_admin_tenant_base_url
if not tenant_id:
tenant_id = conf.service_tenant_id
if not tenants:
# the following would work to reference this module's tenants object, but we'll choose to raise
# an error instead; it could be that
# tenants = sys.modules[__name__].tenants
raise errors.BaseTapisError(
"As a Tapis service, passing in the appropriate tenants manager object"
"is required.")
t = Tapis(base_url=base_url,
tenant_id=tenant_id,
username=conf.service_name,
account_type='service',
service_password=conf.service_password,
jwt=jwt,
resource_set=resource_set,
custom_spec_dict=custom_spec_dict,
download_latest_specs=download_latest_specs,
tenants=tenants,
is_tapis_service=True)
if not jwt:
t.get_tokens()
return t
def get_service_tapis_client(tenant_id=None, base_url=None, jwt=None):
"""
Returns a Tapis client for the service using the service's configuration. If tenant_id is not passed, uses the first
tenant in the service's tenants configuration.
:param tenant_id: (str) The tenant_id associated with the tenant to configure the client with.
:param base_url: (str) The base URL for the tenant to configure the client with.
:return: (tapipy.tapis.Tapis) A Tapipy client object.
"""
# if there is no tenant_id, use the service_tenant_id and service_tenant_base_url configured for the service:
if not tenant_id:
tenant_id = conf.service_tenant_id
if not base_url:
base_url = conf.service_tenant_base_url
t = Tapis(base_url=base_url,
tenant_id=tenant_id,
username=conf.service_name,
account_type='service',
service_password=conf.service_password,
jwt=jwt)
if not jwt:
t.get_tokens()
return t
def test_refresh_tokens(client):
auth_clients = client.authenticator.list_clients()
if auth_clients:
testing_client = auth_clients[0]
if not auth_clients:
testing_client = client.authenticator.create_client()
k = Tapis(base_url=BASE_URL,
username=USERNAME,
password=PASSWORD,
client_id=testing_client.client_id,
client_key=testing_client.client_key)
# k should not have access or refresh until we run k.get_tokens()
assert hasattr(k, 'access_token')
access_token = k.access_token
assert not hasattr(access_token, 'access_token')
assert not hasattr(access_token, 'expires_at')
assert not hasattr(access_token, 'expires_in')
assert hasattr(k, 'refresh_token')
refresh_token = k.refresh_token
assert not hasattr(refresh_token, 'refresh_token')
assert not hasattr(refresh_token, 'expires_at')
assert not hasattr(refresh_token, 'expires_in')
# We now run get_tokens(). k should now have access and refresh tokens.
k.get_tokens()
assert hasattr(k, 'access_token')
access_token = k.access_token
assert hasattr(access_token, 'access_token')
assert hasattr(access_token, 'expires_at')
assert hasattr(access_token, 'expires_in')
assert hasattr(k, 'refresh_token')
refresh_token = k.refresh_token
assert hasattr(refresh_token, 'refresh_token')
assert hasattr(refresh_token, 'expires_at')
assert hasattr(refresh_token, 'expires_in')
# Now we should be able to run refresh_tokens() with no problems and
# still have access and refresh tokens after the fact.
k.refresh_tokens()
assert hasattr(k, 'access_token')
access_token = k.access_token
assert hasattr(access_token, 'access_token')
assert hasattr(access_token, 'expires_at')
assert hasattr(access_token, 'expires_in')
assert hasattr(k, 'refresh_token')
refresh_token = k.refresh_token
assert hasattr(refresh_token, 'refresh_token')
assert hasattr(refresh_token, 'expires_at')
assert hasattr(refresh_token, 'expires_in')
def test_init_with_only_client_and_refresh_token(client):
auth_clients = client.authenticator.list_clients()
if auth_clients:
testing_client = auth_clients[0]
if not auth_clients:
testing_client = client.authenticator.create_client()
# Need to first get refresh_tokens(using another Tapis client in this case)
t2 = Tapis(base_url=BASE_URL,
username=USERNAME,
password=PASSWORD,
client_id=testing_client.client_id,
client_key=testing_client.client_key)
t2.get_tokens()
# Now only use client + refresh_token
k = Tapis(base_url=BASE_URL,
client_id=testing_client.client_id,
client_key=testing_client.client_key,
refresh_token=t2.refresh_token)
# Test that everything works.
k.get_tokens()
assert hasattr(k, 'access_token')
access_token = k.access_token
assert hasattr(access_token, 'access_token')
assert hasattr(access_token, 'expires_at')
assert hasattr(access_token, 'expires_in')
assert hasattr(k, 'refresh_token')
refresh_token = k.refresh_token
assert hasattr(refresh_token, 'refresh_token')
assert hasattr(refresh_token, 'expires_at')
assert hasattr(refresh_token, 'expires_in')
def get_tenants(self):
"""
Retrieve the set of tenants and associated data that this service instance is serving requests for.
:return:
"""
logger.debug("top of get_tenants()")
# these are the tenant_id strings configured for the service -
tenants_strings = conf.tenants
result = []
# in dev mode, services can be configured to not use the security kernel, in which case we must get
# configuration for a "dev" tenant directly from the service configs:
if not conf.use_tenants:
logger.debug("use_tenants was False")
for tenant in tenants_strings:
t = {
'tenant_id': tenant,
'iss': conf.dev_iss,
'public_key': conf.dev_jwt_public_key,
'token_service': conf.dev_token_service,
'base_url': conf.dev_base_url,
'authenticator': conf.dev_authenticator,
'security_kernel': conf.dev_security_kernel,
'is_owned_by_associate_site':
conf.dev_is_owned_by_associate_site,
'allowable_x_tenant_ids': conf.dev_allowable_x_tenant_ids,
}
self.extend_tenant(t)
result.append(t)
return result
# the tenants service is a special case, as it must be a) configured to serve all tenants and b) actually maintains
# the list of tenants in its own DB. in this case, we return the empty list since the tenants service will use direct
# db access to get necessary data.
elif conf.service_name == 'tenants' and tenants_strings[0] == '*':
logger.debug(
"this is the tenants service, pulling tenants from db...")
# NOTE: only in the case of the tenants service will we be able to import this function; so this import needs to
# stay guarded by the above IF statement.
from service.models import get_tenants as tenants_api_get_tenants
# in the case where the tenants api migrations are running, this call will fail with a sqlalchemy.exc.ProgrammingError
# because the tenants table will not exist yet.
logger.info("calling the tenants api's get_tenants() function...")
try:
result = tenants_api_get_tenants()
logger.info(f"Got {result} from the tenants API")
return result
except Exception as e:
logger.info(
"WARNING - got an exception trying to compute the tenants.. this better be the tenants migration container."
)
return result
else:
logger.debug(
"this is not the tenants service; calling tenants API to get tenants..."
)
# if we are here, this is not the tenants service and it is configured to use the tenants API, so we will try to get
# the list of tenants directly from the tenants service.
# NOTE: we intentionally create a new Tapis client with *no authentication* so that we can call the Tenants
# API even _before_ the SK is started up. If we pass a JWT, Tenants will try to
t = Tapis(base_url=conf.service_tenant_base_url)
try:
tenant_list = t.tenants.list_tenants()
except Exception as e:
msg = f"Got an exception trying to get the list of tenants. Exception: {e}"
print(msg)
logger.error(msg)
raise errors.BaseTapisError(
"Unable to retrieve tenants from the Tenants API.")
if not type(tenant_list) == list:
logger.error(
f"Did not get a list object from list_tenants(); got: {tenant_list}"
)
for tn in tenant_list:
t = {
'tenant_id': tn.tenant_id,
'iss': tn.token_service,
'public_key': tn.public_key,
'token_service': tn.token_service,
'base_url': tn.base_url,
'authenticator': tn.authenticator,
'security_kernel': tn.security_kernel,
'is_owned_by_associate_site':
tn.is_owned_by_associate_site,
'allowable_x_tenant_ids': tn.allowable_x_tenant_ids,
}
self.extend_tenant(t)
logger.debug(f"adding tenant: {t}")
result.append(t)
return result
def create_streams_service_token():
t = Tapis(base_url=os.environ['TAPIS_BASEURL'], username=os.environ['STREAMS_USER'], account_type='service',
service_password=os.environ['STREAMS_SERVICE_PASSWORD'], tenant_id='master')
t.get_tokens()
def create_meta_service_token():
t = Tapis(base_url=os.environ['TAPIS_BASEURL'], username='******', account_type='service',
service_password=os.environ['META_SERVICE_PASSWORD'], tenant_id='master')
t.get_tokens()
import pandas as pd
from agavepy.actors import get_context, get_client, send_bytes_result
from tapipy.tapis import Tapis
# defaults for the username, password, and base_url ----
username = os.environ.get('username', 'testuser2')
password = os.environ.get('password', 'testuser2')
base_url = os.environ.get('base_url', 'https://dev.tapis.io')
# location to write output file -
out = '/home/tapis/output.png'
# create Tapis client and get tokens --
try:
t = Tapis(base_url=base_url, username=username, password=password)
t.get_tokens()
except Exception as e:
print(f"got exception trying to generate tapis client; e: {e}")
raise e
def get_datetime_range(time):
"""
Generate start and end datetime from the time of the alert.
"""
print(f"top of get_datetime_range; time: {time}")
try:
end_datetime = dateutil.parser.isoparse(time)
except Exception as e:
print(
def client():
t = Tapis(base_url=BASE_URL, username=USERNAME, password=PASSWORD)
t.get_tokens()
return t