def get_fx_client(headers):
tokens = headers
fx_auth = AccessTokenAuthorizer(tokens['Authorization'].replace(
'Bearer ', ''))
search_auth = AccessTokenAuthorizer(tokens['Search'])
openid_auth = AccessTokenAuthorizer(tokens['Openid'])
fxc = FuncXClient(fx_authorizer=fx_auth,
search_authorizer=search_auth,
openid_authorizer=openid_auth)
return fxc
def funcx_test_config(pytestconfig, funcx_test_config_name):
# start with basic config load
config = _CONFIGS[funcx_test_config_name]
# if `--endpoint` was passed or `endpoint_uuid` is present in config,
# handle those cases
endpoint = pytestconfig.getoption("--endpoint")
if endpoint:
config["endpoint_uuid"] = endpoint
elif config["endpoint_uuid"] is None:
config["endpoint_uuid"] = _get_local_endpoint_id()
if not config["endpoint_uuid"]:
# If there's no endpoint_uuid available, the smoke tests won't work
raise Exception("No target endpoint_uuid available to test against")
# set URIs if passed
client_args = config["client_args"]
ws_uri = pytestconfig.getoption("--ws-uri")
api_uri = pytestconfig.getoption("--service-address")
# env vars to allow use of client creds in GitHub Actions
api_client_id = os.getenv("FUNCX_SMOKE_CLIENT_ID")
api_client_secret = os.getenv("FUNCX_SMOKE_CLIENT_SECRET")
if ws_uri:
client_args["results_ws_uri"] = ws_uri
if api_uri:
client_args["funcx_service_address"] = api_uri
if api_client_id and api_client_secret:
client = ConfidentialAppAuthClient(api_client_id, api_client_secret)
scopes = [
"https://auth.globus.org/scopes/facd7ccc-c5f4-42aa-916b-a0e270e2c2a9/all",
"urn:globus:auth:scope:search.api.globus.org:all",
"openid",
]
token_response = client.oauth2_client_credentials_tokens(
requested_scopes=scopes)
fx_token = token_response.by_resource_server["funcx_service"][
"access_token"]
search_token = token_response.by_resource_server[
"search.api.globus.org"]["access_token"]
openid_token = token_response.by_resource_server["auth.globus.org"][
"access_token"]
fx_auth = AccessTokenAuthorizer(fx_token)
search_auth = AccessTokenAuthorizer(search_token)
openid_auth = AccessTokenAuthorizer(openid_token)
client_args["fx_authorizer"] = fx_auth
client_args["search_authorizer"] = search_auth
client_args["openid_authorizer"] = openid_auth
return config
def main():
# start the Native App authentication process
tokens = do_native_app_authentication(CLIENT_ID, REDIRECT_URI)
transfer_token = tokens['datasearch.api.globus.org']['access_token']
authorizer = AccessTokenAuthorizer(access_token=transfer_token)
print(authorizer.access_token)
def load_identifier_client():
token = load_tokens()['identifiers.globus.org']['access_token']
ic = IdentifierClient('Identifier',
base_url='https://identifiers.globus.org/',
app_name='My Local App',
authorizer=AccessTokenAuthorizer(token))
return ic
def mint_minid(file_info):
namespace = MINID_PROD if MINT_PROD else MINID_TEST
token = load_tokens()['identifiers.globus.org']['access_token']
# You must specify the `base_url`
ic = IdentifierClient('Identifier',
base_url='https://identifiers.globus.org/',
app_name='My Local App',
authorizer=AccessTokenAuthorizer(token))
kwargs = {
'visible_to': ['public'],
'location': [file_info['location']],
'checksums': [{
'function': 'md5',
'value': file_info['md5']
}],
'metadata': {
'Title':
'CRAM Alignment file for GTEx Sample {}.recab.cram'
''.format(file_info['id']),
'contentSize':
file_info['size']
}
}
kwargs = {k: json.dumps(v) for k, v in kwargs.items()}
minid = ic.create_identifier(namespace=namespace, **kwargs)
return minid.data['identifier']
class WebauthnClient:
def __init__(self, host, access_token):
self.client = AccessTokenAuthorizer(access_token)
def get_session(self):
r = self.client.get('https://{host}/authn/session'.format(host=self.host))
return r.text
def check_group_membership(token, endpoint_groups):
"""Determine whether or not the user is a member
of any of the groups
Parameters
----------
token : str
The user's nexus token
endpoint_groups : list
A list of the group ids associated with the endpoint
Returns
-------
bool
Whether or not the user is a member of any of the groups
"""
client = get_auth_client()
dep_tokens = client.oauth2_get_dependent_tokens(token)
nexus_token = dep_tokens.by_resource_server['nexus.api.globus.org'][
"access_token"]
# Create a nexus client to retrieve the user's groups
nexus_client = NexusClient()
nexus_client.authorizer = AccessTokenAuthorizer(nexus_token)
user_groups = nexus_client.list_groups(my_statuses="active",
fields="id",
for_all_identities=True)
# Check if any of the user's groups match
for user_group in user_groups:
for endpoint_group in endpoint_groups:
if user_group['id'] == endpoint_group:
return True
return False
async def get_transfer_client(request: Request):
"""This function forms globus transfer client with authentication present in session token"""
tokens = request.session.get('tokens', False)
authorizer = AccessTokenAuthorizer(
tokens['transfer.api.globus.org']['access_token'])
transfer_client = TransferClient(authorizer=authorizer)
return transfer_client
def get_api(conf):
username = conf.get_go_username()
if username is None:
print('Globus Id: ', end=' ', flush=True)
username = sys.stdin.readline().strip()
atglobusidorg = username.rfind("@globusid.org")
if atglobusidorg != -1:
username = username[:atglobusidorg]
password = conf.get_go_password()
if password is None:
password = getpass.getpass("Globus Password: "******"/goauth/token?grant_type=client_credentials"
for tries in range(0, 10):
try:
authorizer = BasicAuthorizer(username, password)
nexus_client = BaseClient('nexus', authorizer=authorizer)
response = nexus_client.get(GOAUTH_PATH)
access_token = response.data['access_token']
except GlobusAPIError as e:
if e.http_status == 403:
print('{}\nRetrying'.format(e.message))
print('Globus Id: ', end=' ', flush=True)
username = sys.stdin.readline().strip()
password = getpass.getpass("Globus Password: "******"timed out" not in str(e):
raise e
time.sleep(30)
if go_instance == 'Production':
go_instance = 'default'
class TransferClientWithUserNameAndPassword(TransferClient):
def __init__(self, username=None, password=None, **kwargs):
self.username = username
self.password = password
super(TransferClientWithUserNameAndPassword,
self).__init__(**kwargs)
api = TransferClientWithUserNameAndPassword(
username=username,
password=password,
authorizer=AccessTokenAuthorizer(access_token),
environment=go_instance,
timeout=300.0)
return api
def getAppTransferAuthorizer(self):
# mostly for testing/debugging
adminToken = self.getGlobusAdminToken()
if adminToken is not None:
return AccessTokenAuthorizer(adminToken)
authClient = self.getAuthClient()
return ClientCredentialsAuthorizer(authClient, _APP_SCOPES)
def get_identifier_client(self):
token = load_globus_access_token(self.task.user,
'identifiers.globus.org')
# You must specify the `base_url`
ic = IdentifierClient('Identifier',
base_url='https://identifiers.globus.org/',
app_name='Workspace Manager',
authorizer=AccessTokenAuthorizer(token))
return ic
def main():
current_time = datetime.utcnow().replace(microsecond=0).isoformat()
last_cleanup_time = datetime.utcnow().replace(microsecond=0)\
- timedelta(hours=24)
last_cleanup = last_cleanup_time.isoformat()
completion_range = last_cleanup + "," + current_time
print("Cleaning up source endpoint {} \nfor outbound transfers completed "
"in range {}\n ".format(SOURCE_ENDPOINT_ID, completion_range))
transfer_token = do_client_authentication(CLIENT_ID, CLIENT_SECRET)
authorizer = AccessTokenAuthorizer(access_token=transfer_token)
tc = TransferClient(authorizer=authorizer)
# print out a directory listing from an endpoint
tc.endpoint_autoactivate(SOURCE_ENDPOINT_ID)
try:
task_fields = "task_id,source_endpoint,destination_endpoint," \
"source_host_path,owner_string,source_endpoint_id,type"
tasks = tc.endpoint_manager_task_list(
filter_status="SUCCEEDED",
filter_endpoint=SOURCE_ENDPOINT_ID,
filter_completion_time=completion_range,
fields=task_fields)
except TransferAPIError as tapie:
if tapie.code == 'PermissionDenied':
print('Permission denied! Give your app permission by going to '
'"globus.org/app/endpoints/{}/roles", and under '
'"Identity/E-mail adding "{}@clients.auth.globus.org" as '
'an "AccessManager" and "Activity Manager"'.format(
SOURCE_ENDPOINT_ID, CLIENT_ID))
sys.exit(1)
# Nothing weird *should* happen here, but if so re-raise so the user
# can deal with it.
raise
tasklist = tasks.data
if not tasklist:
print("No transfers from {} found in the last 24 hours, "
"nothing to clean up".format(SOURCE_ENDPOINT_ID))
else:
print("{} total transfers found from {} in the last 24 hours, "
"some may not be of type TRANSFER".format(
len(tasklist), SOURCE_ENDPOINT_ID))
delete_tasks = [
task.data for task in tasklist
if task_delete_conditions_satisfied(task)
]
for task in delete_tasks:
files_list, common_dir = select_dir_to_delete(tc, task)
delete_dir_and_acls(tc, task, files_list, common_dir)
def move_directory(self, dir_UUID, oldpath, newpath):
if dir_UUID == None or len(str(dir_UUID)) == 0:
raise ValueError('The dataset UUID must have a value')
tc = globus_sdk.TransferClient(
authorizer=AccessTokenAuthorizer(self.transfer_token))
try:
tc.operation_rename(self.globus_endpoint,
oldpath=oldpath,
newpath=newpath)
print("Done moving directory: " + oldpath + " to:" + newpath)
return str(newpath)
except:
raise
def authorizer_retriever(flow_url: str, flow_scope: str,
client_id: str) -> AllowedAuthorizersType:
"""
This callback will be called when attempting to interact with a
specific Flow. The callback will receive the Flow url, Flow scope, and
client_id and can choose to use some, all or none of the kwargs. This is
expected to return an Authorizer which can be used to make authenticated
calls to the Flow.
The method used to acquire valid credentials is up to the user. Here, we
naively create an Authorizer using the same token everytime.
"""
flow_token = os.environ.get("MY_ACCESS_TOKEN")
return AccessTokenAuthorizer(flow_token)
def get_search_client():
"""Creates a Globus Search Client using FuncX's client token"""
auth_client = authentication.auth.get_auth_client()
tokens = auth_client.oauth2_client_credentials_tokens(requested_scopes=[SEARCH_SCOPE])
app.logger.debug(f"CC Tokens for Search: {tokens}")
search_token = tokens.by_scopes[SEARCH_SCOPE]
app.logger.debug(f"Search token: {search_token}")
access_token = search_token['access_token']
app.logger.debug(f"Access token")
authorizer = AccessTokenAuthorizer(access_token)
app.logger.debug("Acquired AccessTokenAuthorizer for search")
search_client = SearchClient(authorizer)
app.logger.debug("Acquired SearchClient with that authorizer")
return search_client
def get_authorizers(self):
authorizers = {}
for resource_server, token_dict in self.load_tokens().items():
if token_dict.get('refresh_token') is not None:
authorizers[resource_server] = RefreshTokenAuthorizer(
token_dict['refresh_token'],
self.client,
access_token=token_dict['access_token'],
expires_at=token_dict['expires_at_seconds'],
on_refresh=self.on_refresh,
)
else:
authorizers[resource_server] = AccessTokenAuthorizer(
token_dict['access_token'])
return authorizers
def mkdir(self, new_directory):
if new_directory == None or len(str(new_directory)) == 0:
raise ValueError('The dataset UUID must have a value')
tc = globus_sdk.TransferClient(
authorizer=AccessTokenAuthorizer(self.transfer_token))
try:
#for entry in tc.operation_ls(ep_id, path="/~/project1/"):
tc.operation_mkdir(self.globus_endpoint, new_directory)
print("Done adding directory: " + new_directory)
return new_directory
except TransferAPIError as error:
if 'MkdirFailed.Exists' not in error.code:
raise
except:
raise
def getAuthorizer(self, user):
if 'otherTokens' not in user:
raise Exception('No transfer token found')
tokens = user['otherTokens']
for token in tokens:
if token['scope'] == _TRANSFER_SCOPE:
if 'refresh_token' in token and token[
'refresh_token'] is not None:
return RefreshTokenAuthorizer(token['refresh_token'],
self.getAuthClient())
else:
return AccessTokenAuthorizer(token['access_token'])
raise Exception('No globus transfer token found')
def cleanup():
user_identity_name = request.form.get('user_identity_name')
dependent_tokens = get_dependent_tokens(g.req_token)
transfer_token = dependent_tokens.by_resource_server[
'transfer.api.globus.org']['access_token']
dest_ep = app.config['GRAPH_ENDPOINT_ID']
dest_base = app.config['GRAPH_ENDPOINT_BASE']
dest_path = '%sGraphs for %s/' % (dest_base, user_identity_name)
transfer = TransferClient(authorizer=AccessTokenAuthorizer(transfer_token))
transfer.endpoint_autoactivate(dest_ep)
try:
acl = next(acl for acl in transfer.endpoint_acl_list(dest_ep)
if dest_path == acl['path'])
except StopIteration:
pass
except TransferAPIError as ex:
# PermissionDenied can happen if a new Portal client is swapped
# in and it doesn't have endpoint manager on the dest_ep.
# The /portal/processed directory has been set to to writeable
# for all users so the delete task will succeed even if an ACL
# can't be set.
if ex.code == 'PermissionDenied':
pass
else:
transfer.delete_endpoint_acl_rule(dest_ep, acl['id'])
delete_request = DeleteData(transfer_client=transfer,
endpoint=dest_ep,
label="Delete Graphs from the Service Demo",
recursive=True)
delete_request.add_item(dest_path)
try:
task = transfer.submit_delete(delete_request)
except TransferAPIError as ex:
raise InternalServerError(message=ex.message)
else:
return jsonify(dict(task_id=task['task_id']))
def __init__(self):
"""Initiate an OAuth2() object.
Initiate OAuth2 flow with Globus credentaials to obtain access tokens.
Refresh the tokens automatically so another login is not required.
Examples
--------
Create an OAuth2 object:
>>> from archeion.models import OAuth2
>>> authorizer = OAuth2()
"""
self.client = NativeAppAuthClient(CLIENT_ID)
self.client.oauth2_start_flow(refresh_tokens=True)
logger.info("Opening browser window for Globus Authentication")
webbrowser.open_new(self.client.oauth2_get_authorize_url())
get_input = getattr(__builtins__, "raw_input", input)
auth_code = get_input(
"Please enter the code you get after login here: "
).strip()
logger.debug("User has input authentication code")
token_response = self.client.oauth2_exchange_code_for_tokens(auth_code)
self.access_token = token_response.by_resource_server["auth.globus.org"][
"access_token"
]
transfer_response = token_response.by_resource_server["transfer.api.globus.org"]
self.transfer_token = transfer_response["access_token"]
self.transfer_refresh_token = transfer_response["refresh_token"]
self.transfer_expiry_seconds = transfer_response["expires_at_seconds"]
authorizer = RefreshTokenAuthorizer(
self.transfer_refresh_token,
self.client,
access_token=self.transfer_token,
expires_at=self.transfer_expiry_seconds,
)
self.transfer_client = TransferClient(
AccessTokenAuthorizer(self.transfer_token)
)
self.authorisation_client = AuthClient(authorizer=authorizer)
def get_user_info(access_token):
"""
Given an Access Token issued by the Globus Auth API introspects the token
and returns a dict with user_id and username keys.
Raises a ValueError if the token introspection fails
"""
auth_client = AuthClient(authorizer=AccessTokenAuthorizer(access_token),
client_id=CLIENT_ID)
try:
userinfo_res = auth_client.oauth2_userinfo()
except GlobusError as err:
raise ValueError("Userinfo could not be gotten from token. "
"Failure on: {}".format(err))
return {
"user_id": userinfo_res.get("sub"),
"username": userinfo_res.get("preferred_username")
}
def exchange_code_and_store_config(native_client, auth_code):
"""
Finishes login flow after code is gotten from command line or local server.
Exchanges code for tokens and gets user info from auth.
Stores tokens and user info in config.
"""
# do a token exchange with the given code
tkn = native_client.oauth2_exchange_code_for_tokens(auth_code)
tkn = tkn.by_resource_server
# extract access tokens from final response
transfer_at = (tkn['transfer.api.globus.org']['access_token'])
transfer_at_expires = (
tkn['transfer.api.globus.org']['expires_at_seconds'])
transfer_rt = (tkn['transfer.api.globus.org']['refresh_token'])
auth_at = (tkn['auth.globus.org']['access_token'])
auth_at_expires = (tkn['auth.globus.org']['expires_at_seconds'])
auth_rt = (tkn['auth.globus.org']['refresh_token'])
# get the identity that the tokens were issued to
auth_client = AuthClient(authorizer=AccessTokenAuthorizer(auth_at))
res = auth_client.oauth2_userinfo()
# revoke any existing tokens
for token_opt in (TRANSFER_RT_OPTNAME, TRANSFER_AT_OPTNAME,
AUTH_RT_OPTNAME, AUTH_AT_OPTNAME):
token = lookup_option(token_opt)
if token:
native_client.oauth2_revoke_token(token)
# write new tokens to config
write_option(TRANSFER_RT_OPTNAME, transfer_rt)
write_option(TRANSFER_AT_OPTNAME, transfer_at)
write_option(TRANSFER_AT_EXPIRES_OPTNAME, transfer_at_expires)
write_option(AUTH_RT_OPTNAME, auth_rt)
write_option(AUTH_AT_OPTNAME, auth_at)
write_option(AUTH_AT_EXPIRES_OPTNAME, auth_at_expires)
safeprint(_LOGIN_EPILOG.format(res["preferred_username"]))
def copy_data(self, ori, destiny):
"""
copy data using globus
:param ori: path where the data is in the source machine
:type ori: str
:param destiny: path where the data will be put on the destiny machine
:type destiny: str
:raises Exception: a problem occurred during the transference
"""
authorizer = AccessTokenAuthorizer(GlobusManager.TRANSFER_TOKEN)
tc = TransferClient(authorizer=authorizer)
res = self.copy_directory(ori, destiny, tc)
if res == "NOT_A_DIRECTORY":
res = self.copy_file(ori, destiny, tc)
if res is not "OK":
raise Exception(res)
def status(self):
token = TokenStore.get_transfer_token(self.user)
tc = TransferClient(authorizer=AccessTokenAuthorizer(token))
old = json.loads(self.task_catalog or '{}')
tasks = {
t: tc.get_task(t).data
for t in json.loads(self.transfer_task_ids)
if not old.get(t) or old[t]['status'] == 'ACTIVE'
}
old.update(tasks)
tasks = old
transferred = [t['files_transferred'] for t in tasks.values()]
log.debug(transferred)
self.files_transferred = reduce(lambda x, y: x + y, transferred)
log.debug(self.files_transferred)
self.task_catalog = json.dumps(tasks)
self.save()
statuses = [s['status'] for s in tasks.values()]
if any(filter(lambda stat: stat in ['INACTIVE', 'FAILED'], statuses)):
return 'FAILED'
if any(filter(lambda stat: stat == 'ACTIVE', statuses)):
return 'ACTIVE'
return 'SUCCEEDED'
def __init__(self, host, access_token):
self.client = AccessTokenAuthorizer(access_token)
def validate():
params = request.json
crawl_id = params["crawl_id"]
globus_eid = params["globus_eid"]
transfer_token = params["transfer_token"]
source_destination = params["source_destination"]
dataset_info = params["dataset_info"] # To be implemented later
client = boto3.client('sqs',
aws_access_key_id=os.environ["aws_access"],
aws_secret_access_key=os.environ["aws_secret"],
region_name='us-east-1')
try:
response = client.get_queue_url(
QueueName=f'validate_{crawl_id}',
QueueOwnerAWSAccountId=os.environ["aws_account_id"])
except: # Add SQS.Client.exceptions.QueueDoesNotExist error
abort(400, "Invalid crawl ID")
try:
authorizer = AccessTokenAuthorizer(transfer_token)
tc = TransferClient(authorizer=authorizer)
except: # Add exception
abort(400, "Invalid transfer token")
crawl_queue = response["QueueUrl"]
date = datetime.datetime.now()
file_name = date.strftime("%m_%d_%Y-%H_%M_%S") + ".txt"
try:
with open(file_name, "w") as f:
while True:
sqs_response = client.receive_message(
QueueUrl=crawl_queue,
MaxNumberOfMessages=1, # To be toggled
WaitTimeSeconds=1)
if "Messages" not in sqs_response:
# xtract_status = requests.get(f"{eb_url}/get_extract_status", json={"crawl_id": crawl_id})
# print("HERE")
# print(xtract_status.content)
# xtract_content = json.loads(xtract_status.content)
# # print(xtract_content)
#
# if xtract_content["IDLE"] == 0 and xtract_content["PENDING"] == 0:
break
del_list = []
for message in sqs_response["Messages"]:
message_body = message["Body"]
# PROCESS MESSAGE_BODY
f.write(message_body)
# print(message_body)
del_list.append({
'ReceiptHandle': message["ReceiptHandle"],
'Id': message["MessageId"]
})
if len(del_list) > 0:
client.delete_message_batch(QueueUrl=crawl_queue,
Entries=del_list)
tdata = TransferData(
tc,
"5ecf6444-affc-11e9-98d4-0a63aa6b37da", #TODO: Add source endpoint
globus_eid,
label=f"{crawl_id}")
tdata.add_item(os.path.abspath(file_name),
os.path.join(source_destination, file_name))
tc.endpoint_autoactivate(
"5ecf6444-affc-11e9-98d4-0a63aa6b37da") #TODO: Add source endpoint
tc.endpoint_autoactivate(globus_eid)
submit_result = tc.submit_transfer(tdata)
while True:
result = tc.get_task(submit_result['task_id'])
if result.data["status"] == "SUCCEEDED":
break
elif result.data["status"] == "FAILED":
raise RuntimeError # TODO: Change this
else:
time.sleep(0.5)
except Exception as e:
print(e)
abort(400, "Failed to validate")
finally:
os.remove(file_name)
return "[200] Submitted"
def new_groups_client(auth_client, upstream_token):
resp = auth_client.oauth2_get_dependent_tokens(upstream_token, {
"access_type": "offline"
}).by_scopes[GROUPS_SCOPE]
authz = AccessTokenAuthorizer(resp["access_token"])
return GroupsClient(authorizer=authz)
client_id and can choose to use some, all or none of the kwargs. This is
expected to return an Authorizer which can be used to make authenticated
calls to the Flow.
The method used to acquire valid credentials is up to the user. Here, we
naively create an Authorizer using the same token everytime.
"""
flow_token = os.environ.get("MY_ACCESS_TOKEN")
return AccessTokenAuthorizer(flow_token)
# Create an AccessTokenAuthorizer using a token that has consents to the
# MANAGE_FLOWS_SCOPE. This lets the FlowsClient perform operations against the
# Flow's service i.e. create flow, update a flow, delete a flow
flows_service_token = os.environ.get("MANAGE_FLOWS_SCOPED_TOKEN")
flows_service_authorizer = AccessTokenAuthorizer(flows_service_token)
fc = FlowsClient.new_client(
client_id=CLIENT_ID,
authorizer=flows_service_authorizer,
authorizer_callback=authorizer_retriever,
)
my_flows = fc.list_flows()
print(my_flows)
# When running a specific Flow, the authorizer_retriever callback is called
# internally to make the authenticated call to the Flow
running_flow = fc.run_flow(
"1e6b4406-ee3d-4bc5-9198-74128e108111", None, {"echo_string": "hey"}
)
def authorizer_callback(*args, **kwargs):
auth = AccessTokenAuthorizer(
TOKENS.by_resource_server[FLOW_ID]['access_token'])
return auth
def doit():
"""
- Call token introspect
- Get dependent tokens
"""
dependent_tokens = get_dependent_tokens(g.req_token)
# dependent_tokens is a token response object
# create transfer_token and http_token variables containing
# the correct token for each resource server
transfer_token = dependent_tokens.by_resource_server[
'transfer.api.globus.org']['access_token']
http_token = dependent_tokens.by_resource_server[
'tutorial-https-endpoint.globus.org']['access_token']
selected_ids = request.form.getlist('datasets')
selected_year = request.form.get('year')
user_identity_id = request.form.get('user_identity_id')
user_identity_name = request.form.get('user_identity_name')
selected_datasets = [
dataset for dataset in datasets if dataset['id'] in selected_ids
]
if not (selected_datasets and selected_year):
raise BadRequestError()
transfer = TransferClient(authorizer=AccessTokenAuthorizer(transfer_token))
source_ep = app.config['DATASET_ENDPOINT_ID']
source_info = transfer.get_endpoint(source_ep)
source_https = source_info['https_server']
source_base = app.config['DATASET_ENDPOINT_BASE']
source_token = http_token
dest_ep = app.config['GRAPH_ENDPOINT_ID']
dest_info = transfer.get_endpoint(dest_ep)
dest_https = dest_info['https_server']
dest_base = app.config['GRAPH_ENDPOINT_BASE']
dest_path = '%sGraphs for %s/' % (dest_base, user_identity_name)
dest_token = http_token
if not (source_https and dest_https):
raise InternalServerError(message='Endpoints must be HTTPS servers')
svgs = {}
for dataset in selected_datasets:
source_path = dataset['path']
response = requests.get(
'%s%s%s/%s.csv' %
(source_https, source_base, source_path, selected_year),
headers=dict(Authorization='Bearer ' + source_token),
allow_redirects=False)
response.raise_for_status()
svgs.update(
render_graphs(
csv_data=response.iter_lines(decode_unicode=True),
append_titles=' from %s for %s' %
(dataset['name'], selected_year),
))
transfer.endpoint_autoactivate(dest_ep)
try:
transfer.operation_mkdir(dest_ep, dest_path)
except TransferAPIError as error:
if 'MkdirFailed.Exists' not in error.code:
raise
try:
transfer.add_endpoint_acl_rule(
dest_ep,
dict(principal=user_identity_id,
principal_type='identity',
path=dest_path,
permissions='r'),
)
except TransferAPIError as error:
# PermissionDenied can happen if a new Portal client is swapped
# in and it doesn't have endpoint manager on the dest_ep.
# The /portal/processed directory has been set to to read/write
# for all users so the subsequent operations will succeed.
if error.code == 'PermissionDenied':
pass
elif error.code != 'Exists':
raise
for filename, svg in svgs.items():
requests.put('%s%s%s.svg' % (dest_https, dest_path, filename),
data=svg,
headers=dict(Authorization='Bearer ' + dest_token),
allow_redirects=False).raise_for_status()
results = {
'dest_ep': dest_ep,
'dest_path': dest_path,
'dest_name': dest_info['display_name'],
'graph_count': len(svgs) or 0
}
return jsonify(results)
client = ConfidentialAppAuthClient(args.id, args.secret)
scopes = [
"https://auth.globus.org/scopes/facd7ccc-c5f4-42aa-916b-a0e270e2c2a9/all",
"urn:globus:auth:scope:search.api.globus.org:all",
"openid",
]
token_response = client.oauth2_client_credentials_tokens(
requested_scopes=scopes)
fx_token = token_response.by_resource_server["funcx_service"][
"access_token"]
search_token = token_response.by_resource_server["search.api.globus.org"][
"access_token"]
openid_token = token_response.by_resource_server["auth.globus.org"][
"access_token"]
fx_auth = AccessTokenAuthorizer(fx_token)
search_auth = AccessTokenAuthorizer(search_token)
openid_auth = AccessTokenAuthorizer(openid_token)
val = 1
tt = TestTutorial(fx_auth,
search_auth,
openid_auth,
args.tutorial,
identity,
val,
args=val)
tt.run()