diff --git a/.flake8 b/.flake8
index 1e46891975afedab71ce333d8be84cb9692cf41f..db234bdd12f196f109da823525b07fd5afe967d1 100644
--- a/.flake8
+++ b/.flake8
@@ -1,3 +1,4 @@
[flake8]
max-line-length = 120
exclude = .git,__pycache__,__init__.py,.mypy_cache,.pytest_cache
+extend-ignore = E203
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 113c8cacb82aee2bfb57eb3fb345179836437282..94e00b948fca934313529e240866160e6128e544 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,6 +6,7 @@ variables:
OBJECT_GATEWAY_URI: "http://127.0.0.1:8000"
CEPH_ACCESS_KEY: ""
CEPH_SECRET_KEY: ""
+ CEPH_USERNAME: ""
OIDC_CLIENT_SECRET: ""
OIDC_CLIENT_ID: ""
OIDC_BASE_URI: "http://127.0.0.1:8000"
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000000000000000000000000000000000000..6f5f7999a750ce4ec34d8083921347452a26bcf5
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,14 @@
+## Version 1.1.0
+
+### Features
+* Inject additional metadata to `BucketOut` and `S3ObjectMetaInformation` response #22
+* Add name of user in the `BucketPermissionOut` response #29
+* Add endpoint to search for user #28
+* Enforce that always a S3 Key is present #27
+### Fixes
+* Use `max-age` for cookies instead of `expires` #32
+* Give useful response when encountering a error during login instead of sending a `500` response #21
+* Remove dependence on other services during health check #31
+### General
+* Bump dependencies
+* Bump version of dev OIDC service and adapt configuration #24
diff --git a/DEVELOPING.md b/DEVELOPING.md
index 18bfe6785f651baa6555b95197d2c22aeb4c4f5a..06fd9ce5cd53ffd3ba6a1edf92829866736826bf 100644
--- a/DEVELOPING.md
+++ b/DEVELOPING.md
@@ -111,6 +111,8 @@ The provided configuration does the following things
* It forwards all request to http://localhost:9999/api/* to http://localhost:8080 (this backend)
* It strips the prefix `/api` before it forwards the request to the backend
* All other request will be forwarded to http://localhost:5173, the corresponding dev [Frontend](https://gitlab.ub.uni-bielefeld.de/denbi/object-storage-access-ui)
+ * Hides all the RADOS Gateways behind http://localhost:9998 and distributes all requests equally to the Gateways
+ * Takes care of the CORS header for the RADOS Gateway
You don't have to use Traefik for that. You can use any reverse proxy for this task, like [Caddy](https://caddyserver.com/), [HAProxy](https://www.haproxy.org/) or [nginx](https://nginx.org/en/).<br>
diff --git a/README.md b/README.md
index 2b338cbd4ce106f16b42dd2dd6b8dcad20fe1e8d..5333fe64da5b67e566926a7ec925f53b5fd8aaa3 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
# S3 Proxy API
## Description
-Openstack is shipping with an integrated UI to access the Object Store provided by ceph. Unfortunately, this UI does not allow
+Openstack is shipping with an integrated UI to access the Object Store provided by Ceph. Unfortunately, this UI does not allow
fine-grained control who can access a bucket or object. You can either make it accessible for everyone or nobody, but
Ceph can do this and much more. 👎
This is the backend for a new UI which can leverage the additional powerful functionality provided by Ceph in a
@@ -32,6 +32,7 @@ user-friendly manner. ðŸ‘
| `OBJECT_GATEWAY_URI` | unset | HTTP URL | HTTP URL of the Ceph Object Gateway |
| `CEPH_ACCESS_KEY` | unset | \<access key> | Ceph access key with admin privileges |
| `CEPH_SECRET_KEY` | unset | \<secret key> | Ceph secret key with admin privileges |
+| `CEPH_USERNAME` | unset | \<ceph username> | Username in Ceph of the backend user |
| `OIDC_CLIENT_ID` | unset | \<OIDC client id> | Client ID from the OIDC provider |
| `OIDC_CLIENT_SECRET` | unset | \<OIDC client secret> | Client Secret from the OIDC provider |
| `OIDC_BASE_URI` | unset | HTTP URL | HTTP URL of the OIDC Provider |
@@ -47,3 +48,7 @@ user-friendly manner. ðŸ‘
| `BACKEND_CORS_ORIGINS` | `[]` | json formatted list of urls | List of valid CORS origins |
| `SQLALCHEMY_VERBOSE_LOGGER` | `false` | `<"true"|"false">` | Enables verbose SQL output.<br>Should be `false` in production |
| `OIDC_META_INFO_PATH` | `/.well-known/openid-configuration` | URL path | Path to the OIDC configuration file<br> Will be concatenated with the `OIDC_BASE_URI` |
+
+## Getting started
+This service depends on multiple other services. See [DEVELOPING.md](DEVELOPING.md) ho to set these up for developing on
+your local machine.
diff --git a/alembic/versions/6c64f020818b_make_display_name_for_users_mandatory.py b/alembic/versions/6c64f020818b_make_display_name_for_users_mandatory.py
new file mode 100644
index 0000000000000000000000000000000000000000..9b70f67ffa093ba5f172e2c4aff61ceb5211f6e1
--- /dev/null
+++ b/alembic/versions/6c64f020818b_make_display_name_for_users_mandatory.py
@@ -0,0 +1,28 @@
+"""Make display_name for users mandatory
+
+Revision ID: 6c64f020818b
+Revises: 9fa582febebe
+Create Date: 2022-10-21 13:53:44.446799
+
+"""
+from sqlalchemy.dialects import mysql
+
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision = "6c64f020818b"
+down_revision = "9fa582febebe"
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+ # ### commands auto generated by Alembic - please adjust! ###
+ op.alter_column("user", "display_name", existing_type=mysql.VARCHAR(length=256), nullable=False)
+ # ### end Alembic commands ###
+
+
+def downgrade():
+ # ### commands auto generated by Alembic - please adjust! ###
+ op.alter_column("user", "display_name", existing_type=mysql.VARCHAR(length=256), nullable=True)
+ # ### end Alembic commands ###
diff --git a/alembic/versions/9fa582febebe_delete_username_from_user.py b/alembic/versions/9fa582febebe_delete_username_from_user.py
index 2b5eaa9c89ddcf5b05296953b7be26e37ec74598..76e72f0c1a0010d7902f01a8a0a93ba455f1badf 100644
--- a/alembic/versions/9fa582febebe_delete_username_from_user.py
+++ b/alembic/versions/9fa582febebe_delete_username_from_user.py
@@ -5,10 +5,11 @@ Revises: 83a3a47a6351
Create Date: 2022-07-27 11:10:53.440935
"""
-from alembic import op
import sqlalchemy as sa
from sqlalchemy.dialects import mysql
+from alembic import op
+
# revision identifiers, used by Alembic.
revision = "9fa582febebe"
down_revision = "83a3a47a6351"
diff --git a/app/api/dependencies.py b/app/api/dependencies.py
index 8aaf24c2d9080d867001083e1aeceeb43b5d4655..8423802c6b86dde94c8e22d499fbd07eb15f6798 100644
--- a/app/api/dependencies.py
+++ b/app/api/dependencies.py
@@ -1,5 +1,6 @@
from typing import TYPE_CHECKING, Any, AsyncGenerator
+from authlib.integrations.base_client.errors import OAuthError
from authlib.jose.errors import BadSignatureError, DecodeError, ExpiredTokenError
from fastapi import Depends, HTTPException, Path, status
from fastapi.requests import Request
@@ -26,6 +27,11 @@ else:
bearer_token = HTTPBearer(description="JWT Token")
+class LoginException(Exception):
+ def __init__(self, error_source: str):
+ self.error_source = error_source
+
+
def get_rgw_admin() -> RGWAdmin:
return rgw # pragma: no cover
@@ -224,6 +230,13 @@ async def get_userinfo_from_access_token(request: Request) -> dict[str, Any]: #
userinfo : dict[str, Any]
Info about the corresponding user.
"""
- claims = await oauth.lifescience.authorize_access_token(request)
- # ID token doesn't have all necessary information, call userinfo endpoint
- return await oauth.lifescience.userinfo(token=claims)
+ try:
+ if "error" in request.query_params.keys():
+ # if there is an error in the login flow, like a canceld login request, then notify the client
+ raise LoginException(error_source=request.query_params["error"])
+ claims = await oauth.lifescience.authorize_access_token(request)
+ # ID token doesn't have all necessary information, call userinfo endpoint
+ return await oauth.lifescience.userinfo(token=claims)
+ except OAuthError:
+ # if there is an error in the oauth flow, like an expired token, then notify the client
+ raise LoginException(error_source="oidc")
diff --git a/app/api/endpoints/bucket_permissions.py b/app/api/endpoints/bucket_permissions.py
index 33d0e7d7e0e20bc38102d0149c617298e6b70b94..176647598f6325da8ee48c0327735df7763c3ce9 100644
--- a/app/api/endpoints/bucket_permissions.py
+++ b/app/api/endpoints/bucket_permissions.py
@@ -13,9 +13,11 @@ from app.api.dependencies import (
get_user_by_path_uid,
)
from app.crud.crud_bucket_permission import CRUDBucketPermission, DuplicateError
+from app.crud.crud_user import CRUDUser
from app.models.bucket import Bucket as BucketDB
from app.models.user import User as UserDB
-from app.schemas.bucket_permission import BucketPermission as PermissionSchema
+from app.schemas.bucket_permission import BucketPermissionIn as PermissionSchemaIn
+from app.schemas.bucket_permission import BucketPermissionOut as PermissionSchemaOut
from app.schemas.bucket_permission import BucketPermissionParameters as PermissionParametersSchema
router = APIRouter(prefix="/permissions", tags=["BucketPermissions"])
@@ -28,7 +30,7 @@ else:
@router.get(
"/bucket/{bucket_name}/user/{uid}",
- response_model=PermissionSchema,
+ response_model=PermissionSchemaOut,
summary="Get permission for bucket and user combination.",
response_model_exclude_none=True,
)
@@ -36,7 +38,7 @@ async def get_permission_for_bucket(
bucket: BucketDB = Depends(get_current_bucket),
db: AsyncSession = Depends(get_db),
user: UserDB = Depends(get_authorized_user_for_permission),
-) -> PermissionSchema:
+) -> PermissionSchemaOut:
"""
Get the bucket permissions for the specific combination of bucket and user.\n
The owner of the bucket and the grantee of the permission can view it.
@@ -52,12 +54,14 @@ async def get_permission_for_bucket(
Returns
-------
- permissions : app.schemas.bucket_permission.BucketPermission
+ permissions : app.schemas.bucket_permission.BucketPermissionOut
Permission for this bucket and user combination.
"""
bucket_permission = await CRUDBucketPermission.get(db, bucket.name, user.uid)
if bucket_permission:
- return PermissionSchema.from_db_model(bucket_permission, uid=user.uid)
+ return PermissionSchemaOut.from_db_model(
+ bucket_permission, uid=user.uid, grantee_display_name=user.display_name
+ )
raise HTTPException(
status.HTTP_404_NOT_FOUND,
detail=f"Permission for combination of bucket={bucket.name} and user={user.uid} doesn't exists",
@@ -92,7 +96,7 @@ async def delete_permission_for_bucket(
Returns
-------
- permissions : app.schemas.bucket_permission.BucketPermission
+ permissions : app.schemas.bucket_permission.BucketPermissionOut
Permission for this bucket and user combination.
"""
bucket_permission = await CRUDBucketPermission.get(db, bucket.name, user.uid)
@@ -102,7 +106,7 @@ async def delete_permission_for_bucket(
detail=f"Permission for combination of bucket={bucket.name} and user={user.uid} doesn't exists",
)
await CRUDBucketPermission.delete(db, bucket_permission)
- bucket_permission_schema = PermissionSchema.from_db_model(bucket_permission, user.uid)
+ bucket_permission_schema = PermissionSchemaOut.from_db_model(bucket_permission, user.uid, user.display_name)
s3_policy = s3.Bucket(bucket_permission_schema.bucket_name).Policy()
policy = json.loads(s3_policy.policy)
policy["Statement"] = [
@@ -113,7 +117,7 @@ async def delete_permission_for_bucket(
@router.get(
"/bucket/{bucket_name}",
- response_model=list[PermissionSchema],
+ response_model=list[PermissionSchemaOut],
summary="Get all permissions for a bucket.",
response_model_exclude_none=True,
)
@@ -121,7 +125,7 @@ async def list_permissions_per_bucket(
bucket: BucketDB = Depends(get_current_bucket),
db: AsyncSession = Depends(get_db),
current_user: UserDB = Depends(get_current_user),
-) -> list[PermissionSchema]:
+) -> list[PermissionSchemaOut]:
"""
List all the bucket permissions for the given bucket.
\f
@@ -136,24 +140,24 @@ async def list_permissions_per_bucket(
Returns
-------
- permissions : list[app.schemas.bucket_permission.BucketPermission]
+ permissions : list[app.schemas.bucket_permission.BucketPermissionOut]
List of all permissions for this bucket.
"""
if not await CRUDBucketPermission.check_permission(db, bucket.name, current_user.uid, only_own=True):
raise HTTPException(status.HTTP_403_FORBIDDEN, "You can only view your own bucket permissions")
bucket_permissions = await CRUDBucketPermission.get_permissions_for_bucket(db, bucket.name)
- return [PermissionSchema.from_db_model(p) for p in bucket_permissions]
+ return [PermissionSchemaOut.from_db_model(p) for p in bucket_permissions]
@router.get(
"/user/{uid}",
- response_model=list[PermissionSchema],
+ response_model=list[PermissionSchemaOut],
summary="Get all permissions for a user.",
response_model_exclude_none=True,
)
async def list_permissions_per_user(
user: UserDB = Depends(get_user_by_path_uid), db: AsyncSession = Depends(get_db)
-) -> list[PermissionSchema]:
+) -> list[PermissionSchemaOut]:
"""
List all the bucket permissions for the given user.
\f
@@ -166,32 +170,35 @@ async def list_permissions_per_user(
Returns
-------
- permissions : list[app.schemas.bucket_permission.BucketPermission]
+ permissions : list[app.schemas.bucket_permission.BucketPermissionOut]
List of all permissions for this user.
"""
bucket_permissions = await CRUDBucketPermission.get_permissions_for_user(db, user.uid)
- return [PermissionSchema.from_db_model(p, uid=user.uid) for p in bucket_permissions]
+ return [
+ PermissionSchemaOut.from_db_model(p, uid=user.uid, grantee_display_name=user.display_name)
+ for p in bucket_permissions
+ ]
@router.post(
"/",
- response_model=PermissionSchema,
+ response_model=PermissionSchemaOut,
status_code=status.HTTP_201_CREATED,
summary="Create a permission.",
response_model_exclude_none=True,
)
async def create_permission(
- permission: PermissionSchema = Body(..., description="Permission to create"),
+ permission: PermissionSchemaIn = Body(..., description="Permission to create"),
db: AsyncSession = Depends(get_db),
current_user: UserDB = Depends(get_current_user),
s3: S3ServiceResource = Depends(get_s3_resource),
-) -> PermissionSchema:
+) -> PermissionSchemaOut:
"""
Create a permission for a bucket and user.
\f
Parameters
----------
- permission : app.schemas.bucket_permission.BucketPermission
+ permission : app.schemas.bucket_permission.BucketPermissionOut
Information about the permission which should be created. HTTP Body parameter.
db : sqlalchemy.ext.asyncio.AsyncSession.
Async database session to perform query on. Dependency Injection.
@@ -202,12 +209,15 @@ async def create_permission(
Returns
-------
- permissions : app.schemas.bucket_permission.BucketPermission
+ permissions : app.schemas.bucket_permission.BucketPermissionOut
Newly created permission.
"""
await get_current_bucket(permission.bucket_name, db=db, current_user=current_user)
try:
permission_db = await CRUDBucketPermission.create(db, permission)
+ grantee = await CRUDUser.get(db, permission.uid)
+ if grantee is None: # pragma: no cover
+ raise KeyError()
except ValueError:
raise HTTPException(
status.HTTP_400_BAD_REQUEST, detail="The owner of the bucket can't get any more permissions"
@@ -225,13 +235,14 @@ async def create_permission(
json_policy["Statement"] += permission.map_to_bucket_policy_statement(permission_db.user_id)
new_policy = json.dumps(json_policy)
s3_policy.put(Policy=new_policy)
- return PermissionSchema.from_db_model(permission_db, uid=permission.uid)
+
+ return PermissionSchemaOut.from_db_model(permission_db, uid=grantee.uid, grantee_display_name=grantee.display_name)
@router.put(
"/bucket/{bucket_name}/user/{uid}",
status_code=status.HTTP_200_OK,
- response_model=PermissionSchema,
+ response_model=PermissionSchemaOut,
summary="Update a bucket permission",
response_model_exclude_none=True,
)
@@ -242,13 +253,13 @@ async def update_permission(
db: AsyncSession = Depends(get_db),
current_user: UserDB = Depends(get_current_user),
s3: S3ServiceResource = Depends(get_s3_resource),
-) -> PermissionSchema:
+) -> PermissionSchemaOut:
"""
Update a permission for a bucket and user.
\f
Parameters
----------
- permission_parameters : app.schemas.bucket_permission.BucketPermission
+ permission_parameters : app.schemas.bucket_permission.BucketPermissionOut
Information about the permission which should be updated. HTTP Body parameter.
user : app.models.user.User
User with the uid in the URL. Dependency Injection.
@@ -263,7 +274,7 @@ async def update_permission(
Returns
-------
- permissions : app.schemas.bucket_permission.BucketPermission
+ permissions : app.schemas.bucket_permission.BucketPermissionOut
Updated permission.
"""
if not await CRUDBucketPermission.check_permission(db, bucket.name, current_user.uid, only_own=True):
@@ -276,7 +287,7 @@ async def update_permission(
detail=f"Permission for combination of bucket={bucket.name} and user={user.uid} doesn't exists",
)
updated_permission = await CRUDBucketPermission.update_permission(db, bucket_permission, permission_parameters)
- updated_permission_schema = PermissionSchema.from_db_model(updated_permission)
+ updated_permission_schema = PermissionSchemaOut.from_db_model(updated_permission)
s3_policy = s3.Bucket(updated_permission_schema.bucket_name).Policy()
policy = json.loads(s3_policy.policy)
policy["Statement"] = [
diff --git a/app/api/endpoints/buckets.py b/app/api/endpoints/buckets.py
index d91760aa759f7e0f42e17ecf34019fce17ae8a86..3de9e27ed164038d71fa05553211e39c197ef577 100644
--- a/app/api/endpoints/buckets.py
+++ b/app/api/endpoints/buckets.py
@@ -1,4 +1,5 @@
import json
+from functools import reduce
from typing import TYPE_CHECKING
from botocore.exceptions import ClientError
@@ -6,6 +7,7 @@ from fastapi import APIRouter, Depends, HTTPException, Path, Query, status
from sqlalchemy.ext.asyncio import AsyncSession
from app.api.dependencies import get_current_bucket, get_current_user, get_db, get_s3_resource
+from app.core.config import settings
from app.crud.crud_bucket import CRUDBucket
from app.crud.crud_bucket_permission import CRUDBucketPermission
from app.models.bucket import Bucket as BucketDB
@@ -15,9 +17,10 @@ from app.schemas.bucket import BucketOut as BucketOutSchema
from app.schemas.bucket import S3ObjectMetaInformation
if TYPE_CHECKING:
- from mypy_boto3_s3.service_resource import S3ServiceResource
+ from mypy_boto3_s3.service_resource import ObjectSummary, S3ServiceResource
else:
S3ServiceResource = object
+ ObjectSummary = object
router = APIRouter(prefix="/buckets", tags=["Bucket"])
@@ -52,6 +55,10 @@ async def list_buckets(
"name": bucket.name,
"created_at": s3.Bucket(name=bucket.name).creation_date,
"owner": bucket.owner.uid,
+ "num_objects": sum(
+ 1 for obj in s3.Bucket(name=bucket.name).objects.all() if not obj.key.endswith(".s3keep")
+ ),
+ "size": reduce(lambda x, y: x + y.size, list(s3.Bucket(name=bucket.name).objects.all()), 0),
}
)
for bucket in await CRUDBucket.get_for_user(db, user.uid)
@@ -107,13 +114,20 @@ async def create_bucket(
{
"Version": "2012-10-17",
"Statement": [
+ {
+ "Sid": "ProxyOwnerPerm",
+ "Effect": "Allow",
+ "Principal": {"AWS": [f"arn:aws:iam:::user/{settings.CEPH_USERNAME}"]},
+ "Action": ["s3:GetObject"],
+ "Resource": [f"arn:aws:s3:::{db_bucket.name}/*"],
+ },
{
"Sid": "PseudoOwnerPerm",
"Effect": "Allow",
"Principal": {"AWS": [f"arn:aws:iam:::user/{user.uid}"]},
"Action": ["s3:GetObject", "s3:DeleteObject", "s3:PutObject", "s3:ListBucket"],
"Resource": [f"arn:aws:s3:::{db_bucket.name}/*", f"arn:aws:s3:::{db_bucket.name}"],
- }
+ },
],
}
)
@@ -124,6 +138,8 @@ async def create_bucket(
"name": db_bucket.name,
"created_at": s3.Bucket(name=db_bucket.name).creation_date,
"owner": db_bucket.owner.uid,
+ "num_objects": 0,
+ "size": 0,
}
)
@@ -147,12 +163,16 @@ async def get_bucket(
bucket : app.schemas.bucket.BucketOut
Bucket with the provided name.
"""
+ s3bucket = s3.Bucket(name=bucket.name)
+ objects: list[ObjectSummary] = list(s3bucket.objects.all())
return BucketOutSchema(
**{
"description": bucket.description,
"name": bucket.name,
- "created_at": s3.Bucket(name=bucket.name).creation_date,
+ "created_at": s3bucket.creation_date,
"owner": bucket.owner.uid,
+ "num_objects": sum(1 for obj in objects if not obj.key.endswith(".s3keep")),
+ "size": reduce(lambda x, y: x + y.size, objects, 0),
}
)
@@ -215,6 +235,10 @@ async def get_bucket_objects(
Bucket with the name provided in the URL path. Dependency Injection.
s3 : boto3_type_annotations.s3.ServiceResource
S3 Service to perform operations on buckets in Ceph. Dependency Injection.
+ current_user : app.models.user.User
+ Current user. Dependency Injection.
+ db : sqlalchemy.ext.asyncio.AsyncSession.
+ Async database session to perform query on. Dependency Injection.
Returns
-------
@@ -269,6 +293,10 @@ async def get_bucket_object(
S3 Service to perform operations on buckets in Ceph. Dependency Injection.
object_path : str
Key of a specific object in the bucket. URL Path Parameter.
+ current_user : app.models.user.User
+ Current user. Dependency Injection.
+ db : sqlalchemy.ext.asyncio.AsyncSession.
+ Async database session to perform query on. Dependency Injection.
Returns
-------
diff --git a/app/api/endpoints/login.py b/app/api/endpoints/login.py
index 7d0d511c3acb115f9d29e481ae145e1b48e55829..5f55bd550b3a60429ecc4c172dad2db35e0739a2 100644
--- a/app/api/endpoints/login.py
+++ b/app/api/endpoints/login.py
@@ -1,12 +1,11 @@
from typing import Any
-from fastapi import APIRouter, Depends, status
-from fastapi.requests import Request
+from fastapi import APIRouter, Depends, Request, Response, status
from fastapi.responses import RedirectResponse
from rgwadmin import RGWAdmin
from sqlalchemy.ext.asyncio import AsyncSession
-from app.api.dependencies import get_db, get_rgw_admin, get_userinfo_from_access_token
+from app.api.dependencies import LoginException, get_db, get_rgw_admin, get_userinfo_from_access_token
from app.core.config import settings
from app.core.security import create_access_token, oauth
from app.crud.crud_user import CRUDUser
@@ -91,22 +90,44 @@ async def login_callback(
path : str
Redirect path after successful login.
"""
- lifescience_id = (
- user_info["voperson_id"] if isinstance(user_info["voperson_id"], str) else user_info["voperson_id"][0]
- )
- uid = lifescience_id.split("@")[0]
- user = await CRUDUser.get(db, uid)
- if user is None:
- new_user = User(uid=uid, display_name=user_info["name"])
- user = await CRUDUser.create(db, new_user)
- rgw.create_user(uid=user.uid, max_buckets=-1, display_name=user.display_name)
- token = create_access_token(uid)
- response.set_cookie(
- key="bearer",
- value=token,
- samesite="strict",
- expires=settings.JWT_TOKEN_EXPIRE_MINUTES,
- secure=True,
- domain=settings.DOMAIN,
- )
+ try:
+ lifescience_id = (
+ user_info["voperson_id"] if isinstance(user_info["voperson_id"], str) else user_info["voperson_id"][0]
+ )
+ uid = lifescience_id.split("@")[0]
+ user = await CRUDUser.get(db, uid)
+ if user is None:
+ new_user = User(uid=uid, display_name=user_info["name"])
+ user = await CRUDUser.create(db, new_user)
+ rgw.create_user(uid=user.uid, max_buckets=-1, display_name=user.display_name)
+ token = create_access_token(uid)
+ response.set_cookie(
+ key="bearer",
+ value=token,
+ samesite="strict",
+ max_age=settings.JWT_TOKEN_EXPIRE_MINUTES,
+ secure=True,
+ domain=settings.DOMAIN,
+ )
+ except Exception: # pragma: no cover
+ raise LoginException(error_source="server")
return "/"
+
+
+def login_exception_handler(request: Request, exc: LoginException) -> Response:
+ """
+ Exception handler for all kinds of login errors.
+
+ Parameters
+ ----------
+ request : fastapi.Request
+ Original request where the exception occurred.
+ exc : LoginException
+ The exception that was raised.
+
+ Returns
+ -------
+ redirect : fastapi.Response
+ Redirect to base URL with error as query parameter
+ """
+ return RedirectResponse(f"/?login_error={exc.error_source}", status_code=status.HTTP_302_FOUND)
diff --git a/app/api/endpoints/users.py b/app/api/endpoints/users.py
index b6f649a832901d12c4b6580af524b0d8d1acc442..e5e6cb3a82e332abcb463d1202c0976592cacea5 100644
--- a/app/api/endpoints/users.py
+++ b/app/api/endpoints/users.py
@@ -1,8 +1,10 @@
-from fastapi import APIRouter, Depends, HTTPException, Path, status
+from fastapi import APIRouter, Depends, HTTPException, Path, Query, status
from rgwadmin import RGWAdmin
from rgwadmin.exceptions import RGWAdminException
+from sqlalchemy.ext.asyncio import AsyncSession
-from app.api.dependencies import get_current_user, get_rgw_admin, get_user_by_path_uid
+from app.api.dependencies import get_current_user, get_db, get_rgw_admin, get_user_by_path_uid
+from app.crud.crud_user import CRUDUser
from app.models.user import User as UserDB
from app.schemas.user import S3Key
from app.schemas.user import User as UserSchema
@@ -30,6 +32,29 @@ def get_logged_in_user(
return current_user
+@router.get("/", response_model=list[UserSchema], summary="Search for users by their name")
+async def search_users(
+ name_like: str = Query(..., min_length=3, max_length=30),
+ db: AsyncSession = Depends(get_db),
+) -> list[UserDB]:
+ """
+ Return the users that have a specific substring in their name.
+ \f
+ Parameters
+ ----------
+ name_like : string
+ Substring of a name to search users for. Query Parameter.
+ db : sqlalchemy.ext.asyncio.AsyncSession.
+ Async database session to perform query on. Dependency Injection.
+
+ Returns
+ -------
+ users: list[app.models.user.User]
+ Users who have the substring in their name.
+ """
+ return await CRUDUser.search_for_name(db, name_like)
+
+
@router.get("/{uid}", response_model=UserSchema, summary="Get a user by its uid")
def get_user(user: UserDB = Depends(get_user_by_path_uid)) -> UserDB:
"""
@@ -175,6 +200,8 @@ def delete_user_key(
user : app.models.user.User
User with given uid. Dependency Injection.
"""
+ if len(rgw.get_user(uid=user.uid, stats=False)["keys"]) <= 1:
+ raise HTTPException(status.HTTP_400_BAD_REQUEST, detail="It's not possible to delete the last key")
try:
rgw.remove_key(access_key=access_id, uid=user.uid)
except RGWAdminException:
diff --git a/app/api/miscellaneous_endpoints.py b/app/api/miscellaneous_endpoints.py
index 00fa05b100ea8d9138c23aa3415a4c3904a5694d..6a0bd8e827fe063e5dd8b4a53ab2e243ebdd1fe9 100644
--- a/app/api/miscellaneous_endpoints.py
+++ b/app/api/miscellaneous_endpoints.py
@@ -1,10 +1,4 @@
-import httpx
-from fastapi import APIRouter, Depends, HTTPException, status
-from sqlalchemy.ext.asyncio import AsyncSession
-
-from app.api.dependencies import get_db
-from app.core.config import settings
-from app.schemas.security import ErrorDetail
+from fastapi import APIRouter, status
miscellaneous_router = APIRouter(include_in_schema=True)
@@ -17,33 +11,16 @@ miscellaneous_router = APIRouter(include_in_schema=True)
"description": "Service Health is OK",
"content": {"application/json": {"example": {"status": "OK"}}},
},
- status.HTTP_500_INTERNAL_SERVER_ERROR: {
- "model": ErrorDetail,
- "description": "Service Health is not OK",
- "content": {"application/json": {"example": {"detail": "Connection to RGW lost"}}},
- },
},
)
-async def health_check(db: AsyncSession = Depends(get_db)) -> dict[str, str]:
+def health_check() -> dict[str, str]:
"""
- Check the health of the service.
+ Check if the service is reachable.
\f
- Parameters
- ----------
- db : sqlalchemy.ext.asyncio.AsyncSession.
- Async database session to perform query on. Dependency Injection.
Returns
-------
response : dict[str, str]
status ok
"""
- try:
- assert db.is_active
- except Exception:
- raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="Connection to database lost")
- try:
- httpx.get(settings.OBJECT_GATEWAY_URI, timeout=3.5)
- except Exception:
- raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="Connection to RGW lost")
return {"status": "OK"}
diff --git a/app/core/config.py b/app/core/config.py
index 28716cf28abc110235330ab9711085d3da2dc45a..b64fb4825ea92eb79cd26b242e27e40a93c6fa91 100644
--- a/app/core/config.py
+++ b/app/core/config.py
@@ -17,14 +17,12 @@ def _assemble_db_uri(values: Dict[str, Any], async_flag: bool = True) -> Any:
class Settings(BaseSettings):
DOMAIN: str = Field("localhost", description="Domain of the service.")
- SSL_TERMINATION: bool = Field("False", description="Flag if the service runs behind a SSL termination proxy")
+ SSL_TERMINATION: bool = Field(False, description="Flag if the service runs behind a SSL termination proxy")
API_PREFIX: str = Field("/api", description="Path Prefix for all API endpoints.")
SECRET_KEY: str = Field(secrets.token_urlsafe(32), description="Secret key to sign the JWTs.")
# 60 minutes * 24 hours * 8 days = 8 days
JWT_TOKEN_EXPIRE_MINUTES: int = Field(60 * 24 * 8, description="JWT lifespan in minutes.")
# BACKEND_CORS_ORIGINS is a JSON-formatted list of origins
- # e.g: '["http://localhost", "http://localhost:4200", "http://localhost:3000", \
- # "http://localhost:8080", "http://local.dockertoolbox.tiangolo.com"]'
BACKEND_CORS_ORIGINS: List[AnyHttpUrl] = Field([], description="List of all valid CORS origins")
@validator("BACKEND_CORS_ORIGINS", pre=True)
@@ -60,6 +58,7 @@ class Settings(BaseSettings):
OBJECT_GATEWAY_URI: AnyHttpUrl = Field(..., description="URI of the Ceph Object Gateway.")
CEPH_ACCESS_KEY: str = Field(..., description="Access key for the Ceph Object Gateway with admin privileges.")
CEPH_SECRET_KEY: str = Field(..., description="Secret key for the Ceph Object Gateway with admin privileges.")
+ CEPH_USERNAME: str = Field(..., description="ID of the Proxy user in Ceph.")
OIDC_CLIENT_SECRET: str = Field(..., description="OIDC Client secret")
OIDC_CLIENT_ID: str = Field(..., description="OIDC Client ID")
diff --git a/app/crud/crud_bucket_permission.py b/app/crud/crud_bucket_permission.py
index 2b0a47b0dea84fc9685419c0a51238aca45c5139..b983c64179cea9fbfcae79c8050a6f8427e957aa 100644
--- a/app/crud/crud_bucket_permission.py
+++ b/app/crud/crud_bucket_permission.py
@@ -6,7 +6,7 @@ from sqlalchemy.orm import joinedload
from app.crud.crud_bucket import CRUDBucket
from app.crud.crud_user import CRUDUser
from app.models.bucket_permission import BucketPermission as BucketPermissionDB
-from app.schemas.bucket_permission import BucketPermission as BucketPermissionSchema
+from app.schemas.bucket_permission import BucketPermissionIn as BucketPermissionSchema
from app.schemas.bucket_permission import BucketPermissionParameters as BucketPermissionParametersSchema
@@ -98,7 +98,7 @@ class CRUDBucketPermission:
----------
db : sqlalchemy.ext.asyncio.AsyncSession
Async database session to perform query on.
- permission : app.schemas.bucket_permission.BucketPermission
+ permission : app.schemas.bucket_permission.BucketPermissionOut
The permission to create.
Returns
-------
@@ -147,7 +147,7 @@ class CRUDBucketPermission:
----------
db : sqlalchemy.ext.asyncio.AsyncSession
Async database session to perform query on.
- permission : app.schemas.bucket_permission.BucketPermission
+ permission : app.schemas.bucket_permission.BucketPermissionOut
The permission to create.
Returns
-------
@@ -168,7 +168,7 @@ class CRUDBucketPermission:
----------
db : sqlalchemy.ext.asyncio.AsyncSession
Async database session to perform query on.
- permission : app.schemas.bucket_permission.BucketPermission
+ permission : app.schemas.bucket_permission.BucketPermissionOut
The permission to update.
new_params : app.schemas.bucket_permission.BucketPermissionParameters
The parameters which should be updated.
diff --git a/app/crud/crud_user.py b/app/crud/crud_user.py
index 4ae8eca4acf2d5b7086dfd0b03e5e6ad6ff05245..01244e9c7d546b7b50e5f391b3482a95b268e30b 100644
--- a/app/crud/crud_user.py
+++ b/app/crud/crud_user.py
@@ -46,3 +46,23 @@ class CRUDUser:
"""
stmt = select(User).where(User.uid == uid)
return (await db.execute(stmt)).scalar()
+
+ @staticmethod
+ async def search_for_name(db: AsyncSession, name_substring: str) -> list[User]:
+ """
+ Search for users that contain a specific substring in their name.
+
+ Parameters
+ ----------
+ db : sqlalchemy.ext.asyncio.AsyncSession.
+ Async database session to perform query on.
+ name_substring : str
+ Substring to search for in the name of a user.
+
+ Returns
+ -------
+ users : list[app.models.user.User]
+ List of users which have the given substring in their name.
+ """
+ stmt = select(User).where(User.display_name.contains(name_substring))
+ return (await db.execute(stmt)).scalars().all()
diff --git a/app/main.py b/app/main.py
index 59d3135840a832a943f4945da3a172899a5c293f..aa2ede0ce39deba9c0e9cb95a64ab614d6a49f4e 100644
--- a/app/main.py
+++ b/app/main.py
@@ -7,6 +7,7 @@ from fastapi.routing import APIRoute
from starlette.middleware.sessions import SessionMiddleware
from app.api.api import api_router
+from app.api.endpoints.login import LoginException, login_exception_handler
from app.api.miscellaneous_endpoints import miscellaneous_router
from app.core.config import settings
@@ -49,6 +50,7 @@ app.add_middleware(GZipMiddleware, minimum_size=500)
# Include all routes
app.include_router(api_router)
app.include_router(miscellaneous_router)
+app.add_exception_handler(LoginException, login_exception_handler)
app.add_middleware(SessionMiddleware, secret_key=settings.SECRET_KEY)
diff --git a/app/models/user.py b/app/models/user.py
index b32f8d939017f69224dec5a4b0f3289f7dda0675..cebd54af3bdbcbbcac54ae6a631a085c1004ccb6 100644
--- a/app/models/user.py
+++ b/app/models/user.py
@@ -17,7 +17,7 @@ class User(Base):
__tablename__: str = "user"
uid: str = Column(String(64), primary_key=True, index=True, unique=True)
- display_name: str | None = Column(String(256), nullable=True)
+ display_name: str = Column(String(256), nullable=False)
buckets: list["Bucket"] = relationship("Bucket", back_populates="owner")
permissions: list["BucketPermission"] = relationship("BucketPermission", back_populates="grantee")
diff --git a/app/schemas/bucket.py b/app/schemas/bucket.py
index 7f1109e1c1cce4641cc4950faad164f509cae0d4..01fd83fd646b335eec70e8a6f3471eb3f5346258 100644
--- a/app/schemas/bucket.py
+++ b/app/schemas/bucket.py
@@ -51,6 +51,8 @@ class BucketOut(_BaseBucket):
description="Time when the bucket was created",
)
owner: str = Field(..., description="UID of the owner", example="28c5353b8bb34984a8bd4169ba94c606")
+ num_objects: int = Field(..., description="Number of Objects in this bucket", example=6)
+ size: int = Field(..., description="Total size of objects in this bucket in bytes", example=3256216)
class Config:
orm_mode = True
@@ -73,6 +75,7 @@ class S3ObjectMetaInformation(BaseModel):
example="test-bucket",
max_length=256,
)
+ content_type: str = Field(..., description="MIME type of the object", example="text/plain")
size: int = Field(..., description="Size of the object in Bytes", example=123456)
last_modified: datetime = Field(
...,
@@ -96,5 +99,9 @@ class S3ObjectMetaInformation(BaseModel):
Converted S3objectMetaInformation.
"""
return S3ObjectMetaInformation(
- key=obj.key, bucket=obj.bucket_name, size=obj.size, last_modified=obj.last_modified
+ key=obj.key,
+ bucket=obj.bucket_name,
+ size=obj.size,
+ last_modified=obj.last_modified,
+ content_type=obj.Object().content_type,
)
diff --git a/app/schemas/bucket_permission.py b/app/schemas/bucket_permission.py
index 4378ac0a4929f5bad34ed947281557345a5424fb..1af02fae5d2daf4a56961250ef2ae6b7f6db5523 100644
--- a/app/schemas/bucket_permission.py
+++ b/app/schemas/bucket_permission.py
@@ -23,40 +23,10 @@ class BucketPermissionParameters(BaseModel):
permission: PermissionEnum | str = Field(PermissionEnum.READ, description="Permission", example=PermissionEnum.READ)
-class BucketPermission(BucketPermissionParameters):
- """
- Schema for the bucket permissions.
- """
-
+class BucketPermissionIn(BucketPermissionParameters):
uid: str = Field(..., description="UID of the grantee", example="28c5353b8bb34984a8bd4169ba94c606")
bucket_name: str = Field(..., description="Name of Bucket", example="test-bucket")
- @staticmethod
- def from_db_model(permission: BucketPermissionDB, uid: str | None = None) -> "BucketPermission":
- """
- Create a bucket permission schema from the database model.
-
- Parameters
- ----------
- permission : app.models.bucket_permission.BucketPermission
- DB model for the permission.
- uid : str | None, default None
- Sets the uid in the schema. If None it will be taken from the database model.
-
- Returns
- -------
- permission_schema : app.schemas.bucket_permission.BucketPermission
- Schema populated with the values from the database model.
- """
- return BucketPermission(
- uid=uid if uid else permission.grantee.uid,
- bucket_name=permission.bucket_name,
- from_timestamp=permission.from_,
- to_timestamp=permission.to,
- file_prefix=permission.file_prefix,
- permission=permission.permissions,
- )
-
def to_hash(self, user_id: str) -> str:
"""
Combine the bucket name and user id and produce the MD5 hash of it.
@@ -127,3 +97,42 @@ class BucketPermission(BucketPermissionParameters):
if len(obj_policy["Condition"]) == 0:
del obj_policy["Condition"]
return [obj_policy] if self.permission == PermissionEnum.WRITE else [obj_policy, bucket_policy]
+
+
+class BucketPermissionOut(BucketPermissionIn):
+ """
+ Schema for the bucket permissions.
+ """
+
+ grantee_display_name: str = Field(..., description="Display Name of the grantee", example="Bilbo Baggins")
+
+ @staticmethod
+ def from_db_model(
+ permission: BucketPermissionDB, uid: str | None = None, grantee_display_name: str | None = None
+ ) -> "BucketPermissionOut":
+ """
+ Create a bucket permission schema from the database model.
+
+ Parameters
+ ----------
+ permission : app.models.bucket_permission.BucketPermission
+ DB model for the permission.
+ uid : str | None, default None
+ Sets the uid in the schema. If None it will be taken from the database model.
+ grantee_display_name: str | None, default None
+ Sets the display name of the grantee in the schema. If None it will be taken from the database model.
+
+ Returns
+ -------
+ permission_schema : app.schemas.bucket_permission.BucketPermissionOut
+ Schema populated with the values from the database model.
+ """
+ return BucketPermissionOut(
+ uid=uid if uid else permission.grantee.uid,
+ grantee_display_name=grantee_display_name if grantee_display_name else permission.grantee.display_name,
+ bucket_name=permission.bucket_name,
+ from_timestamp=permission.from_,
+ to_timestamp=permission.to,
+ file_prefix=permission.file_prefix,
+ permission=permission.permissions,
+ )
diff --git a/app/tests/api/test_bucket_permissions.py b/app/tests/api/test_bucket_permissions.py
index 261fa86cdb93ff06daab2c66bf8e3fe12cff493d..f13b4af39279055e2ea0ce1cdbd5690c6a31210f 100644
--- a/app/tests/api/test_bucket_permissions.py
+++ b/app/tests/api/test_bucket_permissions.py
@@ -9,7 +9,7 @@ from sqlalchemy.ext.asyncio import AsyncSession
from app.models.bucket import Bucket
from app.models.bucket_permission import PermissionEnum
from app.models.user import User
-from app.schemas.bucket_permission import BucketPermission as BucketPermissionSchema
+from app.schemas.bucket_permission import BucketPermissionIn as BucketPermissionSchema
from app.schemas.bucket_permission import BucketPermissionParameters as BucketPermissionParametersSchema
from app.tests.utils.bucket import add_permission_for_bucket
from app.tests.utils.user import get_authorization_headers
@@ -37,7 +37,7 @@ class TestBucketPermissionRoutesGet(_TestBucketPermissionRoutes):
HTTP Client to perform the request on. pytest fixture.
user_token_headers : dict[str,str]
HTTP Headers to authorize the request. pytest fixture.
- random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermission
+ random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermissionOut
Bucket permission for a random bucket for testing. pytest fixture.
"""
response = await client.get(
@@ -68,7 +68,7 @@ class TestBucketPermissionRoutesGet(_TestBucketPermissionRoutes):
HTTP Client to perform the request on. pytest fixture.
user_token_headers : dict[str,str]
HTTP Headers to authorize the request. pytest fixture.
- random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermission
+ random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermissionOut
Bucket permission for a random bucket for testing. pytest fixture.
"""
response = await client.get(
@@ -112,7 +112,7 @@ class TestBucketPermissionRoutesGet(_TestBucketPermissionRoutes):
----------
client : httpx.AsyncClient
HTTP Client to perform the request on. pytest fixture.
- random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermission
+ random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermissionOut
Bucket permission for a random bucket for testing. pytest fixture.
random_second_user : app.models.user.User
Random second user for testing. pytest fixture.
@@ -146,7 +146,7 @@ class TestBucketPermissionRoutesGet(_TestBucketPermissionRoutes):
Async database session to perform query on. pytest fixture.
client : httpx.AsyncClient
HTTP Client to perform the request on. pytest fixture.
- random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermission
+ random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermissionOut
Bucket permission for a random bucket for testing. pytest fixture.
random_third_user : app.models.user.User
Random third user who has no permissions for the bucket. pytest fixture.
@@ -172,7 +172,7 @@ class TestBucketPermissionRoutesGet(_TestBucketPermissionRoutes):
HTTP Client to perform the request on. pytest fixture.
random_second_user : app.models.user.User
Random second user for testing. pytest fixture.
- random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermission
+ random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermissionOut
Bucket permission for a random bucket for testing. pytest fixture.
"""
user_token_headers = get_authorization_headers(random_second_user.uid)
@@ -204,7 +204,7 @@ class TestBucketPermissionRoutesGet(_TestBucketPermissionRoutes):
HTTP Client to perform the request on. pytest fixture.
user_token_headers : dict[str,str]
HTTP Headers to authorize the request. pytest fixture.
- random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermission
+ random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermissionOut
Bucket permission for a random bucket for testing. pytest fixture.
"""
response = await client.get(
@@ -232,7 +232,7 @@ class TestBucketPermissionRoutesGet(_TestBucketPermissionRoutes):
HTTP Client to perform the request on. pytest fixture.
random_second_user : app.models.user.User
Random second user for testing. pytest fixture.
- random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermission
+ random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermissionOut
Bucket permission for a random bucket for testing. pytest fixture.
"""
user_token_headers = get_authorization_headers(random_second_user.uid)
@@ -302,7 +302,7 @@ class TestBucketPermissionRoutesCreate(_TestBucketPermissionRoutes):
HTTP Client to perform the request on. pytest fixture.
user_token_headers : dict[str,str]
HTTP Headers to authorize the request. pytest fixture.
- random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermission
+ random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermissionOut
Bucket permission for a random bucket for testing. pytest fixture.
"""
permission = BucketPermissionSchema(
@@ -336,6 +336,7 @@ class TestBucketPermissionRoutesCreate(_TestBucketPermissionRoutes):
created_permission = response.json()
assert created_permission["uid"] == random_second_user.uid
assert created_permission["bucket_name"] == random_bucket.name
+ assert created_permission["grantee_display_name"] == random_second_user.display_name
class TestBucketPermissionRoutesDelete(_TestBucketPermissionRoutes):
@@ -355,7 +356,7 @@ class TestBucketPermissionRoutesDelete(_TestBucketPermissionRoutes):
HTTP Client to perform the request on. pytest fixture.
user_token_headers : dict[str,str]
HTTP Headers to authorize the request. pytest fixture.
- random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermission
+ random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermissionOut
Bucket permission for a random bucket for testing. pytest fixture.
"""
response = await client.delete(
@@ -377,7 +378,7 @@ class TestBucketPermissionRoutesDelete(_TestBucketPermissionRoutes):
HTTP Client to perform the request on. pytest fixture.
random_second_user : app.models.user.User
Random second user for testing. pytest fixture.
- random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermission
+ random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermissionOut
Bucket permission for a random bucket for testing. pytest fixture.
"""
user_token_headers = get_authorization_headers(random_second_user.uid)
@@ -401,7 +402,7 @@ class TestBucketPermissionRoutesDelete(_TestBucketPermissionRoutes):
----------
client : httpx.AsyncClient
HTTP Client to perform the request on. pytest fixture.
- random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermission
+ random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermissionOut
Bucket permission for a random bucket for testing. pytest fixture.
"""
response = await client.delete(
@@ -449,7 +450,7 @@ class TestBucketPermissionRoutesDelete(_TestBucketPermissionRoutes):
Async database session to perform query on. pytest fixture.
client : httpx.AsyncClient
HTTP Client to perform the request on. pytest fixture.
- random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermission
+ random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermissionOut
Bucket permission for a random bucket for testing. pytest fixture.
random_third_user : app.models.user.User
Random third user who has no permissions for the bucket. pytest fixture.
@@ -478,7 +479,7 @@ class TestBucketPermissionRoutesUpdate(_TestBucketPermissionRoutes):
----------
client : httpx.AsyncClient
HTTP Client to perform the request on. pytest fixture.
- random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermission
+ random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermissionOut
Bucket permission for a random bucket for testing. pytest fixture.
"""
new_from_time = datetime(2022, 1, 1, 0, 0)
@@ -517,7 +518,7 @@ class TestBucketPermissionRoutesUpdate(_TestBucketPermissionRoutes):
----------
client : httpx.AsyncClient
HTTP Client to perform the request on. pytest fixture.
- random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermission
+ random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermissionOut
Bucket permission for a random bucket for testing. pytest fixture.
"""
new_params = BucketPermissionParametersSchema(
@@ -569,7 +570,7 @@ class TestBucketPermissionRoutesUpdate(_TestBucketPermissionRoutes):
----------
client : httpx.AsyncClient
HTTP Client to perform the request on. pytest fixture.
- random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermission
+ random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermissionOut
Bucket permission for a random bucket for testing. pytest fixture.
random_second_user : app.models.user.User
Random second user for testing. pytest fixture.
@@ -597,7 +598,7 @@ class TestBucketPermissionRoutesUpdate(_TestBucketPermissionRoutes):
----------
client : httpx.AsyncClient
HTTP Client to perform the request on. pytest fixture.
- random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermission
+ random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermissionOut
Bucket permission for a random bucket for testing. pytest fixture.
random_third_user : app.models.user.User
Random second user for testing. pytest fixture.
diff --git a/app/tests/api/test_login.py b/app/tests/api/test_login.py
index 6b7532a759d85b3972a3475e6288135747d45eb7..1ac4e480838875ab10a902c36137a1f9742c9526 100644
--- a/app/tests/api/test_login.py
+++ b/app/tests/api/test_login.py
@@ -66,6 +66,26 @@ class TestLoginRoute:
claim = decode_token(right_header.split("=")[1])
assert claim["sub"] == random_user.uid
+ @pytest.mark.asyncio
+ async def test_login_with_error(self, client: AsyncClient) -> None:
+ """
+ Test for login callback route with an existing user.
+
+ Parameters
+ ----------
+ client : httpx.AsyncClient
+ HTTP Client to perform the request on. pytest fixture.
+ """
+ r = await client.get(
+ self.login_path + "callback",
+ params={"voperson_id": "", "name": "", "error": True},
+ follow_redirects=False,
+ )
+ assert r.status_code == status.HTTP_302_FOUND
+ assert "set-cookie" in r.headers.keys()
+ assert find_cookie(searched_cookie_name="bearer", cookie_header=r.headers["set-cookie"]) is None
+ assert r.headers["location"].startswith("/?login_error")
+
@pytest.mark.asyncio
async def test_successful_login_with_non_existing_user(
self, client: AsyncClient, mock_rgw_admin: MockRGWAdmin, db: AsyncSession
@@ -92,14 +112,9 @@ class TestLoginRoute:
# Check response and valid/right jwt token
assert r.status_code == status.HTTP_302_FOUND
assert "set-cookie" in r.headers.keys()
- cookie_header = r.headers["set-cookie"]
- right_header = None
- for t in cookie_header.split(";"):
- if t.startswith("bearer"):
- right_header = t
- break
- assert right_header
- claim = decode_token(right_header.split("=")[1])
+ cookie = find_cookie(searched_cookie_name="bearer", cookie_header=r.headers["set-cookie"])
+ assert cookie is not None
+ claim = decode_token(cookie.split("=")[1])
assert claim["sub"] == uid
# Check that user is created in RGW
@@ -114,3 +129,10 @@ class TestLoginRoute:
await db.delete(db_user)
await db.commit()
mock_rgw_admin.delete_user(uid)
+
+
+def find_cookie(searched_cookie_name: str, cookie_header: str) -> str | None:
+ for cookie in cookie_header.split(";"):
+ if cookie.startswith(searched_cookie_name):
+ return cookie
+ return None
diff --git a/app/tests/api/test_s3_keys.py b/app/tests/api/test_s3_keys.py
index 538063a1c22c11ecf7022146122475468cb908d9..e2148dbe158554bc7de2b6b371be8a672f52f4df 100644
--- a/app/tests/api/test_s3_keys.py
+++ b/app/tests/api/test_s3_keys.py
@@ -154,7 +154,33 @@ class TestS3KeyRoutesDelete(_TestS3KeyRoutes):
assert len(mock_rgw_admin.get_user(uid=random_user.uid)["keys"]) == 1
@pytest.mark.asyncio
- async def test_delete_unknown_s3_key_for_user(self, client: AsyncClient, random_user: User) -> None:
+ async def test_delete_last_s3_key_for_user(
+ self, client: AsyncClient, random_user: User, mock_rgw_admin: MockRGWAdmin
+ ) -> None:
+ """
+ Test for deleting the last S3 key from a user.
+
+ Parameters
+ ----------
+ client : httpx.AsyncClient
+ HTTP Client to perform the request on. pytest fixture.
+ random_user : app.models.user.User
+ Random user for testing. pytest fixture.
+ mock_rgw_admin : app.tests.mocks.mock_rgw_admin.MockRGWAdmin
+ Mock class for rgwadmin package. pytest fixture.
+ """
+ headers = get_authorization_headers(random_user.uid)
+ assert len(mock_rgw_admin.get_user(uid=random_user.uid)["keys"]) == 1
+ key_id = mock_rgw_admin.get_user(uid=random_user.uid)["keys"][0]
+ response = await client.delete(f"{self.base_path}{random_user.uid}/keys/{key_id}", headers=headers)
+
+ assert response.status_code == status.HTTP_400_BAD_REQUEST
+ assert len(mock_rgw_admin.get_user(uid=random_user.uid)["keys"]) == 1
+
+ @pytest.mark.asyncio
+ async def test_delete_unknown_s3_key_for_user(
+ self, client: AsyncClient, random_user: User, mock_rgw_admin: MockRGWAdmin
+ ) -> None:
"""
Test for deleting an unknown S3 key from a user.
@@ -164,7 +190,10 @@ class TestS3KeyRoutesDelete(_TestS3KeyRoutes):
HTTP Client to perform the request on. pytest fixture.
random_user : app.models.user.User
Random user for testing. pytest fixture.
+ mock_rgw_admin : app.tests.mocks.mock_rgw_admin.MockRGWAdmin
+ Mock class for rgwadmin package. pytest fixture.
"""
headers = get_authorization_headers(random_user.uid)
+ mock_rgw_admin.create_key(uid=random_user.uid)
response = await client.delete(f"{self.base_path}{random_user.uid}/keys/impossible", headers=headers)
assert response.status_code == status.HTTP_404_NOT_FOUND
diff --git a/app/tests/api/test_users.py b/app/tests/api/test_users.py
index 8611742a8e1bf20bd4f43931e5a585e7aebb9e0c..4ab0399647374feb6ddd4ef2c39d94d5a4fbf3b4 100644
--- a/app/tests/api/test_users.py
+++ b/app/tests/api/test_users.py
@@ -1,3 +1,5 @@
+import random
+
import pytest
from fastapi import status
from httpx import AsyncClient
@@ -88,3 +90,31 @@ class TestUserRoutesGet(_TestUserRoutes):
response = await client.get(f"{self.base_path}{random_second_user.uid}", headers=user_token_headers)
assert response.status_code == status.HTTP_403_FORBIDDEN
+
+ @pytest.mark.asyncio
+ async def test_search_user_by_name_substring(
+ self, client: AsyncClient, random_user: User, user_token_headers: dict[str, str]
+ ) -> None:
+ """
+ Test for searching a user by its name
+
+ Parameters
+ ----------
+ client : httpx.AsyncClient
+ HTTP Client to perform the request on. pytest fixture.
+ random_user : app.models.user.User
+ Random user for testing. pytest fixture.
+ """
+ substring_indices = [0, 0]
+ while substring_indices[1] - substring_indices[0] < 3:
+ substring_indices = sorted(random.choices(range(len(random_user.display_name)), k=2))
+
+ random_substring = random_user.display_name[substring_indices[0] : substring_indices[1]]
+
+ response = await client.get(
+ f"{self.base_path}", params={"name_like": random_substring}, headers=user_token_headers
+ )
+ users = response.json()
+ assert response.status_code == status.HTTP_200_OK
+ assert len(users) > 0
+ assert sum(1 for u in users if u["uid"] == random_user.uid) == 1
diff --git a/app/tests/conftest.py b/app/tests/conftest.py
index e975fd46d243ba744ba5c9890188f32104036faf..a038ade1a8d2389dd0bcee9a4912243920773124 100644
--- a/app/tests/conftest.py
+++ b/app/tests/conftest.py
@@ -7,13 +7,13 @@ import pytest_asyncio
from httpx import AsyncClient
from sqlalchemy.ext.asyncio import AsyncSession
-from app.api.dependencies import get_rgw_admin, get_s3_resource, get_userinfo_from_access_token
+from app.api.dependencies import LoginException, get_rgw_admin, get_s3_resource, get_userinfo_from_access_token
from app.db.session import SessionAsync as Session
from app.main import app
from app.models.bucket import Bucket
from app.models.bucket_permission import BucketPermission as BucketPermissionDB
from app.models.user import User
-from app.schemas.bucket_permission import BucketPermission as BucketPermissionSchema
+from app.schemas.bucket_permission import BucketPermissionOut as BucketPermissionSchema
from app.tests.mocks.mock_rgw_admin import MockRGWAdmin
from app.tests.mocks.mock_s3_resource import MockS3ServiceResource
from app.tests.utils.bucket import create_random_bucket
@@ -59,7 +59,9 @@ async def client(mock_rgw_admin: MockRGWAdmin, mock_s3_service: MockS3ServiceRes
def get_mock_s3() -> MockS3ServiceResource:
return mock_s3_service
- def get_mock_userinfo(voperson_id: str, name: str) -> dict[str, str]:
+ def get_mock_userinfo(voperson_id: str, name: str, error: bool = False) -> dict[str, str]:
+ if error:
+ raise LoginException(error_source="mock_error")
return {"voperson_id": voperson_id + "@lifescience-ri.eu", "name": name}
app.dependency_overrides[get_rgw_admin] = get_mock_rgw
diff --git a/app/tests/crud/test_bucket_permission.py b/app/tests/crud/test_bucket_permission.py
index d58307ebaa5da519438412c578dc1eb2661be29c..75099b7aaf5d528050153dcd45a07e69e6fec7fa 100644
--- a/app/tests/crud/test_bucket_permission.py
+++ b/app/tests/crud/test_bucket_permission.py
@@ -10,7 +10,7 @@ from app.models.bucket import Bucket
from app.models.bucket_permission import BucketPermission as BucketPermissionDB
from app.models.bucket_permission import PermissionEnum
from app.models.user import User
-from app.schemas.bucket_permission import BucketPermission as BucketPermissionSchema
+from app.schemas.bucket_permission import BucketPermissionIn as BucketPermissionSchema
from app.schemas.bucket_permission import BucketPermissionParameters as BucketPermissionParametersSchema
@@ -132,7 +132,7 @@ class TestBucketPermissionCRUDCreate:
----------
db : sqlalchemy.ext.asyncio.AsyncSession.
Async database session to perform query on. pytest fixture.
- random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermission
+ random_bucket_permission_schema : app.schemas.bucket_permission.BucketPermissionOut
Bucket permission for a random bucket for testing. pytest fixture.
"""
permission = BucketPermissionSchema(
diff --git a/app/tests/crud/test_user.py b/app/tests/crud/test_user.py
index 46d83dda670099faad10eaa5e6bc4afb221c87ca..9166dda5300a0f3761cc97996b7dbf45b5028e3e 100644
--- a/app/tests/crud/test_user.py
+++ b/app/tests/crud/test_user.py
@@ -1,3 +1,5 @@
+import random
+
import pytest
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy.future import select
@@ -46,7 +48,10 @@ class TestUserCRUD:
assert random_user.display_name == user.display_name
@pytest.mark.asyncio
- async def test_get_unknown_user_by_id(self, db: AsyncSession) -> None:
+ async def test_get_unknown_user_by_id(
+ self,
+ db: AsyncSession,
+ ) -> None:
"""
Test for getting an unknown user by id from the User CRUD Repository.
@@ -57,3 +62,39 @@ class TestUserCRUD:
"""
user = await CRUDUser.get(db, random_lower_string(length=16))
assert user is None
+
+ @pytest.mark.asyncio
+ async def test_search_successful_user_by_name(self, db: AsyncSession, random_user: User) -> None:
+ """
+ Test for searching a user by a substring of his name in the User CRUD Repository.
+
+ Parameters
+ ----------
+ db : sqlalchemy.ext.asyncio.AsyncSession.
+ Async database session to perform query on. pytest fixture.
+ random_user : app.models.user.User
+ Random user for testing. pytest fixture.
+ """
+ substring_indices = [0, 0]
+ while substring_indices[0] == substring_indices[1]:
+ substring_indices = sorted(random.choices(range(len(random_user.display_name)), k=2))
+
+ random_substring = random_user.display_name[substring_indices[0] : substring_indices[1]]
+ users = await CRUDUser.search_for_name(db, random_substring)
+ assert len(users) > 0
+ assert sum(1 for u in users if u.uid == random_user.uid) == 1
+
+ @pytest.mark.asyncio
+ async def test_search_non_existing_user_by_name(self, db: AsyncSession, random_user: User) -> None:
+ """
+ Test for searching a non-existing user by a substring of his name in the User CRUD Repository.
+
+ Parameters
+ ----------
+ db : sqlalchemy.ext.asyncio.AsyncSession.
+ Async database session to perform query on. pytest fixture.
+ random_user : app.models.user.User
+ Random user for testing. pytest fixture.
+ """
+ users = await CRUDUser.search_for_name(db, 2 * random_user.display_name)
+ assert sum(1 for u in users if u.uid == random_user.uid) == 0
diff --git a/app/tests/mocks/mock_s3_resource.py b/app/tests/mocks/mock_s3_resource.py
index a1de1b9c63ed15068362dcd856241369d376340e..3561daaabdd68f2d5994882208f499fe7d894816 100644
--- a/app/tests/mocks/mock_s3_resource.py
+++ b/app/tests/mocks/mock_s3_resource.py
@@ -3,9 +3,45 @@ from datetime import datetime
from botocore.exceptions import ClientError
+class MockS3Object:
+ """
+ Mock S3 object for the boto3 S3Object for testing purposes.
+
+ Attributes
+ ----------
+ key : str
+ Key of the S3 object.
+ bucket_name : str
+ Name of the corresponding bucket.
+ """
+
+ def __init__(self, bucket_name: str, key: str) -> None:
+ """
+ Initialize a MockS3Object.
+
+ Parameters
+ ----------
+ bucket_name : str
+ Name of the corresponding bucket.
+ key : str
+ Key of the S3 object.
+ """
+ self.key = key
+ self.bucket_name = bucket_name
+ self.content_type = "text/plain"
+
+ def __repr__(self) -> str:
+ return f"MockS3Object(key={self.key}, bucket={self.bucket_name})"
+
+
class MockS3ObjectSummary:
"""
- Mock S3 object for the boto3 S3ObjectSummary for testing purposes.
+ Mock S3 object summary for the boto3 S3ObjectSummary for testing purposes.
+
+ Functions
+ ---------
+ Object() -> MockS3Object
+ Save a new bucket policy.
Attributes
----------
@@ -38,6 +74,17 @@ class MockS3ObjectSummary:
def __repr__(self) -> str:
return f"MockS3ObjectSummary(key={self.key}, bucket={self.bucket_name})"
+ def Object(self) -> MockS3Object:
+ """
+ Get the S3 Object from the summary.
+
+ Returns
+ -------
+ sObject : app.tests.mocks.mock_s3_resource.MockS3Object
+ The corresponding S3Object.
+ """
+ return MockS3Object(self.bucket_name, self.key)
+
class MockS3BucketPolicy:
"""
diff --git a/app/tests/unit/test_bucket_permission_scheme.py b/app/tests/unit/test_bucket_permission_scheme.py
index b0d237752806e07b0cd3afb9754acd0c06bc8c77..817b149361d82b8b1bdc373c59292400eaa64dae 100644
--- a/app/tests/unit/test_bucket_permission_scheme.py
+++ b/app/tests/unit/test_bucket_permission_scheme.py
@@ -3,29 +3,29 @@ from datetime import datetime
import pytest
from app.models.bucket_permission import PermissionEnum
-from app.schemas.bucket_permission import BucketPermission
+from app.schemas.bucket_permission import BucketPermissionIn
from app.tests.utils.utils import random_lower_string
class _TestPermissionPolicy:
@pytest.fixture(scope="function")
- def random_base_permission(self) -> BucketPermission:
+ def random_base_permission(self) -> BucketPermissionIn:
"""
Generate a base READ bucket permission schema.
"""
- return BucketPermission(
+ return BucketPermissionIn(
uid=random_lower_string(), bucket_name=random_lower_string(), permission=PermissionEnum.READ
)
class TestPermissionPolicyPermissionType(_TestPermissionPolicy):
- def test_READ_permission(self, random_base_permission: BucketPermission) -> None:
+ def test_READ_permission(self, random_base_permission: BucketPermissionIn) -> None:
"""
Test for converting a READ Permission into a bucket policy statement.
Parameters
----------
- random_base_permission : app.schemas.bucket_permission.BucketPermission
+ random_base_permission : app.schemas.bucket_permission.BucketPermissionOut
Random base bucket permission for testing. pytest fixture.
"""
uid = random_lower_string()
@@ -52,13 +52,13 @@ class TestPermissionPolicyPermissionType(_TestPermissionPolicy):
assert len(bucket_stmt["Action"]) == 1
assert bucket_stmt["Action"][0] == "s3:ListBucket"
- def test_WRITE_permission(self, random_base_permission: BucketPermission) -> None:
+ def test_WRITE_permission(self, random_base_permission: BucketPermissionIn) -> None:
"""
Test for converting a WRITE Permission into a bucket policy statement.
Parameters
----------
- random_base_permission : app.schemas.bucket_permission.BucketPermission
+ random_base_permission : app.schemas.bucket_permission.BucketPermissionOut
Random base bucket permission for testing. pytest fixture.
"""
random_base_permission.permission = PermissionEnum.WRITE
@@ -72,13 +72,13 @@ class TestPermissionPolicyPermissionType(_TestPermissionPolicy):
assert "s3:PutObject" in object_stmt["Action"]
assert "s3:DeleteObject" in object_stmt["Action"]
- def test_READWRITE_permission(self, random_base_permission: BucketPermission) -> None:
+ def test_READWRITE_permission(self, random_base_permission: BucketPermissionIn) -> None:
"""
Test for converting a READWRITE Permission into a bucket policy statement.
Parameters
----------
- random_base_permission : app.schemas.bucket_permission.BucketPermission
+ random_base_permission : app.schemas.bucket_permission.BucketPermissionOut
Random base bucket permission for testing. pytest fixture.
"""
random_base_permission.permission = PermissionEnum.READWRITE
@@ -101,13 +101,13 @@ class TestPermissionPolicyPermissionType(_TestPermissionPolicy):
class TestPermissionPolicyCondition(_TestPermissionPolicy):
- def test_to_timestamp_condition(self, random_base_permission: BucketPermission) -> None:
+ def test_to_timestamp_condition(self, random_base_permission: BucketPermissionIn) -> None:
"""
Test for converting a READ Permission with end time condition into a bucket policy statement.
Parameters
----------
- random_base_permission : app.schemas.bucket_permission.BucketPermission
+ random_base_permission : app.schemas.bucket_permission.BucketPermissionOut
Random base bucket permission for testing. pytest fixture.
"""
time = datetime.now()
@@ -128,13 +128,13 @@ class TestPermissionPolicyCondition(_TestPermissionPolicy):
with pytest.raises(KeyError):
assert bucket_stmt["Condition"]["DateGreaterThan"]
- def test_from_timestamp_condition(self, random_base_permission: BucketPermission) -> None:
+ def test_from_timestamp_condition(self, random_base_permission: BucketPermissionIn) -> None:
"""
Test for converting a READ Permission with start time condition into a bucket policy statement.
Parameters
----------
- random_base_permission : app.schemas.bucket_permission.BucketPermission
+ random_base_permission : app.schemas.bucket_permission.BucketPermissionOut
Random base bucket permission for testing. pytest fixture.
"""
time = datetime.now()
@@ -155,13 +155,13 @@ class TestPermissionPolicyCondition(_TestPermissionPolicy):
with pytest.raises(KeyError):
assert bucket_stmt["Condition"]["DateLessThan"]
- def test_file_prefix_condition(self, random_base_permission: BucketPermission) -> None:
+ def test_file_prefix_condition(self, random_base_permission: BucketPermissionIn) -> None:
"""
Test for converting a READ Permission with file prefix condition into a bucket policy statement.
Parameters
----------
- random_base_permission : app.schemas.bucket_permission.BucketPermission
+ random_base_permission : app.schemas.bucket_permission.BucketPermissionOut
Random base bucket permission for testing. pytest fixture.
"""
random_base_permission.file_prefix = random_lower_string(length=8) + "/" + random_lower_string(length=8) + "/"
diff --git a/requirements-dev.txt b/requirements-dev.txt
index abaace2b4f54833c12926357630abb9b01bd9bea..9ee5b04147344ef7f7a2644d3cb6e328e4ab1b7a 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -1,18 +1,18 @@
# test packages
-pytest>=7.1.0,<7.2.0
-pytest-asyncio>=0.18.0,<0.19.0
-pytest-cov>=3.0.0,<3.1.0
-coverage[toml]>=6.4.0,<6.5.0
+pytest>=7.2.0,<7.3.0
+pytest-asyncio>=0.20.0,<0.21.0
+pytest-cov>=4.0.0,<4.1.0
+coverage[toml]>=6.5.0,<6.6.0
# Linters
-flake8>=4.0.0,<4.1.0
-autoflake>=1.4.0,<1.5.0
-black>=22.3.0,<22.4.0
+flake8>=5.0.0,<5.1.0
+autoflake>=1.7.0,<1.8.0
+black>=22.10.0,<22.11.0
isort>=5.10.0,<5.11.0
-mypy>=0.960,<0.970
+mypy>=0.990,<0.999
# stubs for mypy
-boto3-stubs-lite[s3]>=1.24.0,<1.25.0
+boto3-stubs-lite[s3]>=1.26.0,<1.27.0
sqlalchemy2-stubs
types-requests
# Miscellaneous
-pre-commit>=2.19.0,<2.20.0
+pre-commit>=2.20.0,<2.21.0
python-dotenv
diff --git a/requirements.txt b/requirements.txt
index 479abb18700bd0e22e366a663be00acbd292388f..6b971d09cda581e1ffc33fa2b30a881f3d7b9947 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,19 +1,19 @@
# Webserver packages
-anyio>=3.5.0,<3.6.0
-fastapi>=0.79.0,<0.80.0
+anyio>=3.6.0,<3.7.0
+fastapi>=0.87.0,<0.88.0
pydantic>=1.9.0,<2.0.0
-uvicorn>=0.17.0,<0.18.0
+uvicorn>=0.19.0,<0.20.0
# Database packages
PyMySQL>=1.0.2,<1.1.0
SQLAlchemy>=1.4.0,<1.5.0
-alembic>=1.7.0,<1.8.0
+alembic>=1.8.0,<1.9.0
aiomysql>=0.1.0,<0.2.0
# Security packages
-authlib
+authlib>=1.1.0,<1.2.0
# Ceph and S3 packages
-boto3>=1.24.0,<1.25.0
+boto3>=1.26.0,<1.27.0
rgwadmin>=2.3.0,<2.4.0
# Miscellaneous
-tenacity>=8.0.0,<8.1.0
+tenacity>=8.1.0,<8.2.0
httpx>=0.23.0,<0.24.0
itsdangerous
diff --git a/traefik_dev/routes.toml b/traefik_dev/routes.toml
index 666c1886a9e84a17746a94405ef094d2bd404046..eee1645616c5e125ab533fadbea1c78ebc6072d3 100644
--- a/traefik_dev/routes.toml
+++ b/traefik_dev/routes.toml
@@ -3,18 +3,17 @@
[http.middlewares.api-stripprefix.stripPrefix]
prefixes = ["/api"]
[http.middlewares.cors-header.headers]
- accessControlAllowMethods= ["GET", "OPTIONS", "PUT", "POST"]
+ accessControlAllowMethods= ["GET", "OPTIONS", "PUT", "POST", "DELETE"]
accessControlAllowOriginList = ["http://localhost:9999"]
- accessControlAllowHeaders = ["amz-sdk-invocation-id","amz-sdk-request","authorization","content-type","x-amz-content-sha256","x-amz-date","x-amz-user-agent"]
+ accessControlAllowHeaders = ["amz-sdk-invocation-id","amz-sdk-request","authorization","content-type","x-amz-content-sha256","x-amz-copy-source","x-amz-date","x-amz-user-agent", "content-md5"]
accessControlExposeHeaders = ["Etag"]
accessControlMaxAge = 100
addVaryHeader = true
isDevelopment = true
- [http.middlewares.testHeader.headers.customRequestHeaders]
- X-Script-Name = "test" # Adds
+ [http.middlewares.cors-header.headers.customResponseHeaders]
+ Content-Disposition = "attachment"
[http.routers]
-
[http.routers.api-http]
entryPoints = ["http"]
service = "proxyapi"
@@ -31,7 +30,6 @@
rule = "!PathPrefix(`/api`)"
[http.services]
-
[http.services.proxyapi]
[http.services.proxyapi.loadBalancer]
[[http.services.proxyapi.loadBalancer.servers]]
@@ -44,4 +42,8 @@
[http.services.rgw]
[http.services.rgw.loadBalancer]
[[http.services.rgw.loadBalancer.servers]]
- url = "http://192.168.192.102:8000"
+ url = "http://192.168.192.102:8000/"
+ [[http.services.rgw.loadBalancer.servers]]
+ url = "http://192.168.192.118:8000/"
+ [http.services.rgw.loadBalancer.healthCheck]
+ path = "/"