Skip to content
Snippets Groups Projects
Commit 87f06be9 authored by Daniel Göbel's avatar Daniel Göbel
Browse files

Merge branch 'feature/18-miscellaneous-improvements' into 'development' 

Miscellaneous Improvents to clean up the code/repository

See merge request denbi/object-storage-access!11
parents 0de330a9 c5250201
No related branches found
No related tags found
2 merge requests!11Miscellaneous Improvents to clean up the code/repository,!6First working version
Pipeline #24586 passed
Stage: test
Hide whitespace changes
Inline Side-by-side
Showing
with 87 additions and 165 deletions
ProxyAPI/.dockerignore .dockerignore
+ 2
0
View file @ 87f06be9
......@@ -13,3 +13,5 @@ app/tests
figures/
oidc_dev_example
oidc_dev/
traefik_dev
ceph
ProxyAPI/.flake8 .flake8
+ 0
0
View file @ 87f06be9
File moved
ProxyAPI/.gitignore .gitignore
+ 1
0
View file @ 87f06be9
......@@ -7,3 +7,4 @@ venv/
ENV/
.coverage
oidc_dev/
traefik
.gitlab-ci.yml
+ 9
12
View file @ 87f06be9
......@@ -2,8 +2,7 @@ image: python:3.10-slim
variables:
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
BASE_DIR: "$CI_PROJECT_DIR/ProxyAPI"
PYTHONPATH: "$CI_PROJECT_DIR/ProxyAPI"
PYTHONPATH: "$CI_PROJECT_DIR"
OBJECT_GATEWAY_URI: "http://127.0.0.1:8000"
CEPH_ACCESS_KEY: ""
CEPH_SECRET_KEY: ""
......@@ -21,7 +20,6 @@ before_script:
- pip install virtualenv
- virtualenv venv
- source venv/bin/activate
- cd $BASE_DIR
- python -m pip install -r requirements.txt
- python -m pip install -r requirements-dev.txt
......@@ -60,9 +58,9 @@ integration-test-job: # Runs integration tests with the database
- mv .coverage coverage-integration
artifacts:
paths:
- $BASE_DIR/coverage-integration/.coverage
- $CI_PROJECT_DIR/coverage-integration/.coverage
reports:
junit: $BASE_DIR/integration-report.xml
junit: $CI_PROJECT_DIR/integration-report.xml
e2e-test-job: # Runs e2e tests on the API endpoints
stage: test
......@@ -97,9 +95,9 @@ e2e-test-job: # Runs e2e tests on the API endpoints
- mv .coverage coverage-e2e
artifacts:
paths:
- $BASE_DIR/coverage-e2e/.coverage
- $CI_PROJECT_DIR/coverage-e2e/.coverage
reports:
junit: $BASE_DIR/e2e-report.xml
junit: $CI_PROJECT_DIR/e2e-report.xml
unit-test-job: # Runs unit tests
stage: test
......@@ -109,9 +107,9 @@ unit-test-job: # Runs unit tests
- mv .coverage coverage-unit
artifacts:
paths:
- $BASE_DIR/coverage-unit/.coverage
- $CI_PROJECT_DIR/coverage-unit/.coverage
reports:
junit: $BASE_DIR/unit-report.xml
junit: $CI_PROJECT_DIR/unit-report.xml
combine-test-coverage-job: # Combine coverage reports from different test jobs
stage: test
......@@ -123,10 +121,9 @@ combine-test-coverage-job: # Combine coverage reports from different test jobs
- job: "unit-test-job"
artifacts: true
script:
- coverage combine coverage-e2e/.coverage coverage-integration/.coverage coverage-unit
- coverage combine coverage-e2e/.coverage coverage-integration/.coverage coverage-unit/.coverage
- coverage report
- cd ..
- coverage xml --data-file=$BASE_DIR/.coverage -o coverage.xml
- coverage xml --data-file=$CI_PROJECT_DIR/.coverage -o coverage.xml
coverage: '/(?i)total.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/'
artifacts:
reports:
......
ProxyAPI/.pre-commit-config.yaml .pre-commit-config.yaml
+ 6
11
View file @ 87f06be9
......@@ -5,38 +5,33 @@ repos:
rev: v4.2.0
hooks:
- id: end-of-file-fixer
files: ProxyAPI
- id: check-added-large-files
files: ProxyAPI
- id: check-toml
- id: check-docstring-first
files: ProxyAPI
- id: detect-private-key
- id: trailing-whitespace
- id: check-yaml
- id: debug-statements
files: ProxyAPI
- id: check-merge-conflict
- id: check-ast
files: ProxyAPI
- repo: https://github.com/psf/black
rev: 22.3.0
hooks:
- id: black
files: ProxyAPI/app
files: app
args: [--check]
- repo: https://github.com/PyCQA/flake8
rev: 4.0.1
hooks:
- id: flake8
files: ProxyAPI/app
args: [--config=ProxyAPI/.flake8]
files: app
args: [--config=.flake8]
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v0.960
hooks:
- id: mypy
files: ProxyAPI/app
args: [--config=ProxyAPI/pyproject.toml]
files: app
args: [--config=pyproject.toml]
additional_dependencies:
- sqlalchemy2-stubs
- boto3-stubs-lite[s3]
......@@ -47,5 +42,5 @@ repos:
rev: 5.10.1
hooks:
- id: isort
files: ProxyAPI/app
files: app
args: [-c]
ProxyAPI/README.md DEVELOPING.md
+ 22
51
View file @ 87f06be9
# S3 Proxy API
## Description
Openstack is shipping with an integrated UI to access the Object Store provided by ceph. Unfortunately, this UI does not allow
fine-grained control who can access a bucket or object. You can either make it accessible for everyone or nobody, but
Ceph can do this and much more. 👎
This is the backend for a new UI which can leverage the additional powerful functionality provided by Ceph in a
user-friendly manner. 👍
| Feature | Openstack Integration | New UI |
|-----------------------------|:---------------------:|:------:|
| Create / Delete Buckets UI | ✅ | ✅ |
| Create / Delete Buckets CLI | ✅ | ❌ |
| Upload / Download Objects | ✅ | ✅ |
| Fine-grained Access Control | ❌ | ✅ |
### Concept
![Visualization of Concept](figures/cloud_object_storage.svg)
## Environment Variables
### Mandatory / Recommended Variables
| Variable | Default | Value | Description |
|----------------------|---------|-----------------------|---------------------------------------|
| `SECRET_KEY` | random | \<random key> | Secret key to sign JWT |
| `DB_HOST` | unset | <db hostname / IP> | IP or Hostname Adress of DB |
| `DB_PORT` | 3306 | Number | Port of the database |
| `DB_USER` | unset | \<db username> | Username of the database user |
| `DB_PASSWORD` | unset | \<db password> | Password of the database user |
| `DB_DATABASE` | unset | \<db name> | Name of the database |
| `OBJECT_GATEWAY_URI` | unset | HTTP URL | HTTP URL of the Ceph Object Gateway |
| `CEPH_ACCESS_KEY` | unset | \<access key> | Ceph access key with admin privileges |
| `CEPH_SECRET_KEY` | unset | \<secret key> | Ceph secret key with admin privileges |
| `OIDC_CLIENT_ID` | unset | \<OIDC client id> | Client ID from the OIDC provider |
| `OIDC_CLIENT_SECRET` | unset | \<OIDC client secret> | Client Secret from the OIDC provider |
| `OIDC_BASE_URI` | unset | HTTP URL | HTTP URL of the OIDC Provider |
### Optional Variables
| Variable | Default | Value | Description |
|-----------------------------|-------------------------------------|-----------------------------|---------------------------------------------------------------------------------------|
| `DOMAIN` | `localhost` | string | Domain under which the service will be hosted. |
| `API_PREFIX` | `/api` | URL path | Prefix before every URL path |
| `JWT_TOKEN_EXPIRE_MINUTES` | 8 days | number | Minutes till a JWT expires |
| `BACKEND_CORS_ORIGINS` | `[]` | json formatted list of urls | List of valid CORS origins |
| `SQLALCHEMY_VERBOSE_LOGGER` | `false` | `<"true"&#x7c;"false">` | Enables verbose SQL output.<br>Should be `false` in production |
| `OIDC_META_INFO_PATH` | `/.well-known/openid-configuration` | URL path | Path to the OIDC configuration file<br> Will be concatenated with the `OIDC_BASE_URI` |
## Development Setup
### Python Setup 🐍
......@@ -79,7 +30,10 @@ pre-commit install
### Ceph Setup
For how to set up a ceph cluster or how to connect to an existing one see
the [documentation in the ceph folder](../ceph/README.md).
the [documentation in the ceph folder](ceph/README.md).
A user with `user` capabilities should be created, e.g.<br>
`radosgw-admin user create --uid=myadmin --caps="users=*"`
### Database Setup
#### Dev database
......@@ -117,7 +71,7 @@ docker run --name proxyapi_testdb \
```
### Dev OIDC Provider Setup
To avoid the complex process of connecting the local machine with the LifeScience AAI Dev server, a simple [OIDC provider](https://github.com/Soluto/oidc-server-mock)
To avoid the complex process of connecting the local machine with the LifeScience AAI Test server, a simple [OIDC provider](https://github.com/Soluto/oidc-server-mock)
can be setup with Docker.<br>
Copy the `oidc_dev_example` directory to `oidc_dev`
```shell
......@@ -143,6 +97,23 @@ docker run --name proxyapi_oidc_provider \
```
Set the env variables `OIDC_BASE_URI` to `http://localhost:8002` and `OIDC_CLIENT_SECRET` / `OIDC_CLIENT_ID` to their appropriate value.
### Reverse Proxy Setup
The `API_PREFIX` is handles on the level of the reverse proxy. This simplifies the routing in the code and the cooperation with the [Frontend](https://gitlab.ub.uni-bielefeld.de/denbi/object-storage-access-ui).
An simple Traefik reverse proxy configuration is stored in the repository.
[Traefik](https://traefik.io/) is a reverse Proxy written in Go.
To use it, download the [`traefik`](https://github.com/traefik/traefik/releases) binary and start it with
```shell
cd traefik_dev
/path/to/binary/traefik --configFile=traefik.toml
```
The provided configuration does the following things
* It forwards all request to http://localhost:9999/api/* to http://localhost:8080 (this backend)
* It strips the prefix `/api` before it forwards the request to the backend
* All other request will be forwarded to http://localhost:5173, the corresponding dev [Frontend](https://gitlab.ub.uni-bielefeld.de/denbi/object-storage-access-ui)
You don't have to use Traefik for that. You can use any reverse proxy for this task, like [Caddy](https://caddyserver.com/), [HAProxy](https://www.haproxy.org/) or [nginx](https://nginx.org/en/).<br>
### Run Dev Server
Export all necessary environment variables or create a `.env` file.<br>
Run the dev server with live reload after changes
......
ProxyAPI/Dockerfile Dockerfile
+ 1
1
View file @ 87f06be9
......@@ -7,7 +7,7 @@ EXPOSE 80
RUN apt-get update && apt-get -y install dumb-init curl
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
HEALTHCHECK --interval=35s --timeout=4s CMD curl -f http://localhost/api/health || exit 1
HEALTHCHECK --interval=35s --timeout=4s CMD curl -f http://localhost/health || exit 1
COPY requirements.txt ./requirements.txt
......
README.md
+ 46
90
View file @ 87f06be9
# Object Storage Access
## Getting started
To make it easy for you to get started with GitLab, here's a list of recommended next steps.
Already a pro? Just edit this README.md and make it your own. Want to make it easy? [Use the template at the bottom](#editing-this-readme)!
## Add your files
- [ ] [Create](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-file) or [upload](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#upload-a-file) files
- [ ] [Add files using the command line](https://docs.gitlab.com/ee/gitlab-basics/add-file.html#add-a-file-using-the-command-line) or push an existing Git repository with the following command:
```
cd existing_repo
git remote add origin https://gitlab.ub.uni-bielefeld.de/denbi/object-storage-access.git
git branch -M main
git push -uf origin main
```
## Integrate with your tools
- [ ] [Set up project integrations](https://gitlab.ub.uni-bielefeld.de/denbi/object-storage-access/-/settings/integrations)
## Collaborate with your team
- [ ] [Invite team members and collaborators](https://docs.gitlab.com/ee/user/project/members/)
- [ ] [Create a new merge request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html)
- [ ] [Automatically close issues from merge requests](https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#closing-issues-automatically)
- [ ] [Enable merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/)
- [ ] [Automatically merge when pipeline succeeds](https://docs.gitlab.com/ee/user/project/merge_requests/merge_when_pipeline_succeeds.html)
## Test and Deploy
Use the built-in continuous integration in GitLab.
- [ ] [Get started with GitLab CI/CD](https://docs.gitlab.com/ee/ci/quick_start/index.html)
- [ ] [Analyze your code for known vulnerabilities with Static Application Security Testing(SAST)](https://docs.gitlab.com/ee/user/application_security/sast/)
- [ ] [Deploy to Kubernetes, Amazon EC2, or Amazon ECS using Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/requirements.html)
- [ ] [Use pull-based deployments for improved Kubernetes management](https://docs.gitlab.com/ee/user/clusters/agent/)
- [ ] [Set up protected environments](https://docs.gitlab.com/ee/ci/environments/protected_environments.html)
***
# Editing this README
When you're ready to make this README your own, just edit this file and use the handy template below (or feel free to structure it however you want - this is just a starting point!). Thank you to [makeareadme.com](https://www.makeareadme.com/) for this template.
## Suggestions for a good README
Every project is different, so consider which of these sections apply to yours. The sections used in the template are suggestions for most open source projects. Also keep in mind that while a README can be too long and detailed, too long is better than too short. If you think your README is too long, consider utilizing another form of documentation rather than cutting out information.
## Name
Choose a self-explaining name for your project.
# S3 Proxy API
## Description
Let people know what your project can do specifically. Provide context and add a link to any reference visitors might be unfamiliar with. A list of Features or a Background subsection can also be added here. If there are alternatives to your project, this is a good place to list differentiating factors.
## Badges
On some READMEs, you may see small images that convey metadata, such as whether or not all the tests are passing for the project. You can use Shields to add some to your README. Many services also have instructions for adding a badge.
## Visuals
Depending on what you are making, it can be a good idea to include screenshots or even a video (you'll frequently see GIFs rather than actual videos). Tools like ttygif can help, but check out Asciinema for a more sophisticated method.
## Installation
Within a particular ecosystem, there may be a common way of installing things, such as using Yarn, NuGet, or Homebrew. However, consider the possibility that whoever is reading your README is a novice and would like more guidance. Listing specific steps helps remove ambiguity and gets people to using your project as quickly as possible. If it only runs in a specific context like a particular programming language version or operating system or has dependencies that have to be installed manually, also add a Requirements subsection.
## Usage
Use examples liberally, and show the expected output if you can. It's helpful to have inline the smallest example of usage that you can demonstrate, while providing links to more sophisticated examples if they are too long to reasonably include in the README.
## Support
Tell people where they can go to for help. It can be any combination of an issue tracker, a chat room, an email address, etc.
## Roadmap
If you have ideas for releases in the future, it is a good idea to list them in the README.
## Contributing
State if you are open to contributions and what your requirements are for accepting them.
For people who want to make changes to your project, it's helpful to have some documentation on how to get started. Perhaps there is a script that they should run or some environment variables that they need to set. Make these steps explicit. These instructions could also be useful to your future self.
You can also document commands to lint the code or run tests. These steps help to ensure high code quality and reduce the likelihood that the changes inadvertently break something. Having instructions for running tests is especially helpful if it requires external setup, such as starting a Selenium server for testing in a browser.
## Authors and acknowledgment
Show your appreciation to those who have contributed to the project.
## License
For open source projects, say how it is licensed.
## Project status
If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.
Openstack is shipping with an integrated UI to access the Object Store provided by ceph. Unfortunately, this UI does not allow
fine-grained control who can access a bucket or object. You can either make it accessible for everyone or nobody, but
Ceph can do this and much more. 👎
This is the backend for a new UI which can leverage the additional powerful functionality provided by Ceph in a
user-friendly manner. 👍
| Feature | Openstack Integration | New UI |
|-----------------------------|:---------------------:|:------:|
| Create / Delete Buckets UI | ✅ | ✅ |
| Create / Delete Buckets CLI | ✅ | ❌ |
| Upload / Download Objects | ✅ | ✅ |
| Fine-grained Access Control | ❌ | ✅ |
### Concept
![Visualization of Concept](figures/cloud_object_storage.svg)
## Environment Variables
### Mandatory / Recommended Variables
| Variable | Default | Value | Description |
|----------------------|---------|-----------------------|---------------------------------------|
| `SECRET_KEY` | random | \<random key> | Secret key to sign JWT |
| `DB_HOST` | unset | <db hostname / IP> | IP or Hostname Adress of DB |
| `DB_PORT` | 3306 | Number | Port of the database |
| `DB_USER` | unset | \<db username> | Username of the database user |
| `DB_PASSWORD` | unset | \<db password> | Password of the database user |
| `DB_DATABASE` | unset | \<db name> | Name of the database |
| `OBJECT_GATEWAY_URI` | unset | HTTP URL | HTTP URL of the Ceph Object Gateway |
| `CEPH_ACCESS_KEY` | unset | \<access key> | Ceph access key with admin privileges |
| `CEPH_SECRET_KEY` | unset | \<secret key> | Ceph secret key with admin privileges |
| `OIDC_CLIENT_ID` | unset | \<OIDC client id> | Client ID from the OIDC provider |
| `OIDC_CLIENT_SECRET` | unset | \<OIDC client secret> | Client Secret from the OIDC provider |
| `OIDC_BASE_URI` | unset | HTTP URL | HTTP URL of the OIDC Provider |
### Optional Variables
| Variable | Default | Value | Description |
|-----------------------------|-------------------------------------|-----------------------------|---------------------------------------------------------------------------------------|
| `DOMAIN` | `localhost` | string | Domain under which the service will be hosted. |
| `API_PREFIX` | `/api` | URL path | Prefix before every URL path |
| `JWT_TOKEN_EXPIRE_MINUTES` | 8 days | number | Minutes till a JWT expires |
| `BACKEND_CORS_ORIGINS` | `[]` | json formatted list of urls | List of valid CORS origins |
| `SQLALCHEMY_VERBOSE_LOGGER` | `false` | `<"true"&#x7c;"false">` | Enables verbose SQL output.<br>Should be `false` in production |
| `OIDC_META_INFO_PATH` | `/.well-known/openid-configuration` | URL path | Path to the OIDC configuration file<br> Will be concatenated with the `OIDC_BASE_URI` |
ProxyAPI/alembic.ini alembic.ini
+ 0
0
View file @ 87f06be9
File moved
ProxyAPI/alembic/README alembic/README
+ 0
0
View file @ 87f06be9
File moved
ProxyAPI/alembic/env.py alembic/env.py
+ 0
0
View file @ 87f06be9
File moved
ProxyAPI/alembic/script.py.mako alembic/script.py.mako
+ 0
0
View file @ 87f06be9
File moved
ProxyAPI/app/__init__.py app/__init__.py
+ 0
0
View file @ 87f06be9
File moved
ProxyAPI/app/api/__init__.py app/api/__init__.py
+ 0
0
View file @ 87f06be9
File moved
ProxyAPI/app/api/api.py app/api/api.py
+ 0
0
View file @ 87f06be9
File moved
ProxyAPI/app/api/dependencies.py app/api/dependencies.py
+ 0
0
View file @ 87f06be9
File moved
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment