Merge pull request #3928 from brianhlin/retire-ospool-protected

Retire /ospool/PROTECTED (INF-1883) and ITB S3 origins
opensciencegrid · May 29, 2024 · 4c95f19 · 4c95f19
2 parents e03caf2 + 1ae9ac9
commit 4c95f19
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 69 deletions.
diff --git a/src/tests/test_api.py b/src/tests/test_api.py
@@ -203,7 +203,7 @@ def test_institution_accept_type(self, client: flask.Flask):
 
 
     def test_origin_grid_mapfile(self, client: flask.Flask):
-        TEST_ORIGIN = "origin-auth2001.chtc.wisc.edu"  # This origin serves protected data
+        TEST_ORIGIN = "ap20.uc.osg-htc.org"  # This origin serves protected data
         response = client.get("/origin/grid-mapfile")
         assert response.status_code == 400  # fqdn not specified
 

diff --git a/src/tests/test_stashcache.py b/src/tests/test_stashcache.py
@@ -201,7 +201,7 @@ def test_origin_grid_mapfile_nohost(self, client: flask.Flask):
             assert EMPTY_LINE_REGEX.match(line), f'Unexpected text "{line}".\nFull text:\n{text}\n'
 
     def test_origin_grid_mapfile_with_host(self, client: flask.Flask):
-        text = stashcache.generate_origin_grid_mapfile(global_data, "origin-auth2001.chtc.wisc.edu",
+        text = stashcache.generate_origin_grid_mapfile(global_data, "ap20.uc.osg-htc.org",
                                                        suppress_errors=False)
         num_mappings = 0
         for line in text.split("\n"):

diff --git a/topology/University of Wisconsin/CHTC/CHTC-ITB.yaml b/topology/University of Wisconsin/CHTC/CHTC-ITB.yaml
@@ -311,7 +311,7 @@ Resources:
         Description: OSG VO backfill containers on the Tiger cluster, serving the ITB pool
 
   CHTC-ITB-S3-AWS-EAST-ORIGIN:
-    Active: true
+    Active: false
     Description: >-
       This is an origin used for demonstrating integration with AWS
       East S3 buckets
@@ -343,7 +343,7 @@ Resources:
       - OSG
 
   CHTC-ITB-S3-AWS-WEST-ORIGIN:
-    Active: true
+    Active: false
     Description: >-
       This is an origin used for demonstrating integration with AWS
       West S3 buckets

diff --git a/topology/University of Wisconsin/CHTC/CHTC_OSPOOL.yaml b/topology/University of Wisconsin/CHTC/CHTC_OSPOOL.yaml
@@ -5,7 +5,7 @@ GroupID: 1125
 
 Resources:
   CHTC_OSPOOL_ORIGIN:
-    Active: true
+    Active: false
     Description: Authenticated origin server for OSPool Users at UW-Madison
     ID: 1194
     ContactLists:

diff --git a/virtual-organizations/OSG.yaml b/virtual-organizations/OSG.yaml
@@ -117,70 +117,6 @@ DataFederations:
         AllowedCaches:
           - ANY
 
-      # HACK: enormous hack to get us going on a demo
-      # https://opensciencegrid.atlassian.net/browse/SOFTWARE-5398
-      # FIXME: rip this out after the demo
-      # TODO: Redesign namespace interface (take 3?). See commit body
-      # for considerations.
-
-      # NOTE: The SciTokens blocks for Issuer "https://osg-htc.org/ospool" must be the same
-      # between the paths /ospool/PROTECTED, /s3.amazonaws.com/us-east-1, and
-      # /s3.amazonaws.com/us-west-1 below or we will see problems.
-      # See c3524138ac8d46eee2a3c33cb75fac50acab41c4 for more information.
-
-      - Path: /ospool/PROTECTED
-        Authorizations:
-          - SciTokens:
-              Issuer: https://osg-htc.org/ospool
-              Base Path: /ospool/PROTECTED,/s3.amazonaws.com/us-east-1,/s3.amazonaws.com/us-west-1
-              Map Subject: True
-        AllowedOrigins:
-          - CHTC_OSPOOL_ORIGIN
-        AllowedCaches:
-          - ANY
-        Writeback: https://origin-auth2001.chtc.wisc.edu:1095
-        DirList: https://origin-auth2001.chtc.wisc.edu:1095
-        CredentialGeneration:
-          Strategy: OAuth2
-          Issuer: https://osg-htc.org/ospool
-          MaxScopeDepth: 4
-
-      - Path: /s3.amazonaws.com/us-east-1
-        Authorizations:
-          - PUBLIC
-          - SciTokens:
-              Issuer: https://osg-htc.org/ospool
-              Base Path: /ospool/PROTECTED,/s3.amazonaws.com/us-east-1,/s3.amazonaws.com/us-west-1
-              Map Subject: True
-        AllowedOrigins:
-          - CHTC-ITB-S3-AWS-EAST-ORIGIN
-        AllowedCaches:
-          - ANY
-        Writeback: https://s3-us-east-1.osgdev.chtc.io:1095
-        DirList: https://s3-us-east-1.osgdev.chtc.io:1095
-
-      - Path: /s3.amazonaws.com/us-west-1
-        Authorizations:
-          - PUBLIC
-          - SciTokens:
-              Issuer: https://osg-htc.org/ospool
-              Base Path: /ospool/PROTECTED,/s3.amazonaws.com/us-east-1,/s3.amazonaws.com/us-west-1
-              Map Subject: True
-        AllowedOrigins:
-          - CHTC-ITB-S3-AWS-WEST-ORIGIN
-        AllowedCaches:
-          - ANY
-        Writeback: https://s3-us-west-1.osgdev.chtc.io:1095
-        DirList: https://s3-us-west-1.osgdev.chtc.io:1095
-
-      - Path: /osn-sdsc/us-west-1/bp3d-pelican
-        Authorizations:
-          - PUBLIC
-        AllowedOrigins:
-          - SDSC_NRP_OSDF_S3_ORIGIN
-        AllowedCaches:
-          - ANY
-
       - Path: /nrdstor/protected
         Authorizations:
           - SciTokens: