From 2934cd34570696441befa9464e6d54e1327ec78f Mon Sep 17 00:00:00 2001 From: Brian Lin Date: Wed, 29 May 2024 10:31:31 -0500 Subject: [PATCH 1/3] Retire /ospool/PROTECTED (INF-1883) --- .../CHTC/CHTC_OSPOOL.yaml | 2 +- virtual-organizations/OSG.yaml | 28 ------------------- 2 files changed, 1 insertion(+), 29 deletions(-) diff --git a/topology/University of Wisconsin/CHTC/CHTC_OSPOOL.yaml b/topology/University of Wisconsin/CHTC/CHTC_OSPOOL.yaml index 732dd235c..1b8571bac 100644 --- a/topology/University of Wisconsin/CHTC/CHTC_OSPOOL.yaml +++ b/topology/University of Wisconsin/CHTC/CHTC_OSPOOL.yaml @@ -5,7 +5,7 @@ GroupID: 1125 Resources: CHTC_OSPOOL_ORIGIN: - Active: true + Active: false Description: Authenticated origin server for OSPool Users at UW-Madison ID: 1194 ContactLists: diff --git a/virtual-organizations/OSG.yaml b/virtual-organizations/OSG.yaml index b612ea1e7..0f8413d44 100644 --- a/virtual-organizations/OSG.yaml +++ b/virtual-organizations/OSG.yaml @@ -117,34 +117,6 @@ DataFederations: AllowedCaches: - ANY - # HACK: enormous hack to get us going on a demo - # https://opensciencegrid.atlassian.net/browse/SOFTWARE-5398 - # FIXME: rip this out after the demo - # TODO: Redesign namespace interface (take 3?). See commit body - # for considerations. - - # NOTE: The SciTokens blocks for Issuer "https://osg-htc.org/ospool" must be the same - # between the paths /ospool/PROTECTED, /s3.amazonaws.com/us-east-1, and - # /s3.amazonaws.com/us-west-1 below or we will see problems. - # See c3524138ac8d46eee2a3c33cb75fac50acab41c4 for more information. - - - Path: /ospool/PROTECTED - Authorizations: - - SciTokens: - Issuer: https://osg-htc.org/ospool - Base Path: /ospool/PROTECTED,/s3.amazonaws.com/us-east-1,/s3.amazonaws.com/us-west-1 - Map Subject: True - AllowedOrigins: - - CHTC_OSPOOL_ORIGIN - AllowedCaches: - - ANY - Writeback: https://origin-auth2001.chtc.wisc.edu:1095 - DirList: https://origin-auth2001.chtc.wisc.edu:1095 - CredentialGeneration: - Strategy: OAuth2 - Issuer: https://osg-htc.org/ospool - MaxScopeDepth: 4 - - Path: /s3.amazonaws.com/us-east-1 Authorizations: - PUBLIC From 0b5b5777c6e9e59474fa744e11a2680a21a9f3e6 Mon Sep 17 00:00:00 2001 From: Brian Lin Date: Wed, 29 May 2024 10:32:34 -0500 Subject: [PATCH 2/3] Also retire the ITB S3 origins --- .../CHTC/CHTC-ITB.yaml | 4 +-- virtual-organizations/OSG.yaml | 36 ------------------- 2 files changed, 2 insertions(+), 38 deletions(-) diff --git a/topology/University of Wisconsin/CHTC/CHTC-ITB.yaml b/topology/University of Wisconsin/CHTC/CHTC-ITB.yaml index a7af50742..fc6d114db 100644 --- a/topology/University of Wisconsin/CHTC/CHTC-ITB.yaml +++ b/topology/University of Wisconsin/CHTC/CHTC-ITB.yaml @@ -311,7 +311,7 @@ Resources: Description: OSG VO backfill containers on the Tiger cluster, serving the ITB pool CHTC-ITB-S3-AWS-EAST-ORIGIN: - Active: true + Active: false Description: >- This is an origin used for demonstrating integration with AWS East S3 buckets @@ -343,7 +343,7 @@ Resources: - OSG CHTC-ITB-S3-AWS-WEST-ORIGIN: - Active: true + Active: false Description: >- This is an origin used for demonstrating integration with AWS West S3 buckets diff --git a/virtual-organizations/OSG.yaml b/virtual-organizations/OSG.yaml index 0f8413d44..515ef2326 100644 --- a/virtual-organizations/OSG.yaml +++ b/virtual-organizations/OSG.yaml @@ -117,42 +117,6 @@ DataFederations: AllowedCaches: - ANY - - Path: /s3.amazonaws.com/us-east-1 - Authorizations: - - PUBLIC - - SciTokens: - Issuer: https://osg-htc.org/ospool - Base Path: /ospool/PROTECTED,/s3.amazonaws.com/us-east-1,/s3.amazonaws.com/us-west-1 - Map Subject: True - AllowedOrigins: - - CHTC-ITB-S3-AWS-EAST-ORIGIN - AllowedCaches: - - ANY - Writeback: https://s3-us-east-1.osgdev.chtc.io:1095 - DirList: https://s3-us-east-1.osgdev.chtc.io:1095 - - - Path: /s3.amazonaws.com/us-west-1 - Authorizations: - - PUBLIC - - SciTokens: - Issuer: https://osg-htc.org/ospool - Base Path: /ospool/PROTECTED,/s3.amazonaws.com/us-east-1,/s3.amazonaws.com/us-west-1 - Map Subject: True - AllowedOrigins: - - CHTC-ITB-S3-AWS-WEST-ORIGIN - AllowedCaches: - - ANY - Writeback: https://s3-us-west-1.osgdev.chtc.io:1095 - DirList: https://s3-us-west-1.osgdev.chtc.io:1095 - - - Path: /osn-sdsc/us-west-1/bp3d-pelican - Authorizations: - - PUBLIC - AllowedOrigins: - - SDSC_NRP_OSDF_S3_ORIGIN - AllowedCaches: - - ANY - - Path: /nrdstor/protected Authorizations: - SciTokens: From 1ae9ac913bcf43dd155e0688a896c336bfaaf300 Mon Sep 17 00:00:00 2001 From: Brian Lin Date: Wed, 29 May 2024 10:44:03 -0500 Subject: [PATCH 3/3] Use an old-style OSDF origin --- src/tests/test_api.py | 2 +- src/tests/test_stashcache.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/test_api.py b/src/tests/test_api.py index a93672c9b..251b8249c 100644 --- a/src/tests/test_api.py +++ b/src/tests/test_api.py @@ -203,7 +203,7 @@ def test_institution_accept_type(self, client: flask.Flask): def test_origin_grid_mapfile(self, client: flask.Flask): - TEST_ORIGIN = "origin-auth2001.chtc.wisc.edu" # This origin serves protected data + TEST_ORIGIN = "ap20.uc.osg-htc.org" # This origin serves protected data response = client.get("/origin/grid-mapfile") assert response.status_code == 400 # fqdn not specified diff --git a/src/tests/test_stashcache.py b/src/tests/test_stashcache.py index 53c0d1b72..1318dd318 100644 --- a/src/tests/test_stashcache.py +++ b/src/tests/test_stashcache.py @@ -201,7 +201,7 @@ def test_origin_grid_mapfile_nohost(self, client: flask.Flask): assert EMPTY_LINE_REGEX.match(line), f'Unexpected text "{line}".\nFull text:\n{text}\n' def test_origin_grid_mapfile_with_host(self, client: flask.Flask): - text = stashcache.generate_origin_grid_mapfile(global_data, "origin-auth2001.chtc.wisc.edu", + text = stashcache.generate_origin_grid_mapfile(global_data, "ap20.uc.osg-htc.org", suppress_errors=False) num_mappings = 0 for line in text.split("\n"):