-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dac 472 update geoserver post magpie integration #35
Dac 472 update geoserver post magpie integration #35
Conversation
…em, and for a permission change on Magpie
…st to validate the associated method
…rmissions on filesystem
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## master #35 +/- ##
==========================================
+ Coverage 84.73% 86.28% +1.55%
==========================================
Files 40 40
Lines 2528 2793 +265
Branches 376 429 +53
==========================================
+ Hits 2142 2410 +268
+ Misses 282 269 -13
- Partials 104 114 +10
☔ View full report in Codecov by Sentry. |
…ver files/folders are owned by the admin user
@fmigneault Updated with latest feedback, or responses added to some comments. Should be ready for a new review. There are errors from snyk and pyup for which I am not sure what to do. For snyk, it found 6 issues, it says they are introduced from magpie 0.1.0 and come from tornado and markdown2. Not sure I know what to do with those. I don't see those dependencies in my magpie environment though, and I'm not sure why it mentions the version 0.1.0 here. For pyup, it mentions a security issue in celery 5.2.7, which I had to use specifically for testing with py3.7. This is because later versions require the use of kombu>=5.3.0, but kombu 5.3.0 seems to have dropped support for python 3.7 as it is reaching end-of-life next week (ref here). Not sure how to fix this. I'm wondering if we should just leave the security issue warning for now. The security issue seems to be related to the use of github workflows on their repo, so I'm not sure if this really has an impact on us (related PR) |
…vice types (#336) ## Overview In the cowbird `config.yml.template` file: the `wps_outputs` and `weaver` keys are supposed to be Magpie service types, not magpie service names. This causes all cowbird hooks to fail with: ``` cowbird.config.ConfigErrorInvalidServiceKey: Service `weaver` used in sync config is not valid since it was not found in Magpie services (['access', 'api', 'geoserver', 'geoserverwfs', 'geoserverwms', 'geoserverwps', 'ncwms', 'thredds', 'wfs', 'wps']). ``` This fix is already implemented in #323 but since that is waiting on Ouranosinc/cowbird#35 to get pulled in, this PR factors out the bugfix that isn't dependent on the cowbird PR. This allows us to fix this configuration bug in the meantime ## Changes **Non-breaking changes** None (bug fix) **Breaking changes** None ## Related Issue / Discussion ## Additional Information
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a few comment to address, but feature-wise seems to be ready.
For the Snyk analysis, it references magpie:0.1.0
(not sure how it resolves that since you added @3.34.0
). Does this actually work? I think with a git+https
, you might need to add #egg=magpie
at the end to help guide it with the package name. If it this raise, then we will just ignore the irrelevant Snyk issues.
For pyup, it indicates a security issue that would require celery[mongodb]>5.2.7,<6
.
This PR is big enough, so it can be done in a separate one.
Ready for a new review. Also, I tried adding the |
@ChaamC |
PR to add support to the new cases added to `Cowbird`, relates to [cowbird PR #35](Ouranosinc/cowbird#35). ## Changes - Add Magpie webhook definitions for permission creation and deletion cases to be processed by Cowbird. - Add `USER_WORKSPACE_UID` and `USER_WORKSPACE_GID` env variables to manage ownership of the user workspaces used by Cowbird, JupyterHub and others. - Update `magpie` service from [3.31.0](https:/Ouranosinc/Magpie/tree/3.31.0) to [3.34.0](https:/Ouranosinc/Magpie/tree/3.34.0) - Update `cowbird` service from [1.1.1](https:/Ouranosinc/cowbird/tree/1.1.1) to [1.2.0](https:/Ouranosinc/cowbird/tree/1.2.0) ## Fixes - Fixes #120
Resolves DAC-472
This PR adds permission synchronization between
Magpie
's permissions andGeoserver
files permissions :If a new shapefile is added to the
Geoserver
user folder, its file permissions is synchronized withMagpie
, creating the required resources and corresponding permissions inMagpie
.If a permissions is changed on
Magpie
, the event is sent toCowbird
, to update the actual file permissions in theGeoserver
user folder.If any
Magpie
permission from theLAYER_READ_PERMISSIONS
is allowed for a user, the corresponding file/folder is made readable. Same thing for anyMagpie
permission from theLAYER_WRITE_PERMISSIONS
, which makes the file/folder writable.If any of the different files from a shapefile is readable and/or writable for the user, all the files of the shapefile are considered readable and/or writable and are updated as so. The corresponding resource on
Magpie
should have all the readable and/or writable permissions allowed for the user, if the shapefile is readable and/or writable.For this PR, the workspace name is assumed to be the name of a user. To be determined in the future if we want to support other type of workspaces.
For this PR, permission changes on a group do not do anything, since workspaces are assumed to be organized per user only.
For now, nothing is done if a folder is manually created (see TODO in
geoserver.py::Geoserver::on_created()
). We assume having a workspace (folder) per user, and the workspaces are already created and added toGeoserver
upon the user creation. Also, shapefiles are assumed to always in the same directory, at the same level, as it was already the case before this PR.Relates to bird-house/birdhouse-deploy#323 which adds support to the new added cases here.
Relates to bird-house/birdhouse-deploy#120