Skip to content

Commit

Permalink
Merge pull request #7895 from atsareg/tokenmanager-notornado-2
Browse files Browse the repository at this point in the history
[8.0] Standard naming for TokenManager service classes
  • Loading branch information
fstagni authored Nov 19, 2024
2 parents b90332c + 69aaf5c commit 6504d15
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 9 deletions.
14 changes: 14 additions & 0 deletions src/DIRAC/FrameworkSystem/ConfigTemplate.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,20 @@ Services
##BEGIN TokenManager:
# Section to describe TokenManager system
TokenManager
{
Port = 9181
# Description of rules for access to methods
Authorization
{
# Settings by default:
Default = authenticated
getUsersTokensInfo = ProxyManagement
}
}
##END
##BEGIN TornadoTokenManager:
# Section to describe TokenManager system
TornadoTokenManager
{
Protocol = https
# Description of rules for access to methods
Expand Down
8 changes: 3 additions & 5 deletions src/DIRAC/FrameworkSystem/Service/TokenManagerHandler.py
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
"""TokenManager service is a HTTPs-exposed service responsible for token management, namely storing, updating,
"""TokenManager service is responsible for token management, namely storing, updating,
requesting new tokens for DIRAC components that have the appropriate permissions.
.. note:: As a newly created service, it will not support the old DIPS protocol, which is living to its age.
.. literalinclude:: ../ConfigTemplate.cfg
:start-after: ##BEGIN TokenManager:
:end-before: ##END
Expand Down Expand Up @@ -32,14 +30,14 @@

from DIRAC import S_OK, S_ERROR
from DIRAC.Core.Security import Properties
from DIRAC.Core.Tornado.Server.TornadoService import TornadoService
from DIRAC.FrameworkSystem.DB.TokenDB import TokenDB
from DIRAC.ConfigurationSystem.Client.Helpers import Registry
from DIRAC.Resources.IdProvider.IdProviderFactory import IdProviderFactory
from DIRAC.FrameworkSystem.Utilities.TokenManagementUtilities import (
getIdProviderClient,
getCachedKey,
)
from DIRAC.Core.DISET.RequestHandler import RequestHandler


class TokenManagerHandlerMixin:
Expand Down Expand Up @@ -284,5 +282,5 @@ def export_getTokensByUserID(self, userID: str):
return self.__tokenDB.getTokensByUserID(userID)


class TokenManagerHandler(TokenManagerHandlerMixin, TornadoService):
class TokenManagerHandler(TokenManagerHandlerMixin, RequestHandler):
pass
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
"""TokenManager service is responsible for token management, namely storing, updating,
"""TornadoTokenManager service is a HTTPs-exposed service responsible for token management, namely storing, updating,
requesting new tokens for DIRAC components that have the appropriate permissions.
.. literalinclude:: ../ConfigTemplate.cfg
Expand All @@ -15,7 +15,7 @@
:alt: https://dirac.readthedocs.io/en/integration/_images/TokenManager_getToken.png (source https://github.com/TaykYoku/DIRACIMGS/raw/main/TokenManagerService_getToken.ai)
The client has a mechanism for caching the received tokens.
This helps reduce the number of requests to both the service and the Identity Provider (IdP).
This helps reducing the number of requests to both the service and the Identity Provider (IdP).
If the client has a valid **access token** in the cache, it is used until it expires.
After that you need to update. The client can update it independently if on the server where it is in ``dirac.cfg``
Expand All @@ -26,9 +26,9 @@
is taken and the **exchange token** request to Identity Provider is made.
"""

from DIRAC.Core.DISET.RequestHandler import RequestHandler
from DIRAC.Core.Tornado.Server.TornadoService import TornadoService
from DIRAC.FrameworkSystem.Service.TokenManagerHandler import TokenManagerHandlerMixin


class DisetTokenManagerHandler(TokenManagerHandlerMixin, RequestHandler):
class TornadoTokenManagerHandler(TokenManagerHandlerMixin, TornadoService):
pass

0 comments on commit 6504d15

Please sign in to comment.