From 271af39f3b792de73cf1f6f9ba8da5128b377c37 Mon Sep 17 00:00:00 2001 From: Riad Abdallah Date: Fri, 19 Apr 2024 15:45:15 +0300 Subject: [PATCH 1/3] Add support for sudo and scope options --- mu.rb | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/mu.rb b/mu.rb index 8ee5c4a..c416c02 100644 --- a/mu.rb +++ b/mu.rb @@ -26,13 +26,25 @@ def log @log end - def query(query) + def query(query, **options) log.info "Executing query: #{query}" - sparql_client.query query + @sparql_client = sparql_client(**options) + @sparql_client.query query end - def sparql_client - options = {} + def sparql_client(**options) + if Mu::truthy? options[:sudo] + if Mu::truthy? ENV['ALLOW_MU_AUTH_SUDO'] + options[:headers] = { 'mu-auth-sudo': 'true' } + else + log.error "Error, sudo request but service lacks ALLOW_MU_AUTH_SUDO header" + end + end + if options[:scope] + options[:headers] = { 'mu-auth-sudo': options[:scope] } + elsif ENV['DEFAULT_MU_AUTH_SCOPE'] + options[:headers] = { 'mu-auth-sudo': ENV['DEFAULT_MU_AUTH_SCOPE'] } + end if ENV['MU_SPARQL_TIMEOUT'] options[:read_timeout] = ENV['MU_SPARQL_TIMEOUT'].to_i end @@ -71,9 +83,10 @@ def truthy? value ["true", "yes", "1"].include?(value && value.to_s.downcase) end - def update(query) + def update(query, **options) log.info "Executing query: #{query}" - sparql_client.update query + @sparql_client = sparql_client(**options) + @sparql_client.update query end def update_modified(subject, modified = DateTime.now) From bab6a8d8e9866408b387b6502181e2efab122149 Mon Sep 17 00:00:00 2001 From: Riad Abdallah Date: Fri, 19 Apr 2024 16:04:42 +0300 Subject: [PATCH 2/3] Update README with the required env vars --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 111f7bd..61df052 100644 --- a/README.md +++ b/README.md @@ -278,6 +278,8 @@ The template supports the following environment variables: - `MU_SPARQL_ENDPOINT`: SPARQL endpoint URL. Default: `http://database:8890/sparql` - `MU_SPARQL_TIMEOUT`: timeout (in seconds) for SPARQL queries. Default: 60 seconds. +- `ALLOW_MU_AUTH_SUDO`: Allow sudo queries when the service requests it. +- `DEFAULT_MU_AUTH_SCOPE`: Default mu-auth-scope to use for calls. - `LOG_LEVEL`: the level of logging (default: `info`, values: `debug`, `info`, `warn`, `error`, `fatal`). - `USE_LEGACY_UTILS`: when enabled (using `"true"` or `"yes"`) legacy utils from v2 will be included in the root file so they can be used as before (e.g. `query` instead of `Mu::query`). Default: `"true"` - `PRINT_DEPRECATION_WARNINGS`: Deprecation warnings will be printed for each usage of a legacy util. Default: `"true"`. From 18ce2a1e03caf8a7198155a6bb31dea3570718cc Mon Sep 17 00:00:00 2001 From: Riad Abdallah Date: Sun, 21 Apr 2024 23:25:48 +0300 Subject: [PATCH 3/3] Fix wrong header name --- mu.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mu.rb b/mu.rb index c416c02..42d55b3 100644 --- a/mu.rb +++ b/mu.rb @@ -41,9 +41,9 @@ def sparql_client(**options) end end if options[:scope] - options[:headers] = { 'mu-auth-sudo': options[:scope] } + options[:headers] = { 'mu-auth-scope': options[:scope] } elsif ENV['DEFAULT_MU_AUTH_SCOPE'] - options[:headers] = { 'mu-auth-sudo': ENV['DEFAULT_MU_AUTH_SCOPE'] } + options[:headers] = { 'mu-auth-scope': ENV['DEFAULT_MU_AUTH_SCOPE'] } end if ENV['MU_SPARQL_TIMEOUT'] options[:read_timeout] = ENV['MU_SPARQL_TIMEOUT'].to_i