Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store remote dataset credentials separately #6646

Merged
merged 41 commits into from
Jan 17, 2023
Merged

Store remote dataset credentials separately #6646

merged 41 commits into from
Jan 17, 2023

Conversation

frcroth
Copy link
Member

@frcroth frcroth commented Nov 17, 2022
edited
Loading

URL of deployed dev instance (used for testing):

Steps to test:

  • Add a dataset with credentials (S3 or HTTP Basic Auth) via exploration
  • Test that the dataset can be viewed
  • Test that the following other scenarios are still possible
    • Viewing a dataset without credentials
    • Viewing a dataset with legacy credentials in the json
  • Test the POST route to create a credential (This route is currently not used)

TODO

  • Do not put passwords in log (this is currently the case because the body of the rpc request is printed)
  • cache bucket providers – they are no longer vals in layer, but now defs, so there might be new ones created all the time (I can do this –@fm3)

Issues:

(Please delete unneeded items, merge only when none are left open)

@frcroth frcroth marked this pull request as draft November 17, 2022 11:07
@frcroth
Copy link
Member Author

frcroth commented Dec 5, 2022
edited
Loading

Waiting for #6679 to fix the s3 file system.

@frcroth frcroth mentioned this pull request Dec 13, 2022
Closed
@fm3 fm3 mentioned this pull request Dec 15, 2022
Merged
1 task
@frcroth frcroth changed the title WIP: Store credentials separately Store credentials separately Dec 19, 2022
@frcroth frcroth requested a review from fm3 December 19, 2022 13:29
@frcroth frcroth marked this pull request as ready for review December 19, 2022 13:29
@fm3 fm3 changed the title Store credentials separately Store remote dataset credentials separately Jan 2, 2023
fm3
fm3 requested changes Jan 3, 2023
View reviewed changes
Copy link
Member

@fm3 fm3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool stuff, works really well :) I added a few refactoring comments, but nothing major.

app/models/binary/credential/Credential.scala Outdated Show resolved Hide resolved
app/models/binary/credential/Credential.scala Outdated

private def parseAnyCredential(r: CredentialsRow): Fox[AnyCredential] =
r.`type` match {
case "HTTP_Basic_Auth" =>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could possibly use the CredentialType enum values (with toString if needed) to avoid bare unnamed strings here.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

[error]       case CredentialType.HTTP_Basic_Auth.toString => parseAsHttpBasicAuthCredential(r)
[error]                                           ^
[error] /home/felix/scm/webknossos/app/models/binary/credential/CredentialDAO.scala:68:41: stable identifier required, but CredentialType.S3_Access_Key.toString found.
[error]       case CredentialType.S3_Access_Key.toString   => parseAsS3AccessKeyCredential(r)

app/models/binary/credential/Credential.scala Outdated Show resolved Hide resolved
app/models/binary/explore/ExploreRemoteLayerService.scala Outdated Show resolved Hide resolved
app/models/binary/explore/ExploreRemoteLayerService.scala Outdated Show resolved Hide resolved
...sos-datastore/app/com/scalableminds/webknossos/datastore/storage/FileSystemCredentials.scala Show resolved Hide resolved
@frcroth frcroth requested a review from fm3 January 5, 2023 13:27
fm3
fm3 approved these changes Jan 10, 2023
View reviewed changes
Copy link
Member

@fm3 fm3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM :) Please have a look at the merge conflicts, including evolution numbering.

Note that refresh-schema will delete the stored credentials for local datasets, so streaming test datasets become unusable then. I’m not sure how to manage this for our local development. May not be a serious problem. The old format still works, right? So maybe we could manually edit the json for a local dataset to include the credentials again, to keep it locally for testing across schema refreshs.

@bulldozer-boy bulldozer-boy bot merged commit 209921a into master Jan 17, 2023
@bulldozer-boy bulldozer-boy bot deleted the store-credentials-separately branch January 17, 2023 10:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fm3 fm3 fm3 approved these changes

Assignees

@frcroth frcroth

Labels
automerge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Store and manage credentials separate from datasets
2 participants
@frcroth @fm3