etna 0.1.32 → 0.1.33

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cb19650be05ef97433ec00556981388436eb54ee48844055218f3ec290b10f3f
-  data.tar.gz: fbbee21325ddd316b4a742bc0cd143cba33c4bce635ad767720ed2d330da5446
+  metadata.gz: 49dacbad5431a0004c77536e600b8f46ee544effb472a459cd9205cb6d3d0aed
+  data.tar.gz: 669d95414188d35adcff630545dde4d49caa43c064a7db3cfc19bf81fba6eff8
 SHA512:
-  metadata.gz: ee5548756441715e1944ced74613ae21f328910c3dcd982d638918f0df432d0ca8ee24b4ac62d7f86b17b3325483635e7e2b2ae750f93b82ef9a5629d925de01
-  data.tar.gz: ce866396a93210565bfc6bd9d5ff1acd69833c3bb9ff55a845e4fbdaad3769b65b0402ee3dc4c0ea937aacb7eac1432b9460ff5612c4344317bd4fcffaec4771
+  metadata.gz: d1089f55be44686e14264f9b0df51b926a1ad758d40944010ca4fee40e69ced8d6be1cdaf452dc9ea6e05ab0fb099b597b6c4746f2bee400b090be4ec7a9ec56
+  data.tar.gz: d28be042a1210b12472a39502fa3ae8164ff4cd0ee3a2e0b552fb2f520ff5863d15cf88e7d66b9776aa6c7ecd54e1795e3527a16bdb5f7e6f860b944a87a20eb

data/etna.completion

@@ -32,7 +32,7 @@ arg_flag_completion_names="$arg_flag_completion_names  "
 multi_flags="$multi_flags  "
 while [[ "$#" != "0" ]]; do
 if [[ "$#" == "1" ]];  then
-all_completion_names="help models project"
+all_completion_names="help models project token"
 all_completion_names="$all_completion_names $all_flag_completion_names"
 if [[ -z "$(echo $all_completion_names | xargs)" ]]; then
 return
@@ -722,6 +722,120 @@ else
 return
 fi
 done
+elif [[ "$1" == "token" ]]; then
+shift
+all_flag_completion_names="$all_flag_completion_names  "
+arg_flag_completion_names="$arg_flag_completion_names  "
+multi_flags="$multi_flags  "
+while [[ "$#" != "0" ]]; do
+if [[ "$#" == "1" ]];  then
+all_completion_names="generate help"
+all_completion_names="$all_completion_names $all_flag_completion_names"
+if [[ -z "$(echo $all_completion_names | xargs)" ]]; then
+return
+fi
+COMPREPLY=($(compgen -W "$all_completion_names" -- "$1"))
+return
+elif [[ "$1" == "generate" ]]; then
+shift
+all_flag_completion_names="$all_flag_completion_names --task --project-name "
+arg_flag_completion_names="$arg_flag_completion_names --project-name "
+multi_flags="$multi_flags  "
+declare _completions_for_project_name="__project_name__"
+while [[ "$#" != "0" ]]; do
+if [[ "$#" == "1" ]];  then
+all_completion_names=""
+all_completion_names="$all_completion_names $all_flag_completion_names"
+if [[ -z "$(echo $all_completion_names | xargs)" ]]; then
+return
+fi
+COMPREPLY=($(compgen -W "$all_completion_names" -- "$1"))
+return
+elif [[ -z "$(echo $all_flag_completion_names | xargs)" ]]; then
+return
+elif [[ "$all_flag_completion_names" =~ $1\  ]]; then
+if ! [[ "$multi_flags" =~ $1\  ]]; then
+all_flag_completion_names="${all_flag_completion_names//$1\ /}"
+fi
+a=$1
+shift
+if [[ "$arg_flag_completion_names" =~ $a\  ]]; then
+if [[ "$#" == "1" ]];  then
+a="${a//--/}"
+a="${a//-/_}"
+i="_completions_for_$a"
+all_completion_names="${!i}"
+COMPREPLY=($(compgen -W "$all_completion_names" -- "$1"))
+return
+fi
+shift
+fi
+else
+return
+fi
+done
+return
+elif [[ "$1" == "help" ]]; then
+shift
+all_flag_completion_names="$all_flag_completion_names  "
+arg_flag_completion_names="$arg_flag_completion_names  "
+multi_flags="$multi_flags  "
+while [[ "$#" != "0" ]]; do
+if [[ "$#" == "1" ]];  then
+all_completion_names=""
+all_completion_names="$all_completion_names $all_flag_completion_names"
+if [[ -z "$(echo $all_completion_names | xargs)" ]]; then
+return
+fi
+COMPREPLY=($(compgen -W "$all_completion_names" -- "$1"))
+return
+elif [[ -z "$(echo $all_flag_completion_names | xargs)" ]]; then
+return
+elif [[ "$all_flag_completion_names" =~ $1\  ]]; then
+if ! [[ "$multi_flags" =~ $1\  ]]; then
+all_flag_completion_names="${all_flag_completion_names//$1\ /}"
+fi
+a=$1
+shift
+if [[ "$arg_flag_completion_names" =~ $a\  ]]; then
+if [[ "$#" == "1" ]];  then
+a="${a//--/}"
+a="${a//-/_}"
+i="_completions_for_$a"
+all_completion_names="${!i}"
+COMPREPLY=($(compgen -W "$all_completion_names" -- "$1"))
+return
+fi
+shift
+fi
+else
+return
+fi
+done
+return
+elif [[ -z "$(echo $all_flag_completion_names | xargs)" ]]; then
+return
+elif [[ "$all_flag_completion_names" =~ $1\  ]]; then
+if ! [[ "$multi_flags" =~ $1\  ]]; then
+all_flag_completion_names="${all_flag_completion_names//$1\ /}"
+fi
+a=$1
+shift
+if [[ "$arg_flag_completion_names" =~ $a\  ]]; then
+if [[ "$#" == "1" ]];  then
+a="${a//--/}"
+a="${a//-/_}"
+i="_completions_for_$a"
+all_completion_names="${!i}"
+COMPREPLY=($(compgen -W "$all_completion_names" -- "$1"))
+return
+fi
+shift
+fi
+else
+return
+fi
+done
 elif [[ -z "$(echo $all_flag_completion_names | xargs)" ]]; then
 return
 elif [[ "$all_flag_completion_names" =~ $1\  ]]; then

data/lib/commands.rb

@@ -91,6 +91,36 @@ class EtnaApp
   class Administrate
     include Etna::CommandExecutor
 
+    class Token
+      include Etna::CommandExecutor
+
+      class Generate < Etna::Command
+        include WithLogger
+
+        boolean_flags << "--task"
+        string_flags << "--project-name"
+        string_flags << "--email"
+
+        def execute(email:, task: false, project_name: nil)
+          # the token is not required, but can be used if available
+          # to generate a task token, so we pass it in here
+          janus_client = Etna::Clients::Janus.new(
+            token: ENV['TOKEN'],
+            ignore_ssl: EtnaApp.instance.config(:ignore_ssl),
+            **EtnaApp.instance.config(:janus, EtnaApp.instance.environment))
+
+          generate_token_workflow = Etna::Clients::Janus::GenerateTokenWorkflow.new(
+            janus_client: janus_client,
+            token_type: task ? 'task' : 'login',
+            email: email,
+            project_name: project_name,
+            private_key_file: EtnaApp.instance.config(:private_key, EtnaApp.instance.environment)
+          )
+          generate_token_workflow.generate!
+        end
+      end
+    end
+
     class Project
       include Etna::CommandExecutor
 

data/lib/etna/auth.rb

@@ -70,6 +70,29 @@ module Etna
       return route && route.noauth?
     end
 
+    def janus_approved?(payload, token, request)
+      route = server.find_route(request)
+
+      # some routes don't need janus approval
+      return true if route && route.ignore_janus?
+
+      # only process task tokens right now
+      return true unless payload['task']
+
+      return false unless application.config(:janus) && application.config(:janus)[:host]
+
+      janus_client = Etna::Clients::Janus.new(
+        token: token,
+        host: application.config(:janus)[:host]
+      )
+
+      response = janus_client.validate_task_token()
+
+      return false unless response.code == '200'
+
+      return true
+    end
+
     def approve_user(request)
       token = request.cookies[application.config(:token_name)] || auth(request, :etna)
 
@@ -77,6 +100,8 @@ module Etna
 
       begin
         payload, header = application.sign.jwt_decode(token)
+
+        return false unless janus_approved?(payload, token, request)
         return request.env['etna.user'] = Etna::User.new(payload.map{|k,v| [k.to_sym, v]}.to_h, token)
       rescue
         # bail out if anything goes wrong

data/lib/etna/client.rb

@@ -17,6 +17,13 @@ module Etna
 
     attr_reader :routes
 
+    def with_headers(headers, &block)
+      @request_headers = headers.compact
+      result = instance_eval(&block)
+      @request_headers = nil
+      return result
+    end
+
     def signed_route_path(route, params)
       path = route_path(route,params)
 
@@ -111,7 +118,7 @@ module Etna
 
     def body_request(type, endpoint, params = {}, &block)
       uri = request_uri(endpoint)
-      req = type.new(uri.request_uri, request_params)
+      req = type.new(uri.request_uri, request_headers)
       req.body = params.to_json
       request(uri, req, &block)
     end
@@ -124,7 +131,7 @@ module Etna
       else
         uri.query = URI.encode_www_form(params)
       end
-      req = type.new(uri.request_uri, request_params)
+      req = type.new(uri.request_uri, request_headers)
       request(uri, req, &block)
     end
 
@@ -132,12 +139,14 @@ module Etna
       URI("#{@host}#{endpoint}")
     end
 
-    def request_params
+    def request_headers
       {
           'Content-Type' => 'application/json',
           'Accept' => 'application/json, text/*',
           'Authorization' => "Etna #{@token}"
-      }
+      }.update(
+        @request_headers || {}
+      )
     end
 
     def status_check!(response)

data/lib/etna/clients/base_client.rb

@@ -8,10 +8,9 @@ module Etna
       attr_reader :host, :token, :ignore_ssl
       def initialize(host:, token:, ignore_ssl: false)
         raise "#{self.class.name} client configuration is missing host." unless host
-        raise "#{self.class.name} client configuration is missing token." unless token
 
         @token = token
-        raise "Your token is expired." if token_expired?
+        raise "Your token is expired." if token && token_expired?
 
         @etna_client = ::Etna::Client.new(
           host,
@@ -36,4 +35,4 @@ module Etna
       end
     end
   end
-end
+end

data/lib/etna/clients/janus.rb

@@ -1,2 +1,3 @@
 require_relative './janus/client'
 require_relative './janus/models'
+require_relative './janus/workflows'

data/lib/etna/clients/janus/client.rb

@@ -57,6 +57,25 @@ module Etna
 
         TokenResponse.new(token)
       end
+
+      def validate_task_token(validate_task_token_request = ValidateTaskTokenRequest.new)
+        token = nil
+        @etna_client.post('/api/tokens/task/validate', validate_task_token_request)
+      end
+
+      def get_nonce
+        @etna_client.get('/api/tokens/nonce').body
+      end
+
+      def generate_token(token_type, signed_nonce: nil, project_name: nil)
+        response = @etna_client.with_headers(
+          'Authorization' => signed_nonce ? "Signed-Nonce #{signed_nonce}" : nil
+        ) do
+          post('/api/tokens/generate', token_type: token_type, project_name: project_name)
+        end
+
+        response.body
+      end
     end
   end
 end

data/lib/etna/clients/janus/models.rb

@@ -51,6 +51,12 @@ module Etna
         end
       end
 
+      class ValidateTaskTokenRequest
+        def map
+          []
+        end
+      end
+
       class HtmlResponse
         attr_reader :raw
 
@@ -76,4 +82,4 @@ module Etna
       end
     end
   end
-end
+end

data/lib/etna/clients/janus/workflows.rb

@@ -0,0 +1 @@
+require_relative './workflows/generate_token_workflow'

data/lib/etna/clients/janus/workflows/generate_token_workflow.rb

@@ -0,0 +1,77 @@
+# Base workflow for setting up a project by a super user.
+# 1) Creates the project in janus
+# 2) Adds administrator(s) to Janus
+# 3) Refreshes the user's token with the new privileges.
+# 4) Creates the project in .
+
+require 'base64'
+require 'json'
+require 'ostruct'
+require_relative '../models'
+
+module Etna
+  module Clients
+    class Janus
+      class GenerateTokenWorkflow < Struct.new(:janus_client, :email, :project_name, :token_type, :private_key_file, keyword_init: true)
+        def generate!
+          nonce = janus_client.get_nonce
+
+          unless email
+            puts "Email address for #{janus_client.host} account?"
+            email = STDIN.gets.chomp
+          end
+
+          if use_nonce?
+            until private_key_file
+              puts "Location of private key file?"
+              private_key_file = ::File.expand_path(STDIN.gets.chomp)
+              unless File.exists?(private_key_file)
+                puts "No such file."
+                private_key_file = nil
+              end
+            end
+          end
+
+          if needs_project_name?
+            puts "Project name?"
+            project_name = STDIN.gets.chomp
+          end
+          
+          token = janus_client.generate_token(token_type, signed_nonce: use_nonce? ? signed_nonce(nonce) : nil, project_name: project_name)
+
+          puts token
+        end
+
+        private
+
+        def signed_nonce(nonce)
+          private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file))
+
+          txt_to_sign = "#{nonce}.#{Base64.strict_encode64(email)}"
+
+          sig = Base64.strict_encode64(
+            private_key.sign(OpenSSL::Digest::SHA256.new,txt_to_sign)
+          )
+
+          "#{txt_to_sign}.#{sig}"
+        end
+
+        def use_nonce?
+          !task_token? || !janus_client.token
+        end
+
+        def needs_project_name?
+          task_token? && !project_name
+        end
+
+        def task_token?
+          token_type == 'task'
+        end
+
+        def user
+          @user ||= JSON.parse(Base64.urlsafe_decode64(magma_client.token.split('.')[1]))
+        end
+      end
+    end
+  end
+end

data/lib/etna/clients/magma/workflows/file_linking_workflow.rb

@@ -95,7 +95,9 @@ module Etna
             file_path = ::File.dirname(file_path)
             {attribute_name => "https://metis.ucsf.edu/#{project_name}/browse/#{bucket_name}/#{file_path}"}
           else
-            {attribute_name => {path: "metis://#{project_name}/#{bucket_name}/#{file_path}"}}
+            {attribute_name => {
+              path: "metis://#{project_name}/#{bucket_name}/#{file_path}",
+              original_filename: File.basename(file_path)}}
           end
         end
 

data/lib/etna/command.rb

@@ -203,6 +203,7 @@ module Etna
       @subcommands ||= self.class.constants.sort.reduce({}) do |acc, n|
         acc.tap do
           c = self.class.const_get(n)
+          next unless c.respond_to?(:instance_methods)
           next unless c.instance_methods.include?(:find_command)
           v = c.new(self)
           acc[v.command_name] = v

data/lib/etna/directed_graph.rb

@@ -7,6 +7,59 @@ class DirectedGraph
   attr_reader :children
   attr_reader :parents
 
+  def full_parentage(n)
+    [].tap do |result|
+      q = @parents[n].keys.dup
+      seen = Set.new
+
+      until q.empty?
+        n = q.shift
+        next if seen.include?(n)
+        seen.add(n)
+
+        result << n
+        q.push(*@parents[n].keys)
+      end
+
+      result.uniq!
+    end
+  end
+
+  def as_normalized_hash(root, include_root = true)
+    q = [root]
+    {}.tap do |result|
+      if include_root
+        result[root] = []
+      end
+
+      seen = Set.new
+
+      until q.empty?
+        n = q.shift
+        next if seen.include?(n)
+        seen.add(n)
+
+        parentage = full_parentage(n)
+
+        @children[n].keys.each do |child_node|
+          q << child_node
+
+          if result.include?(n)
+            result[n] << child_node
+          end
+
+          parentage.each do |grandparent|
+            result[grandparent] << child_node if result.include?(grandparent)
+          end
+
+          result[child_node] = []
+        end
+      end
+
+      result.values.each(&:uniq!)
+    end
+  end
+
   def add_connection(parent, child)
     children = @children[parent] ||= {}
     child_children = @children[child] ||= {}
@@ -18,12 +71,13 @@ class DirectedGraph
     parents[parent] = parent_parents
   end
 
-  def serialized_path_from(root)
+  def serialized_path_from(root, include_root = true)
     seen = Set.new
     [].tap do |result|
-      result << root
+      result << root if include_root
       seen.add(root)
-      path_q = paths_from(root)
+      path_q = paths_from(root, include_root)
+      traversables = path_q.flatten
 
       until path_q.empty?
         next_path = path_q.shift
@@ -34,7 +88,7 @@ class DirectedGraph
           next if next_n.nil?
           next if seen.include?(next_n)
 
-          if @parents[next_n].keys.any? { |p| !seen.include?(p) }
+          if @parents[next_n].keys.any? { |p| !seen.include?(p) && traversables.include?(p) }
             next_path.unshift(next_n)
             path_q.push(next_path)
             break
@@ -47,9 +101,9 @@ class DirectedGraph
     end
   end
 
-  def paths_from(root)
+  def paths_from(root, include_root = true)
     [].tap do |result|
-      parents_of_map = descendants(root)
+      parents_of_map = descendants(root, include_root)
       seen = Set.new
 
       parents_of_map.to_a.sort_by { |k, parents| [-parents.length, k.inspect] }.each do |k, parents|
@@ -68,7 +122,7 @@ class DirectedGraph
     end
   end
 
-  def descendants(parent)
+  def descendants(parent, include_root = true)
     seen = Set.new
 
     seen.add(parent)
@@ -90,7 +144,7 @@ class DirectedGraph
     while child = queue.pop
       next if seen.include? child
       seen.add(child)
-      path = (paths[child] ||= [parent])
+      path = (paths[child] ||= (include_root ? [parent] : []))
 
       @children[child].keys.each do |child_child|
         queue.push child_child

data/lib/etna/route.rb

@@ -91,6 +91,10 @@ module Etna
       @auth && @auth[:noauth]
     end
 
+    def ignore_janus?
+      @auth && @auth[:ignore_janus]
+    end
+
     private
 
     def application

data/lib/helpers.rb

@@ -57,9 +57,9 @@ module WithEtnaClients
         **EtnaApp.instance.config(:metis, environment) || {})
   end
 
-  def janus_client
+  def janus_client(opts={})
     @janus_client ||= Etna::Clients::Janus.new(
-        token: token,
+        token: opts.has_key?(:token) ? opts[:token] : token,
         ignore_ssl: EtnaApp.instance.config(:ignore_ssl),
         **EtnaApp.instance.config(:janus, environment) || {})
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: etna
 version: !ruby/object:Gem::Version
-  version: 0.1.32
+  version: 0.1.33
 platform: ruby
 authors:
 - Saurabh Asthana
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-05 00:00:00.000000000 Z
+date: 2021-04-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -94,20 +94,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: concurrent-ruby-ext
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 description: See summary
 email: Saurabh.Asthana@ucsf.edu
 executables:
@@ -131,6 +117,8 @@ files:
 - lib/etna/clients/janus.rb
 - lib/etna/clients/janus/client.rb
 - lib/etna/clients/janus/models.rb
+- lib/etna/clients/janus/workflows.rb
+- lib/etna/clients/janus/workflows/generate_token_workflow.rb
 - lib/etna/clients/magma.rb
 - lib/etna/clients/magma/client.rb
 - lib/etna/clients/magma/formatting.rb